about length of Password Key & Password Hash

Vabminard

I read the technical overview of Boxcryptor but somethings is not mentioned in the description. As I know PBKDF2 hash function is as below:
DK=PBKDF2(PRF, Password, Salt, C, dklen)
where:
DK: Derived Key
PRF: Pseudo Random Function Like SHA512
C: Number of Iterations
dklen: Length of Output or Length of DK
According to the description, for calculating the password key, Boxcryptor uses 10,000 for "C", 24 byte random data for "Salt" and HMACSHA512 for PRF. but there is no information for length of password key or the length of DK in byte. Thus, I have these questions:
1- what is the length of password key in byte?
2- what is the length of password hash in byte?
3- is the length of Salt for calculating the "password hash" 24 byte?
4- in calculating the "password key" and "password hash", Boxcryptor uses the default iterations ( 10,000 for password key & 5000 for password hash). is it possible for us to change the number of these default iterations? ( for example increase the number of iterations)
5- what is the length of "hash of password hash" which is saved in Boxcryptor's servers in byte?

Thanks in advance for answering my questions

Robert

Hello,

1) The length of the password key is 64 bytes (the first 32 bytes are used for encryption purposes, the second 32 bytes are used for hashing purposes).
2) The length of the password hash is 48 bytes.
3) Yes, the salt length for deriving the password hash is 24 bytes.
4) It is currently not possible for the user to change the number of iterations for the password key or the password hash. Although we do plan to increase these numbers in the future, we do not have a schedule for it and it also depends on other factors (e.g. PBKDF2 in WebCrypto on Safari is still very slow).
5) The length of the "hash of password hash" saved in our database is 36 bytes.

Best regards,
Robert

Vabminard

Dear Robert,
Many thanks for answering my questions. Another question, is the second 32 byte in the password key for hash function in padding procedure? If not, for which hash function?

Sincerely

Robert

Hello,

Various AES keys are basically used for two purposes in Boxcryptor:
1) Encrypt other keys as part of the key management
2) Encrypt file contents

In case 1) - key A encrypts key B - Boxcryptor uses the "encryption part" (first 32 bytes) of key A to encrypt key B and then uses the "hashing part" (second 32 bytes) of key A to create a MAC using HMACSHA256 in "Encrypt-than-MAC" mode in order to guarantee the integrity of the encrypted key B.

In case 2) - as mentioned in the other thread - Boxcryptor does not create any MAC and thus the "hashing part" is simply unused.

Best regards,
Robert

Vabminard

Dear Robert,
Thanks. It remains another question, when we change our password, what happens to the MAC of encrypted key B. Because when we change our password then the 64-byte password key is changed including the second 32-byte part of the password key. Then how Boxcryptor handles the previous MACs with the old 32-byte which was used to create the previous MAC. Does Boxcryptor recalculate the old MACs and update them?

Sincerely

Robert

Hello,

Yes, when you change your password, the private key will be re-encrypted with the new password key and the MAC will also be re-created.

Best regards,
Robert

PUTLOCKERX1

Putlocker is another replacement for 123movies watch free movies to watch movies online for free. However, you will need to register and create an account. Once you have signed up, you can enjoy your favorite movie or show immediately. Currently, Movie25 has 70000+ movies and the number is still growing on a regular basis. The site is quite clean without disturbing directions or ads. Movies are categorized by genres on the homepage for you to browse. Sections like New Releases, Latest Added, Top Rates, Alphabet, Release Year, etc. and a search bar is provided for you to pick your favorite content quickly. If you like Hollywood and Bollywood movies, this site can be your alternative option to 123Movies and it will not let you down.