Password Manager Discussion.

Discussion in 'other software & services' started by Mayahana, Jan 28, 2015.

  1. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,098
    Location:
    USA
    To date, I've seen nothing that has changed my mind about LastPass since I first decided to move to it a few years ago. I'm still convinced that their model is viable and working as they've defined it. They've been upfront about any bugs and problems. To date, I have no issues with ownership passing to LogMeIn. The free model won't affect me as I plan to remain as a paid customer. Even something as simple as the new GUI of the v4.1 iOS client is much improved over the previous versions. I'm pleased with the current state of things!
     
  2. 142395

    142395 Guest

    As I won't be able to login here for a few days, I'd like to make 'short' clarification now.
    Firstly I'm not specifically criticizing LP nor opposing anyone to use LP, but saying all server-based pwdmgr is vulnerable by design. My point is that although LP had many implementation bugs which they can improve but that is trivial thing as those server-based are fundamentally insecure by design, got it?

    Well, this is a minute thing but Tavis' finding differ on each, he find many serious bugs w/ just a quick look in LP and DashLane, while didn't find any serious one in 1Password, and no finding on KeePass tho he didn't looked its optional plugins.

    I know LP offline but I don't see a reason to use it when there's better one. But didn't know about LP's open sourced CLI tool, so thanks for that and will look into it. However, does using this always is viable? I don't think so and it seems its more for devs who want to implement LP to their apps. And as I already said, being OSS does not guarantee security. Keepass OTOH has been reviewd and audited, always got well score, and will be thoroughly audited by EU experts. It's actually far from perfect, but I use this simply because it's better than others, no fanboyism. And when it comes to crypt software, 'inpsect yourself' only works when you're crypt expert and I'm not. So, sure, I have to rely on others but still I can choose who I trust and why. No 100% is truth, maybe too much truth which don't have sense, I prefer 99.9% to 95%. Anyway, just blindly take what expert said as is is not good practice in general. From your link I admit 100,000 rounds PBKDF2-SHA256 is fairly well, but Mr Gosney's saying 'among the strongest' should mean 'within most services' as Ars mentioned earilier, not 'within reputable crypt systems'. Veracrypt by default use PBKDF2-SHA512 (better against GPU-acceralation than SHA256) w/ 500,000 rounds. Well, KeePass default remains much worse (tho they have interesting draft of adopting Argon2), but anyone who knows how these KDF work know it's not important when you use truly strong password, and anyway I never use default setting. You should read btwn lines of experts' comment and take in context, IOW, he said this for whom and why? Strong KDF is good simply because many ppl use weak password. So LP's choice is reasonalbe as pwdmgr for common ppl, but don't make sense for security geeks. (Also he didn't take FPGA or ASIC attack into account which is faster than GPU attack. It costs more, but what if an attacker has vast resouces?)

    Actually, that is trivial matter too. My threat model is not that, I'm just lazy to explain them. But I believe anyone who learned problems in browser cryptgraphy will at least partly agree there's fundamental limitation which can't easily be cured. We don't know if such attack came true but surely possible by well-resouced attacker. Paranoid? maybe. But it stores (almost) all (part of) my logons.
     
  3. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    Yes, and No. Using a local password database also has drawbacks depending in which environment is used. Do all users keep their system fully under control updated and without vulnerable components? Personally, I don't dare recommending people I know to stay away from server-based system as I don't know (and control) exactly in which environment they will run their password managers and how they do care of keeping secure their vault including safe copies. At least with server based password managers I know that its their core company business to keep clients data safe and available. Of course, trust is needed but so far they have earned it as LP has been the most targeted (to try to break it) password manager on the market. And more importantly they have been always transparent about it.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    Thanks for your view, I appreciate it. I thought the GUI from SafeInCloud looked pretty good, and I suppose as long if it doesn't have access to the web you should be safe. I also don't need any advanced features, only auto-wipe of the clipboard and password generation are handy tools. And I wouldn't use the extension for browsers. But I understand what you're saying.
     
  5. 142395

    142395 Guest

    It's interesting if online pwdmgr have any advantage over offline in regard to local (in)security. So I considered some aspects and searched on web, and concluded:

    1. As long as user follow best practice, online pwdmgr don't have any advantage at least in 2 area, (i) local malware and (ii) physical security. (Depending on implementation there can be tiny differences. e.g. Keepass have slightly more defenses than LP, but that is not meaningfull.)

    2. If user follow bad practice i.e. weak password, no 2FA, poor physical security, then online will be better. (Tho I believe even online mgr can't protect such user well.)

    Among the webpages I serached, the most interesting ones are:
    http://www.harmj0y.net/blog/redteaming/a-case-study-in-attacking-keepass/
    http://www.harmj0y.net/blog/redteaming/keethief-a-case-study-in-attacking-keepass-part-2/
    It'll be worth reading for anyone who care pwdmgr's security. They hacked Keepass, but as they say this kind of attack should be applicable to any pwdmgr.

    Now let's assume my OS is infected w/ malware. If you claim "if infected, it's gameover" I support counter argument by the author of above link. Now I take KP & LP as example just because I'm familiar w/ them. For simple keylogger, KP uses secure desktop while LP offer software keyboard. Which is better is arguable, secure desktop might be bypassed by low level keylogger while software keyboard can be bypassed via screen grabbing. As an another protection both of them support 2FA. KP have an option for 2FA, keyfile or OATH HOTP w/ OtpKeyProv. I think the latter is safer and is also used by LP. So basically there's no difference against common malware, but it should be noted that KP has WUA lockdown which can work as a kind of 3FA. But as described in the link it can be bypassed.
    Now if attack is more targeted and used the techinique described in Part2 of the link w/ proper adjustment, either types of pwdmgr can't resist. 2FA don't help in this situation. KP may put a bit better hurdle as it installs setting file in Program Files (recommended even when you use portable) while addon ver. of LP is in user folder (not sure about install ver.), but browser like Chrome optionally checks integrity of addons and malware may elevate priv. There can also be timing difference in 2FA protection tho I couldn't confirm. In online pwdmgr OTP might only be used for auth but not encryption. If so, it can be disadvantage since downloaded DB on browser is no more protected by 2FA.

    Then focus on physical security, but it's easy. As long as DB is encrypted w/ strong pwd, regardless of where my DB is, nobody can steal credentials. This is why I didn't care LP hack, as I emphasized before, my threat model and huge attack surface for online pwdmgr is not on it. Another aspect of physical security is loss of access, but common best practice of "Backup, backup, and backup!" is enough for it. In my case even if I lost all those copy of DBs (1 in active use on USB, 1 in encrypted drive, and 1 in 0-knowledge cloud under multiple encryption barriers) I don't loose anything as I can always generate exact pwds by my algo.

    If you say "all that's theoretical" then I have an experience that such consideration saved me. I was user of Bitdefender's cloud, but dropped it as I concluded it's not secure. It seems that was right. I wonder how many ppl would have agreed w/ me in that time.

    These are some useful links to help understanding why browser-server based crypto is insecure (not all of them directly apply online pwdmgr)
    https://www.nccgroup.trust/us/about...t/javascript-cryptography-considered-harmful/
    https://tonyarcieri.com/whats-wrong-with-webcrypto
    https://arno0x0x.wordpress.com/2015/09/16/end2end-encryption-protonmail/
    http://arstechnica.com/business/2013/01/megabad-a-quick-look-at-the-state-of-megas-encryption/
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    BTW, I tried SafeInCloud and noticed it wants to receive incoming connections, so I will have to pass. I'm not saying it's malicious, but this requirement shouldn't be necessary and when you block it, the app crashes.
     
  7. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    KeePass audit: no critical security vulnerabilities found
    Link: http://www.ghacks.net/2016/11/22/keepass-audit-no-critical-security-vulnerabilities-found

     
  8. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    So, if you want to be sure you need to stick with old 1.31 as any other version may have (or may not) altered the code ;)
     
  9. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    https://blog.lastpass.com/2016/11/lastpass-achieves-soc-2.html/
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
  11. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,326
    The requirement of Password Vault Manager is .NET, and the 105mb-size makes sense if the installer of the program includes the .NET Framework-installer (which has a size of 70-80mb) :D
    But if not, 105MB for a password manager is "much". Other programs from their website are even bigger.
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
    OK, I see. Let's hope it's this big because of the .NET requirement, otherwise it's a bit amateurish.
     
  13. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    User secrets part 1 – is it safe to store your password in the KeePass?
    By Paula Januszkiewicz (from CQURE)
    Follow link above for the rest of the detailed blog from Paula.

    Video link: https://www.youtube.com/watch?v=fr0Wyom3pOg
     
  14. Yegor Efremov

    Yegor Efremov Registered Member

    Joined:
    Jan 9, 2017
    Posts:
    17
    Location:
    Michigan
    Hi guys,

    What about stateless passwords? Stored nowhere, not even in your head. For a few of my high security things I use stateless. Never stored anywhere!

    https://github.com/stepchowfun/hashpass
     
  15. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,933
    Reminds me of Wladimir Palant's Easy Passwords. Aside from the fact that I won't use Hashpass as it's only available for Chrome (and I'm a Firefox user) one has to be careful how exactly hashing is implemented. When Palant introduced Easy Passwords he checked about 20 other password managers: In most of them security is weak.

    According to the hashpass github site it's using SHA256 with 2^16 = 65,536 iterations. That's certainly better than Unipass in Palant's list (which uses SHA256 with 4,096 iterations). However, that doesn't mean that hashpass's security qualifies as good as it seems that it doesn't use PBKDF2 (neither bcrypt or scrypt) which is considered a necessity in good password managers.
     
  16. Yegor Efremov

    Yegor Efremov Registered Member

    Joined:
    Jan 9, 2017
    Posts:
    17
    Location:
    Michigan
    Once the hash is created it disappears into thin air. As such wouldn't the iterations almost be irrelevant when pared with SHA256? Any attacker wouldn't have anything to attack for the most part because they'd need to know what site you were on, what part of the site name is hashed, what hashing tool you are using and then pry into your brain and get the password/passcode you use to salt the hash. Rather than with a traditional password manager that may have multiple attack vector.

    Also thank you for all of that info. Plenty of reading for me.
     
  17. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,104
    Location:
    .
    +1
     
  18. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,104
    Location:
    .
  19. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    42,326
    If you have selected only "Windows Credentials" to protect your KeePass database, someone can get access to your KeePass database with the help of some tools.
    But as long as you select other options to protect your database or you are at least using a master key, your KeePass database is secure.
     
  20. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,104
    Location:
    .
    Yes, didn't know whether "Windows Credentials" was same as Windows User Account.
    Yes, I've only used Master Password.

    Thanks! & Comments to article >
    https://sourceforge.net/p/keepass/discussion/329220/thread/77570b3a/?limit=25#47b5/6d27
     
    Last edited: Jan 13, 2017
  21. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    User secrets part 2 – is it safe to store your password in the browser?
    By Paula Januszkiewicz (from CQURE)

    YouTube video (if you don't want t read the article): https://www.youtube.com/watch?v=1wTgPmF-T1M
     
  22. ABaird3

    ABaird3 Registered Member

    Joined:
    Jan 27, 2016
    Posts:
    98
    Any users of Kaspersky's password manager? Is there any advantage to this product over Lastpass?
     
  23. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,116
    Location:
    USA
    Haven't used it, but I see that there are free and subscription versions like LastPass (LP). Paid version of Kaspersky Password Manager (KPM) is a little more expensive than LP. The free version of LP has a lot of functionality so I would do a feature comparison with KPM Free. I have been using LastPass Premium for a long time and for $12 US/Year it does everything I need. In fact the free version of LP would meet my needs now that they've added multi-device sync.

    https://usa.kaspersky.com/products-...curity/password-manager/?CID=acq-freekasp-USA
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,929
    Location:
    The Netherlands
  25. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,116
    Location:
    USA
    One disadvantage from the get go is a browser's password manager is only useful in that one browser. A separate password manager can make passwords available to multiple browsers.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.