19 votes

Recognizing basic security flaws in local password managers

22 comments

  1. [13]
    tool
    Link
    The author makes some good general points, but this is less of a "Here's some common inadequacies in password managers" article, and more of a "Fuck this one piece of software in particular"...

    The author makes some good general points, but this is less of a "Here's some common inadequacies in password managers" article, and more of a "Fuck this one piece of software in particular" article. That, combined with his disclosure that he is the author if a different password manager tool makes me think he has an axe to grind.

    Bitwarden is the undisputed king in password management anyway.

    10 votes
    1. ubergeek
      Link Parent
      I'm more a fan of KeepassXC, but to each their own :)

      I'm more a fan of KeepassXC, but to each their own :)

      11 votes
    2. [2]
      Deimos
      Link Parent
      Agreed, I thought it was interesting just as a fairly detailed walkthrough of how to approach analyzing one though.

      Agreed, I thought it was interesting just as a fairly detailed walkthrough of how to approach analyzing one though.

      8 votes
      1. tool
        Link Parent
        I agree. I love articles like that where something is meticulously picked apart and presents the method of breakdown, but this one just rubbed me the wrong way. Seems like he has a grudge.

        I agree. I love articles like that where something is meticulously picked apart and presents the method of breakdown, but this one just rubbed me the wrong way. Seems like he has a grudge.

        2 votes
    3. [3]
      cwagner
      Link Parent
      And what’s its, apparently obvious, advantage over Keepass[XC]?

      Bitwarden is the undisputed king in password management anyway.

      And what’s its, apparently obvious, advantage over Keepass[XC]?

      4 votes
      1. [2]
        tool
        Link Parent
        You don't have to screw around with a database file anywhere or worry about sync issues, just log in to the application/extension/web vault and you're done. And this point is not an advantage over...

        You don't have to screw around with a database file anywhere or worry about sync issues, just log in to the application/extension/web vault and you're done.

        And this point is not an advantage over Keepass/X/XC, but you can also self-host your own Bitwarden instance if you don't want to use their infrastructure. Works exactly the same as their hosted version, you just need to change the URL that your client tries to access before logging in. I've been running a self-hosted instance in a VPS for about a year now with no issues.

        4 votes
        1. cwagner
          Link Parent
          Simpler sync does sound decent. I haven’t had any KeePass sync issues in many years though and I like being able to use my existing tools instead of having to install yet another server.

          Simpler sync does sound decent. I haven’t had any KeePass sync issues in many years though and I like being able to use my existing tools instead of having to install yet another server.

          1 vote
    4. [6]
      Grzmot
      Link Parent
      Bitwarden isn't as secure as people want to believe, cause the en- and decryption of the database happens over JavaScript. If you made a Venn diagram of JS and Security, you'd get no overlapping...

      Bitwarden isn't as secure as people want to believe, cause the en- and decryption of the database happens over JavaScript.

      If you made a Venn diagram of JS and Security, you'd get no overlapping sections.

      1 vote
      1. stu2b50
        Link Parent
        AES is AES regardless of what language it's implemented. JS has its issues, but it is in the end a managed language and as such is already much better equipped than C or C++. It also uses either...

        AES is AES regardless of what language it's implemented. JS has its issues, but it is in the end a managed language and as such is already much better equipped than C or C++.

        It also uses either NodeJsCrypto which is just a wrapper to OpenSSL, or WebCrypto, which is a browser api, which is also typically a wrapper around OpenSSL.

        So is OpenSSL vulrenable now?

        10 votes
      2. [3]
        Deimos
        (edited )
        Link Parent
        That's a very bold claim. Please link to anything supporting it and showing a weakness with Bitwarden's encryption implementation.

        That's a very bold claim. Please link to anything supporting it and showing a weakness with Bitwarden's encryption implementation.

        9 votes
        1. [2]
          Grzmot
          Link Parent
          Source is here, albeit in German: https://www.kuketz-blog.de/bitwarden-schwaechen-bei-sicherheit-und-datenschutz/ I'll do my best to translate: Content-Security-Policy Content-Security-Policy:...

          Source is here, albeit in German: https://www.kuketz-blog.de/bitwarden-schwaechen-bei-sicherheit-und-datenschutz/

          I'll do my best to translate:

          1. Content-Security-Policy
          Content-Security-Policy: 
          default-src 'self'; 
          script-src 'self' 'sha256-ryoU+5+IUZTuUyTElqkrQGBJXr1brEv6r2CA62WUw8w=' https://js.stripe.com https://js.braintreegateway.com https://www.paypalobjects.com; 
          style-src 'self' 'unsafe-inline' https://assets.braintreegateway.com https://*.paypal.com; img-src 'self' data: https://icons.bitwarden.net https://*.paypal.com https://www.paypalobjects.com https://q.stripe.com https://haveibeenpwned.com https://www.gravatar.com; 
          child-src 'self' https://js.stripe.com https://assets.braintreegateway.com https://*.paypal.com https://*.duosecurity.com; 
          frame-src 'self' https://js.stripe.com https://assets.braintreegateway.com https://*.paypal.com https://*.duosecurity.com; 
          connect-src 'self' wss://notifications.bitwarden.com https://notifications.bitwarden.com https://cdn.bitwarden.net https://api.pwnedpasswords.com https://twofactorauth.org https://api.stripe.com https://www.paypal.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.braintree-api.com; 
          object-src 'self' blob:;
          

          script-src allows for loading resources from third-party sites, meaning that if those get compromised, it might open a weak point in Bitwarden, as the requested resource control lies solely with the third party.

          1. Android App

          Bitwarden on Android includes 3 trackers:

          • Google Analytics
          • Google Firebase Analytics
          • HockeyApp

          When you open the app, GA and GFA transfer immediately, without questioning the user. While the inclusion of Firebase Analytics might be an error (i.e. left behind code), the other two were built in on purpose. This is not a security issue per se, but a privacy one. I don't want trackers in most of my apps and I especially don't want them in my password manager.

          1. Transfer of the master password in hashed form:
          grant_type=password
          &username=XY
          &password=DkSSVh%2FsNxf6s8qOIO5apW9mQzWit65H99TAZItZMps%3D
          &scope=api+offline_access
          &client_id=mobile
          &DeviceType=Android
          &DeviceIdentifier=02efaea0-6d37-4a51-b868-279eab44ab70
          &DeviceName=Redmi+Note+4&DevicePushToken=
          

          POST-Requests transfer the master password over the internet, which can be another weak point especially for man-in-the-middle attacks. While this wouldn't have to be a concern with HTTPS and other security measures, there are still better ways to split authentification and database encryption.

          That being said, I still use Bitwarden myself because it's comfortable to use and makes my life more secure than if I managed the passwords on my own. Offline solutions like KeePass would require local synchronisation or another way of keeping my phone and computers up to date.

          The source is dated on 2019-25-01 so there is a possibility that these issues might've been fixed in the meanwhile, however I found no ways to disable the trackers in the Android app, contrary to what the blog post states. So either they got removed completely, or they disabled disabling the trackers.

          7 votes
          1. stu2b50
            (edited )
            Link Parent
            I feel these are pretty weak security concerns. Also, they have nothing to do with javascript lol. For 1., the main webpage has those outside scripts to handle payments for their hosted service....

            I feel these are pretty weak security concerns. Also, they have nothing to do with javascript lol.

            For 1., the main webpage has those outside scripts to handle payments for their hosted service. Bitwarden is, of course, open source and self hostable. They don't exist in the admin panel for your actual key vault. The "danger" here is that someone takes over Bitwarden's website and can then do nefarious things... of course you could. If you took over Keepass' website, you can also do nefarious phishing attacks.

            For 2) this is a complete non-issue, because under the app releases they also have an f-droid APK with those disabled (https://github.com/bitwarden/mobile/issues/471)

            For 3) Even if you forget about TLS, obtaining the salted hash of your master password is utterly useless unless you have a weak master password and an entire nation state decides to that they really don't like you in particular.

            5 votes
  2. stu2b50
    Link
    How does that even happen? What could possible make you choose ECB of all things when picking your block cipher method?

    How does that even happen? What could possible make you choose ECB of all things when picking your block cipher method?

    4 votes
  3. [7]
    nacho
    Link
    In the past I've advocated against password managers in tildes. The response is always negative. I still maintain that password managers are the holy grail of hacking/cracking targets because if...

    In the past I've advocated against password managers in tildes. The response is always negative.

    I still maintain that password managers are the holy grail of hacking/cracking targets because if you get in, you get everything. A complete and integrated life.

    You're much better creating your own password formula and iterate that through each site you have accounts for, then switch formula every 3 months.

    This lets you create unique, complex, rememberable passwords for every account. You're the only point of failure. Your passwords are always strong. They aren't stored anywhere. No external company is a point of failure.


    You can randomly generate the base for your formula if you don't trust your on pseudo-random skills.
    You can roll random numbers for character-numbers in URLs, for cipher shifts in characters, for shifts in keys horizontally, diagonally on keyboards, all sorts of things.

    Your passwords can be as secure as you want them to be. You have the passwords wherever you go because they're in your head.

    I end up realizing I have a lot of accounts online. I always learn the new password formula by implementing it on all accounts in one sitting for password changes.


    If I had a password manager, if it were hacked, every account could be recovered indefinitely using other credentials. All interconnected. There aren't enough services in my life that require 2FA in ways that aren't beatable by account recovery. No cancelling of a Social Security Number or other things could stop the process.

    Why would anyone be willing to take that risk, to place all the eggs in one basket like that? The concept of a password manager is fundamentally bad.

    11 votes
    1. Deimos
      (edited )
      Link Parent
      I disagree with you, but overall, both methods are still a lot better than what most users do (share the same password or small set of passwords across almost everything). I think the really core...

      I disagree with you, but overall, both methods are still a lot better than what most users do (share the same password or small set of passwords across almost everything). I think the really core thing is recognizing what the actual threats are that you need to worry about.

      In terms of accounts and passwords on the internet, the main threat that leads to the large, large majority of compromises is that usernames/passwords from some site are extracted, and attackers use that data to try to log into other sites too (credential stuffing). The threat from that is entirely due to shared passwords between multiple sites. Unless you're being targeted individually, the only thing you have to worry about is whether a breached password can be used anywhere else. For both password managers and using a password formula, the answer is "no", so they're both equally safe against this.

      The next step above that is when someone does target you individually. For example, say that someone wants to try to compromise my Tildes account, which (for me personally, probably not for almost everyone else) is a pretty realistic threat. They might try looking in various account breaches for accounts named Deimos, Deimorz, and accounts using my email addresses (which aren't hard to find) to see if they can find some kind of commonality between my passwords. But because I use a password manager, all of my passwords are random. There's nothing in common between them, and I don't even know what they are. No matter how many of my passwords they have access to, they will make absolutely zero progress towards figuring out my Tildes password.

      This is where a password formula is far weaker. Someone with two or three of my passwords (or even one, depending on the formula's obviousness) would have an ability to figure out other passwords. You're mitigating that by changing your formula every 3 months, but that's still a decent time window and manually changing all of your passwords every few months is a huge hassle (I have hundreds I'd have to change).

      So in terms of those two realistic threats, the password manager is the better choice, but it's still only relevant to deal with individually-targeted attacks. The threat that you mentioned where you consider the formula superior is if someone manages to acquire and break into your password manager database. It will vary depending on the exact password manager someone's using and how they set it up, but at least for me, for someone to be able to compromise mine, they'd need to:

      • Get the password database (compromise one of my devices and/or the sync server)
      • Either get my master password (which never leaves the device), or break the encryption of the database
      • Get my physical Yubikey or somehow get its secret key and duplicate its functionality

      Those are all extremely difficult things to do, to the point that I'm not even going to worry about them. If someone has the motivation and ability to attack you on those levels, a password formula won't save you either.

      20 votes
    2. deing
      Link Parent
      I mean, you're absolutely right — once an attacker gets access to my database I'm screwed. But considering that this database is only on devices that would have me screwed similarly if an attacker...

      I mean, you're absolutely right — once an attacker gets access to my database I'm screwed. But considering that this database is only on devices that would have me screwed similarly if an attacker got access to them, this concern is kind of void for me. If you're already inside my PC, I can't stop you from creating a bad day for me anyway, so why lose massive convenience for effectively zero benefits?

      16 votes
    3. stu2b50
      Link Parent
      Because of two security fundamentals: Consider human factors and Security is economics For the first, your scheme has too much user involvement. You have to effectively run a key generation...

      Because of two security fundamentals:

      • Consider human factors

      and

      • Security is economics

      For the first, your scheme has too much user involvement. You have to effectively run a key generation function in your head for every password, AND change that function every 3 months. While this is easier than remembering strong passwords for each site, it's still just unfeasible.

      This is why sometimes complex password regulations sometimes makes systems weaker, because the users start writing their complex passwords on sticky notes. Always realize that people hate doing hard things.

      And secondly, there's no point in buying a $10,000 safe for a $100 watch. In the end, in most cases where someone can compromise all of your passwords anyway. If you store it locally, then if the attacker can get ahold of your encrypted blob and your master password, they can almost certainly have just already compromised your local device and can just install a keylogger among other things because they already won. If it's hosted, then the attacker has compromised AWS or Azure or some other major cloud provider, in which case your data is screwed regardless.

      11 votes
    4. Wes
      Link Parent
      It's not a great argument. One layer of extremely good security is still better than many layers of poor security. Any sort of memorization leads to shorter passwords, pass phrases, or repetition...

      I still maintain that password managers are the holy grail of hacking/cracking targets because if you get in, you get everything.

      It's not a great argument. One layer of extremely good security is still better than many layers of poor security.

      Any sort of memorization leads to shorter passwords, pass phrases, or repetition between sites. Password managers mean long, strong, unique passwords on every site.

      There's a reason that security researchers consistently recommend password managers as the number one thing you can do to stay safe online.

      4 votes
    5. 0lpbm
      Link Parent
      Do you also advocate against low overhead passwords managers like pass or just the stand-alone ones ?

      Do you also advocate against low overhead passwords managers like pass or just the stand-alone ones ?

      1 vote
    6. ubergeek
      Link Parent
      Well, thankfully, to crack my password manager, they would also have to crack my disk encryption too... Plus, I use a pretty long passphrase for both.

      Well, thankfully, to crack my password manager, they would also have to crack my disk encryption too...

      Plus, I use a pretty long passphrase for both.

  4. HanakoIsBestGirl
    Link
    Better title: Recognizing basic security flaws in a local password manager

    Better title: Recognizing basic security flaws in a local password manager