[cryptography] Password managers' overview; WAS: LastPass have been hacked, so it seems.

Ondrej Mikle ondrej.mikle at nic.cz
Tue Jun 16 21:31:27 EDT 2015


On 06/16/2015 05:53 PM, John R. Levine wrote:
> Are there any password managers that let the user specify where to
> store a remote copy of the passwords (FTP server, scp, Dropbox,
> whatever) while keeping the crypto and the master password on the end
> devices?

KeePass 2 claims to have synchronization built in
(http://keepass.info/help/v2/sync.html). Requires Mono on non-Windows platforms,
so I haven't tried it. Other password managers require you to use sync tool
(git/dropbox/...) externally:


Multiplatform software password managers (may not have mobile versions):

1) KeepassX (https://www.keepassx.org/) + git/dropbox

KeepassX is probably one of the best multiplatform managers. But you have to add
the synchronization feature manually, either through dropbox or git. Only one
file needs to be synchronized (or one file per password database, if you have
more DBs).

I'd prefer git as synchronization because it gives you history, you can choose
your own server(s) and has conflict resolution abilities in case there is
conflict. With git you can sign tags over the commits to know no one else
modified them.

Dropbox would be for simpler developments ("works out of the box").

Weaknesses:

a) Someone mentioned this for KeePass -
https://news.ycombinator.com/item?id=9727297 - I'd guess it would apply for
KeepassX as well

b) since it's software password manager, malware on local machine can siphon off
all passwords once unlocked


2) Password store (http://www.passwordstore.org/) - see my previous mail


Multiplatform hardware password managers (just deskop versions):

3) TrezorPass - (https://github.com/hiviah/TrezorPass) + git/dropbox

Disclaimer: I wrote this. In theory the design should be safer than
pure-software password managers :-) But in practice it would need audit. And
it's very alpha software, more like proof-of-concept.

How it works: you need Trezor token (http://www.bitcointrezor.com/). Trezor will
act like hardware token for encrypting and decrypting passwords. The encrypted
passwords stay on local disk, not on Trezor (not enough space there).

All encrypted passwords can be protected by PIN and/or passphrase. PIN can never
be sniffed by malware because Trezor displays permuted PINpad.

Each time you need to decrypt a password, you request it from TrezorPass GUI,
then acknowledge by pressing button physically on Trezor which will show you
exactly which password you are going to decrypt. So malware can only sniff those
passwords that you actually use on the infected machine, but not all of them (no
way to protect against sniffing computer's memory).

There's also second RSA key encrypted in the storage to which every password is
encrypted to. It's used as "export all" key and you should use this function
only on malware-less computer for backup purposes. Also of course requires
physical confirmation on Trezor.

Weaknesses:

a) uses AES-CBC instead of AEAD modes, but all of the encrypted passwords are
HMAC-ed in Encrypt-then-MAC order
b) timing side channels, but you need physical posession of Trezor, knowledge of
PIN and passphrase (having those you don't need to do the timing channels actually)

Read more in crypto quirks in
https://github.com/hiviah/TrezorPass/blob/master/README.md

Synchronization: as before, either via git or dropbox

4) USB Armory (http://inversepath.com/usbarmory) no password manager exists yet

This is just a platform that would be very suitable for a hardware password
manager that keeps the encrypted passwords on device itself. Shame it doesn't
have a small display.


  Ondrej


More information about the cryptography mailing list