mobile/Aegis
mobile/Aegis
1
0
Fork 0
mirror of https://github.com/beemdevelopment/Aegis synced 2024-07-09 03:55:49 +00:00
Code Issues Projects Releases Wiki Activity

Abort andOTP import early if number of iterations is suspicious

Browse Source
This commit is contained in:
Alexander Bakker 2022-12-04 20:34:48 +01:00
parent ee6a020f4d
commit 0112431269
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/src/main/java/com/beemdevelopment/aegis/importers/AndOtpImporter.java
View File

@ -123,6 +123,12 @@ public class AndOtpImporter extends DatabaseImporter {
if (iterations < 1) {
throw new DatabaseImporterException(String.format("Invalid number of iterations for PBKDF: %d", iterations));
}
// If number of iterations is this high, it's probably not an andOTP file, so
// abort early in order to prevent having to wait for an extremely long key derivation
// process, only to find out that the user picked the wrong file
if (iterations > 10_000_000L) {
throw new DatabaseImporterException(String.format("Unexpectedly high number of iterations: %d", iterations));
}
byte[] salt = Arrays.copyOfRange(_data, INT_SIZE, INT_SIZE + SALT_SIZE);
return new KeyDerivationParams(password, salt, iterations);