Password Vault
(format specifications)
*A - Compression: XZ format (LZMA2 compression);
*B - Encryption: Chosen algorithm in EAX mode; Tag size - chosen blockcipher block size or 256 bits max;
*C - Algorithm Codes (encrypted config byte):
• 0 = AES (256 bit)
• 1 = RC6 (256 bit)
• 2 = Serpent (256 bit)
• 4 = Twofish (256 bit)
• 6 = Blowfish (448 bit)
• 7 = Threefish (1024 bit) : (for PRO version)
• 8 = SHACAL-2 (512bit) : (for PRO version)
• 9 = Paranoia C4 (2048 bit) : (for PRO version - cascade of Threefish–Serpent–AES–SHACAL2))
- XORed with 1B key generated for this purpose;
*D - Custom KDF parameters: related to Argon2id; lower 4 bits for t parameter multiplier; higher 4 bits for m; t = tbase * 2^multiplier;
*E - Salt size: Multiplier, where for size in bits applies: size = 64 * 2^multiplier; current default 256 bits;
*F - Salt
*G - Hash: SHA-3 (256 bits) hash of the "DB Format" section; Used only for import purposes;
Notes:
• For cascaded algorithms - the last layer is processed in EAX mode, the others in CTR.
Key Derivation Function
• STEP 1: HKDF(password)
(Skein-1024 based HKDF; Stored in device's RAM during session; 2048 bits;)
• STEP 2: Argon2id(STEP 1, salt)
(New run (new salt) for every single encryption operation; 2048 bits;)
• STEP 3: 3 x HKDF(STEP 2)
(SHA3-512 based HKDF; For encryption key, nonce, config XOR key;)
Notes:
• For cascaded algorithms, a longer key and nonce is generated in step 3, which are then split to get unique key and nonce for each algorithm.
• Characters that are not from ASCII range 32-126 are converted to unicode code point numbers (for example: password "contraseña" equals "contrase241a").
Argon2id Base Parameters:
t = 10
m = 10240 kB
h = 4
S.S.E. 2.0+ Argon2id Parameters Modifiers:
t: 0000b ⇒ t = 10 * 2^0 = 10
m: 0001b ⇒ m = 10240 * 2^1 = 20480 kB
S.S.E. Password Vault - XML File Format
Basic Structure:
<Vault>
<Folder>
<Name>Password Folder 1 Title</Name>
<Comment>Password Folder 1 Comment</Comment>
<Position>1</Position>
<IconCode>-256</IconCode>
<Items>
<Item>
<Name>Password Item 1 Title</Name>
<Password>PASSWORD 1</Password>
<Comment>Password Item 1 Notes</Comment>
<Modified>2014-07-14T10:32:32</Modified>
<IconCode>-256</IconCode>
</Item>
<ExtendedItem>
<Name>Extended Item</Name>
<Account>Paranoia Works</Account>
<Password>password</Password>
<URL>https://paranoiaworks.mobi</URL>
<Comment>note</Comment>
<Modified>2020-01-08T06:05:44</Modified>
<IconCode>-5635841</IconCode>
<CustomElements>
<Element>
<Name>Element Title A</Name>
<Value>Element Value</Value>
</Element>
<Element>
<Name>Element Title B</Name>
<Value>Element Value</Value>
</Element>
</CustomElements>
</ExtendedItem>
</Items>
</Folder>
</Vault>
Notes:
-
Position: It can be empty. If not set, alphabetical order is used.
-
IconCode: It can be empty. Inner DB icon code. If no icon is found for a code, the default icon will be used ("yellow folder icon" for folders, "yellow lock icon" for password items).
-
For more details see the XSD above.
Implementations