The author makes some good general points, but this is less of a "Here's some common inadequacies in password managers" article, and more of a "Fuck this one piece of software in particular"...
The author makes some good general points, but this is less of a "Here's some common inadequacies in password managers" article, and more of a "Fuck this one piece of software in particular" article. That, combined with his disclosure that he is the author if a different password manager tool makes me think he has an axe to grind.
Bitwarden is the undisputed king in password management anyway.
I agree. I love articles like that where something is meticulously picked apart and presents the method of breakdown, but this one just rubbed me the wrong way. Seems like he has a grudge.
I agree. I love articles like that where something is meticulously picked apart and presents the method of breakdown, but this one just rubbed me the wrong way. Seems like he has a grudge.
You don't have to screw around with a database file anywhere or worry about sync issues, just log in to the application/extension/web vault and you're done. And this point is not an advantage over...
You don't have to screw around with a database file anywhere or worry about sync issues, just log in to the application/extension/web vault and you're done.
And this point is not an advantage over Keepass/X/XC, but you can also self-host your own Bitwarden instance if you don't want to use their infrastructure. Works exactly the same as their hosted version, you just need to change the URL that your client tries to access before logging in. I've been running a self-hosted instance in a VPS for about a year now with no issues.
Bitwarden isn't as secure as people want to believe, cause the en- and decryption of the database happens over JavaScript. If you made a Venn diagram of JS and Security, you'd get no overlapping...
Bitwarden isn't as secure as people want to believe, cause the en- and decryption of the database happens over JavaScript.
If you made a Venn diagram of JS and Security, you'd get no overlapping sections.
AES is AES regardless of what language it's implemented. JS has its issues, but it is in the end a managed language and as such is already much better equipped than C or C++. It also uses either...
AES is AES regardless of what language it's implemented. JS has its issues, but it is in the end a managed language and as such is already much better equipped than C or C++.
It also uses either NodeJsCrypto which is just a wrapper to OpenSSL, or WebCrypto, which is a browser api, which is also typically a wrapper around OpenSSL.
Source is here, albeit in German: https://www.kuketz-blog.de/bitwarden-schwaechen-bei-sicherheit-und-datenschutz/ I'll do my best to translate: Content-Security-Policy Content-Security-Policy:...
script-src allows for loading resources from third-party sites, meaning that if those get compromised, it might open a weak point in Bitwarden, as the requested resource control lies solely with the third party.
Android App
Bitwarden on Android includes 3 trackers:
Google Analytics
Google Firebase Analytics
HockeyApp
When you open the app, GA and GFA transfer immediately, without questioning the user. While the inclusion of Firebase Analytics might be an error (i.e. left behind code), the other two were built in on purpose. This is not a security issue per se, but a privacy one. I don't want trackers in most of my apps and I especially don't want them in my password manager.
POST-Requests transfer the master password over the internet, which can be another weak point especially for man-in-the-middle attacks. While this wouldn't have to be a concern with HTTPS and other security measures, there are still better ways to split authentification and database encryption.
That being said, I still use Bitwarden myself because it's comfortable to use and makes my life more secure than if I managed the passwords on my own. Offline solutions like KeePass would require local synchronisation or another way of keeping my phone and computers up to date.
The source is dated on 2019-25-01 so there is a possibility that these issues might've been fixed in the meanwhile, however I found no ways to disable the trackers in the Android app, contrary to what the blog post states. So either they got removed completely, or they disabled disabling the trackers.
I feel these are pretty weak security concerns. Also, they have nothing to do with javascript lol. For 1., the main webpage has those outside scripts to handle payments for their hosted service....
I feel these are pretty weak security concerns. Also, they have nothing to do with javascript lol.
For 1., the main webpage has those outside scripts to handle payments for their hosted service. Bitwarden is, of course, open source and self hostable. They don't exist in the admin panel for your actual key vault. The "danger" here is that someone takes over Bitwarden's website and can then do nefarious things... of course you could. If you took over Keepass' website, you can also do nefarious phishing attacks.
For 3) Even if you forget about TLS, obtaining the salted hash of your master password is utterly useless unless you have a weak master password and an entire nation state decides to that they really don't like you in particular.
In the past I've advocated against password managers in tildes. The response is always negative. I still maintain that password managers are the holy grail of hacking/cracking targets because if...
In the past I've advocated against password managers in tildes. The response is always negative.
I still maintain that password managers are the holy grail of hacking/cracking targets because if you get in, you get everything. A complete and integrated life.
You're much better creating your own password formula and iterate that through each site you have accounts for, then switch formula every 3 months.
This lets you create unique, complex, rememberable passwords for every account. You're the only point of failure. Your passwords are always strong. They aren't stored anywhere. No external company is a point of failure.
You can randomly generate the base for your formula if you don't trust your on pseudo-random skills.
You can roll random numbers for character-numbers in URLs, for cipher shifts in characters, for shifts in keys horizontally, diagonally on keyboards, all sorts of things.
Your passwords can be as secure as you want them to be. You have the passwords wherever you go because they're in your head.
I end up realizing I have a lot of accounts online. I always learn the new password formula by implementing it on all accounts in one sitting for password changes.
If I had a password manager, if it were hacked, every account could be recovered indefinitely using other credentials. All interconnected. There aren't enough services in my life that require 2FA in ways that aren't beatable by account recovery. No cancelling of a Social Security Number or other things could stop the process.
Why would anyone be willing to take that risk, to place all the eggs in one basket like that? The concept of a password manager is fundamentally bad.
I disagree with you, but overall, both methods are still a lot better than what most users do (share the same password or small set of passwords across almost everything). I think the really core...
I disagree with you, but overall, both methods are still a lot better than what most users do (share the same password or small set of passwords across almost everything). I think the really core thing is recognizing what the actual threats are that you need to worry about.
In terms of accounts and passwords on the internet, the main threat that leads to the large, large majority of compromises is that usernames/passwords from some site are extracted, and attackers use that data to try to log into other sites too (credential stuffing). The threat from that is entirely due to shared passwords between multiple sites. Unless you're being targeted individually, the only thing you have to worry about is whether a breached password can be used anywhere else. For both password managers and using a password formula, the answer is "no", so they're both equally safe against this.
The next step above that is when someone does target you individually. For example, say that someone wants to try to compromise my Tildes account, which (for me personally, probably not for almost everyone else) is a pretty realistic threat. They might try looking in various account breaches for accounts named Deimos, Deimorz, and accounts using my email addresses (which aren't hard to find) to see if they can find some kind of commonality between my passwords. But because I use a password manager, all of my passwords are random. There's nothing in common between them, and I don't even know what they are. No matter how many of my passwords they have access to, they will make absolutely zero progress towards figuring out my Tildes password.
This is where a password formula is far weaker. Someone with two or three of my passwords (or even one, depending on the formula's obviousness) would have an ability to figure out other passwords. You're mitigating that by changing your formula every 3 months, but that's still a decent time window and manually changing all of your passwords every few months is a huge hassle (I have hundreds I'd have to change).
So in terms of those two realistic threats, the password manager is the better choice, but it's still only relevant to deal with individually-targeted attacks. The threat that you mentioned where you consider the formula superior is if someone manages to acquire and break into your password manager database. It will vary depending on the exact password manager someone's using and how they set it up, but at least for me, for someone to be able to compromise mine, they'd need to:
Get the password database (compromise one of my devices and/or the sync server)
Either get my master password (which never leaves the device), or break the encryption of the database
Get my physical Yubikey or somehow get its secret key and duplicate its functionality
Those are all extremely difficult things to do, to the point that I'm not even going to worry about them. If someone has the motivation and ability to attack you on those levels, a password formula won't save you either.
Because of two security fundamentals: Consider human factors and Security is economics For the first, your scheme has too much user involvement. You have to effectively run a key generation...
Because of two security fundamentals:
Consider human factors
and
Security is economics
For the first, your scheme has too much user involvement. You have to effectively run a key generation function in your head for every password, AND change that function every 3 months. While this is easier than remembering strong passwords for each site, it's still just unfeasible.
This is why sometimes complex password regulations sometimes makes systems weaker, because the users start writing their complex passwords on sticky notes. Always realize that people hate doing hard things.
And secondly, there's no point in buying a $10,000 safe for a $100 watch. In the end, in most cases where someone can compromise all of your passwords anyway. If you store it locally, then if the attacker can get ahold of your encrypted blob and your master password, they can almost certainly have just already compromised your local device and can just install a keylogger among other things because they already won. If it's hosted, then the attacker has compromised AWS or Azure or some other major cloud provider, in which case your data is screwed regardless.
It's not a great argument. One layer of extremely good security is still better than many layers of poor security. Any sort of memorization leads to shorter passwords, pass phrases, or repetition...
I still maintain that password managers are the holy grail of hacking/cracking targets because if you get in, you get everything.
It's not a great argument. One layer of extremely good security is still better than many layers of poor security.
Any sort of memorization leads to shorter passwords, pass phrases, or repetition between sites. Password managers mean long, strong, unique passwords on every site.
There's a reason that security researchers consistently recommend password managers as the number one thing you can do to stay safe online.
The author makes some good general points, but this is less of a "Here's some common inadequacies in password managers" article, and more of a "Fuck this one piece of software in particular" article. That, combined with his disclosure that he is the author if a different password manager tool makes me think he has an axe to grind.
Bitwarden is the undisputed king in password management anyway.
I'm more a fan of KeepassXC, but to each their own :)
Agreed, I thought it was interesting just as a fairly detailed walkthrough of how to approach analyzing one though.
I agree. I love articles like that where something is meticulously picked apart and presents the method of breakdown, but this one just rubbed me the wrong way. Seems like he has a grudge.
You don't have to screw around with a database file anywhere or worry about sync issues, just log in to the application/extension/web vault and you're done.
And this point is not an advantage over Keepass/X/XC, but you can also self-host your own Bitwarden instance if you don't want to use their infrastructure. Works exactly the same as their hosted version, you just need to change the URL that your client tries to access before logging in. I've been running a self-hosted instance in a VPS for about a year now with no issues.
Bitwarden isn't as secure as people want to believe, cause the en- and decryption of the database happens over JavaScript.
If you made a Venn diagram of JS and Security, you'd get no overlapping sections.
AES is AES regardless of what language it's implemented. JS has its issues, but it is in the end a managed language and as such is already much better equipped than C or C++.
It also uses either NodeJsCrypto which is just a wrapper to OpenSSL, or WebCrypto, which is a browser api, which is also typically a wrapper around OpenSSL.
So is OpenSSL vulrenable now?
That's a very bold claim. Please link to anything supporting it and showing a weakness with Bitwarden's encryption implementation.
Source is here, albeit in German: https://www.kuketz-blog.de/bitwarden-schwaechen-bei-sicherheit-und-datenschutz/
I'll do my best to translate:
script-src
allows for loading resources from third-party sites, meaning that if those get compromised, it might open a weak point in Bitwarden, as the requested resource control lies solely with the third party.Bitwarden on Android includes 3 trackers:
When you open the app, GA and GFA transfer immediately, without questioning the user. While the inclusion of Firebase Analytics might be an error (i.e. left behind code), the other two were built in on purpose. This is not a security issue per se, but a privacy one. I don't want trackers in most of my apps and I especially don't want them in my password manager.
POST-Requests transfer the master password over the internet, which can be another weak point especially for man-in-the-middle attacks. While this wouldn't have to be a concern with HTTPS and other security measures, there are still better ways to split authentification and database encryption.
That being said, I still use Bitwarden myself because it's comfortable to use and makes my life more secure than if I managed the passwords on my own. Offline solutions like KeePass would require local synchronisation or another way of keeping my phone and computers up to date.
The source is dated on 2019-25-01 so there is a possibility that these issues might've been fixed in the meanwhile, however I found no ways to disable the trackers in the Android app, contrary to what the blog post states. So either they got removed completely, or they disabled disabling the trackers.
I feel these are pretty weak security concerns. Also, they have nothing to do with javascript lol.
For 1., the main webpage has those outside scripts to handle payments for their hosted service. Bitwarden is, of course, open source and self hostable. They don't exist in the admin panel for your actual key vault. The "danger" here is that someone takes over Bitwarden's website and can then do nefarious things... of course you could. If you took over Keepass' website, you can also do nefarious phishing attacks.
For 2) this is a complete non-issue, because under the app releases they also have an f-droid APK with those disabled (https://github.com/bitwarden/mobile/issues/471)
For 3) Even if you forget about TLS, obtaining the salted hash of your master password is utterly useless unless you have a weak master password and an entire nation state decides to that they really don't like you in particular.
They've passed a 3rd party security audit.
How does that even happen? What could possible make you choose ECB of all things when picking your block cipher method?
In the past I've advocated against password managers in tildes. The response is always negative.
I still maintain that password managers are the holy grail of hacking/cracking targets because if you get in, you get everything. A complete and integrated life.
You're much better creating your own password formula and iterate that through each site you have accounts for, then switch formula every 3 months.
This lets you create unique, complex, rememberable passwords for every account. You're the only point of failure. Your passwords are always strong. They aren't stored anywhere. No external company is a point of failure.
You can randomly generate the base for your formula if you don't trust your on pseudo-random skills.
You can roll random numbers for character-numbers in URLs, for cipher shifts in characters, for shifts in keys horizontally, diagonally on keyboards, all sorts of things.
Your passwords can be as secure as you want them to be. You have the passwords wherever you go because they're in your head.
I end up realizing I have a lot of accounts online. I always learn the new password formula by implementing it on all accounts in one sitting for password changes.
If I had a password manager, if it were hacked, every account could be recovered indefinitely using other credentials. All interconnected. There aren't enough services in my life that require 2FA in ways that aren't beatable by account recovery. No cancelling of a Social Security Number or other things could stop the process.
Why would anyone be willing to take that risk, to place all the eggs in one basket like that? The concept of a password manager is fundamentally bad.
I disagree with you, but overall, both methods are still a lot better than what most users do (share the same password or small set of passwords across almost everything). I think the really core thing is recognizing what the actual threats are that you need to worry about.
In terms of accounts and passwords on the internet, the main threat that leads to the large, large majority of compromises is that usernames/passwords from some site are extracted, and attackers use that data to try to log into other sites too (credential stuffing). The threat from that is entirely due to shared passwords between multiple sites. Unless you're being targeted individually, the only thing you have to worry about is whether a breached password can be used anywhere else. For both password managers and using a password formula, the answer is "no", so they're both equally safe against this.
The next step above that is when someone does target you individually. For example, say that someone wants to try to compromise my Tildes account, which (for me personally, probably not for almost everyone else) is a pretty realistic threat. They might try looking in various account breaches for accounts named Deimos, Deimorz, and accounts using my email addresses (which aren't hard to find) to see if they can find some kind of commonality between my passwords. But because I use a password manager, all of my passwords are random. There's nothing in common between them, and I don't even know what they are. No matter how many of my passwords they have access to, they will make absolutely zero progress towards figuring out my Tildes password.
This is where a password formula is far weaker. Someone with two or three of my passwords (or even one, depending on the formula's obviousness) would have an ability to figure out other passwords. You're mitigating that by changing your formula every 3 months, but that's still a decent time window and manually changing all of your passwords every few months is a huge hassle (I have hundreds I'd have to change).
So in terms of those two realistic threats, the password manager is the better choice, but it's still only relevant to deal with individually-targeted attacks. The threat that you mentioned where you consider the formula superior is if someone manages to acquire and break into your password manager database. It will vary depending on the exact password manager someone's using and how they set it up, but at least for me, for someone to be able to compromise mine, they'd need to:
Those are all extremely difficult things to do, to the point that I'm not even going to worry about them. If someone has the motivation and ability to attack you on those levels, a password formula won't save you either.
Because of two security fundamentals:
and
For the first, your scheme has too much user involvement. You have to effectively run a key generation function in your head for every password, AND change that function every 3 months. While this is easier than remembering strong passwords for each site, it's still just unfeasible.
This is why sometimes complex password regulations sometimes makes systems weaker, because the users start writing their complex passwords on sticky notes. Always realize that people hate doing hard things.
And secondly, there's no point in buying a $10,000 safe for a $100 watch. In the end, in most cases where someone can compromise all of your passwords anyway. If you store it locally, then if the attacker can get ahold of your encrypted blob and your master password, they can almost certainly have just already compromised your local device and can just install a keylogger among other things because they already won. If it's hosted, then the attacker has compromised AWS or Azure or some other major cloud provider, in which case your data is screwed regardless.
It's not a great argument. One layer of extremely good security is still better than many layers of poor security.
Any sort of memorization leads to shorter passwords, pass phrases, or repetition between sites. Password managers mean long, strong, unique passwords on every site.
There's a reason that security researchers consistently recommend password managers as the number one thing you can do to stay safe online.
Do you also advocate against low overhead passwords managers like pass or just the stand-alone ones ?
Well, thankfully, to crack my password manager, they would also have to crack my disk encryption too...
Plus, I use a pretty long passphrase for both.
Better title: Recognizing basic security flaws in a local password manager