This is a dual cipher model with independent keys that uses two ciphers to encrypt the KeePass database doubling the data length with random pad. It follows a method as mentioned by Bruce Schneier in his book "Applied Cryptography".
MultiCipher now supports
- Yubikey HMAC-SHA1 Challenge/Response
- Twofish cipher, thanks to Josip Medved
Please note: The plugin requires version 2.41 of KeePass and will not work with older version of KeePass, however you may open an older version of the MultiCipher encoded KeePass database which will result in an upgrade to this version.
- n... = Plain Text
- n = Plain Text Length in bytes
- b = Block pad length in bytes =
64- n %64(but0if n %64is0) - b... = Unknown bytes of b length
- nb... = Block aligned plain text = n... + b...
- bl = Block length in bytes = n + b
- mb... = Random bytes of length bl
- C = Cipher
- i2 = IV Length in bytes of 2nd Cipher
- M2 = 32 byte Master seed for 2nd cipher
- S2 = 32 byte Random seed for 2nd cipher
- SR = Number of Transformation rounds for Key Derivation Function
- K1 = Master Composite Key provided by KeePass
- K2 = 2nd Composite Key as described below
- K2Opt = Composite Key Generation Option
- Ch = Yubikey HMAC-SHA1 Challenge (Randomly Generated)
| Position | Length (Bytes) | Content |
|---|---|---|
| 0x00 | 0x01 | File Version (2) |
| 0x01 | 0x01 | Sub Version (2) |
| 0x02 | 0x01 | C (First Cipher) |
| 0x03 | 0x01 | C (Second Cipher) |
| 0x04 | 0x01 | K2Opt (See Below) |
If K2Opt is 2
| Position | Length (Bytes) | Content |
|---|---|---|
| 0x05 | 0x01 | Yubikey Slot (1 or 2) |
| 0x06 | 0x01 | Yubikey HMAC-SHA1 Challenge Length (0x3C or 0x40) |
| 0x07 | 0x40 | Ch Always 64 bytes |
| 0x47 | 0x01 | Key Derivation Method (1 - AESKDF) |
| 0x48 | 0x20 | M2 |
| 0x68 | 0x20 | S2 |
| 0x88 | i2 | Random IV bytes for 2nd Cipher |
| 0x88+i2 | 0x08 | SR stored as LittleEndian (defult value 10000 for 2nd Cipher) |
| 0x90+i2 | 0x04 | n stored as LittleEndian |
| 0x94+i2 | bl | Cipher 1 applied on ( nb... XORred with mb... ) |
| 0x94+i2+bl | bl | Cipher 2 applied on ( mb... ) |
If K2Opt is not 2
| Position | Length (Bytes) | Content |
|---|---|---|
| 0x05 | 0x01 | Key Derivation Method (1 - AESKDF) |
| 0x06 | 0x20 | M2 |
| 0x26 | 0x20 | S2 |
| 0x46 | i2 | Random IV bytes for 2nd Cipher |
| 0x46+i2 | 0x08 | SR stored as LittleEndian (defult value 10000 for 2nd Cipher) |
| 0x4E+i2 | 0x04 | n stored as LittleEndian |
| 0x52+i2 | bl | Cipher 1 applied on ( nb... XORred with mb... ) |
| 0x52+i2+bl | bl | Cipher 2 applied on ( mb... ) |
C is defined as
| Byte Value | Algorithm | IV Size (i2) |
|---|---|---|
1 |
AES | 16 |
2 |
3DES | 8 |
3 |
ChaCha20 | 12 |
4 |
Salsa20 | 8 |
5 |
Twofish | 16 |
- Use Symmetric Key provided by KeePass
- Use IV provided by KeePass
K2Opt is defined as
| Byte Value | K2 generated as |
|---|---|
| 0 | Use a second independent password as a composite key |
| 1 | K1 + Key derived from string literal "TR" |
| 2 | Yubikey HMAC-SHA1 on Ch + Key derived from string literal "TR" |
Key Generation Steps
- K2 = As genererated based on K2Opt
- AesKdf = KeePass provided AES Key Derivation Function
- KDFResult = AesKdf on K2 with S2 and SR as parameters
- XORredPlainTextHash = SHA256 of first n bytes of ( nb... XORred with mb... )
- IV is randomly generated
- Symmetric Key is generted by Performing SHA256 on (M2 + KDFResult + XORredPlainTextHash).