announced cloud-based backups a month ago, so I am late to the party. Still, I wanted to write down some notes on why 4 digit PINs aren't going to provide real security, no matter how hard one tries.

Thanks to @leip4Ier for bringing this topic to my attention.

Starting with Chrome 80, its sync functionality will encrypt your data properly - as long as you set a passphrase. This still isn't the default however.

Firefox Sync design has been better from the start. No progress here unfortunately.

Show thread

I updated two articles from 2018 with newer info. and improved local password protection as of version 72. For my taste, 10,000 iterations are still too low, but it should be enough for strong passwords.

Came across this wonderful web-only password manager today. Sure, security-wise that's an inherently flawed combination. But their security bullshit is soooo charming...

Looking at a password manager performing XOR-based obfuscation on some values (e.g. user names) before encryption. Guesses so far: avoiding plaintext in memory and outdated work-around for ECB-based encryption. Neither makes sense given the implementation. 🤯

I tried producing some useful instructions for less experienced people to recognize flaws in password managers. Let me know whether it worked!

And is indeed beyond saving, I don't see secure communication over email to happen, ever. No way around establishing new protocols for encrypted communication, e.g. .

Show thread

The scary thing: some products in need of such as password managers are being built on top of because that's supposedly easier to get right. But it's not. Looking at for example, there are definitely better way to do public key crypto.

Show thread

So here you have the full picture now: doesn't work and never will. Stop recommending it, stop organizing key signing parties, you aren't helping anybody doing that. Just put it to grave instead.

Found a PBKDF2 call in with horribly bad parameters. Then realized that it was merely importing passwords from . And last year I've actually investigated myself how badly these are protected.

I think that now I also understand what OtpKeyProv plugin for is doing. The scheme is very similar to what I saw in the KeeChallenge plugin, but it's supposed to work with any hardware token supporting OATH HOTP standard.

On my thread yesterday, and disagreed with my conclusion. In particular, they pointed me to the KeeChallenge plugin which allows to use via an offline challenge-response scheme.

I am once again thinking about how a hardware token like could be made useful in an offline password manager such as my . On the first glance, it's a good way to add entropy to the master password, so even a weak master password won't be bruteforced.

He didn't check how they derive the encryption key from your password, so I took a quick look. Apparently, uses PBKDF2-HMAC-SHA1 with 1000 iterations (hardcoded). In other words, even with the rest of it all implemented flawlessly you better choose a damn strong password if file encryption should be of any use.

Show thread

Michal Stanek over at Twitter did a quick look at the crypto behind file encryption. Not entirely surprisingly, what he found wasn't pleasant:

I wanted to see what "Serious Cryptography" has to say on the topic of key derivation. Yet while it refers to key derivation on a number of occasions, the common pitfalls don't seem to be worth a footnote.

Is there any book dealing with this topic properly?

"Lastly: designers can trade flexibility for reduced complexity, and that’s usually a win. For instance, a crypto protocol can (and often should) hardcode parameters rather than negotiating them."

Nice to see this said so clearly.

Found another vulnerability allowing their server to decrypt user's passwords. Sent a report, from experience it will take a while until I can disclose the details.

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.