From ba39aef6738f8a1c6ce9ba817cbd99c59eb7a6b0 Mon Sep 17 00:00:00 2001
From: Jaromil <jaromil@dyne.org>
Date: Sun, 23 Nov 2014 15:31:14 +0100
Subject: [PATCH] considerations on password bruteforce vulnerability on
 steghide

---
 KNOWN_BUGS.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/KNOWN_BUGS.md b/KNOWN_BUGS.md
index 7614450..fee8d21 100644
--- a/KNOWN_BUGS.md
+++ b/KNOWN_BUGS.md
@@ -1,3 +1,28 @@
+# Vulnerability to password bruteforcing
+## Issue affecting keys used in steganography
+
+ An important part of Tomb's security model is to *make it hard for
+ attackers to enter in possession of both key and data storage*: once
+ that happens, bruteforcing the password can be relatively easy.
+
+ Protection from bruteforcing is provided by the KDF module that can
+ be optionally compiled in `extras/kdf-keys` and installed.
+
+ If a key is buried in an image and then the image is stolen, the KDF
+ protection does not works because *attackers can bruteforce easily
+ using steghide dictionary attacks*: once found the password is the
+ same for the steg crypto and the key crypto.
+
+ Users should keep in mind these issues when planning their encryption
+ scheme and, when relying on steganography, keep the image always
+ mixed in the same folder with many more images since that will be the
+ multiplier making it slightly harder to bruteforce their password.
+
+ In most cases consider that *password bruteforce is a feasible attack
+ vector on keys*. If there are doubts about a key being compromised is
+ a good practice to change it using the `setkey` command on a secure
+ machine, possibly while off-line or in single user mode.
+
 # Versioning and stdin key
 ## 1.5