Password managers

A couple of days ago I updated flashplayer. Didn't notice that Adobe assumed that I also wanted to install Intel True Key (I hate that Adobe "feature").

I uninstalled True Key, because I so far haven't seen the need for that type of software. I have an algorithm, only stored in my hippocampus (and associated cerebral areas), for creating different passwords on different sites. I can usually deduct passwords if I can't remember them. And no, it's not easy for outsiders to find out. I hope.)

But I assume that a password manager allows me to use longer, more random passwords. On the other hand, it takes only the password for the manager to find them all (and in the darkness bind them)? But I may of course be wrong.

So, how safe are those things? Recommendations?

pibbur who probably himself isn't completely secure(d).

"Ash password durbatulûk, ash password gimbatul,
Ash password thrakatulûk agh burzum-ishi krimpatul"

I use Keypass 2. It has three levels of protections. First there is a password, secondly there is a key file and lastly it can be linked to your Windows account (which means it is limited to your PC and very hard to get into when your PC crashes). That last option I don't use.
I use for everything randomly generated passwords with at least a 20 character length, including a mix of characters, capitals, numbers and special characters, which I can't remember.

Anyway, even if the database got into someone's hands and they could figure out the password, they still need to figure out the key file. In theory that would allow you to store the database in the cloud and by transferring the key file to any device you want to use Keypass 2 on, it would still be safe.

I'm dubious about master password stores, for the reasons you mention. One of the things Snowden highlighted is that although strong symmetric encryption is unbreakable, endpoint security (our devices and their OSes) is woeful. A modern key-logging trojan would have no trouble gathering your password and any keyfile you used, or dumping the decrypted password database from memory.

Ripper said:

I'm dubious about master password stores, for the reasons you mention. One of the things Snowden highlighted is that although strong symmetric encryption is unbreakable, endpoint security (our devices and their OSes) is woeful. A modern key-logging trojan would have no trouble gathering your password and any keyfile you used, or dumping the decrypted password database from memory.

Click to expand...

+1, except for one thing, we might think strong symmetric encryption is unbreakable today, but nothing is unbreakable, we already have quantum computers.....

GothicGothicness said:

+1, except for one thing, we might think strong symmetric encryption is unbreakable today, but nothing is unbreakable, we already have quantum computers…..

Click to expand...

There is always a chance that some new discovery will change everything we know, but by known physics and mathematics, there is no feasible threat to strong symmetric encryption, correctly implemented.

There is an important difference between symmetric and asymmetric cryptography. Asymmetric cryptography (also called public key encryption), is used for things like SSL and email encryption. This type is vulnerable to quantum computing, and it's what the excited stories about the end of encryption are talking about. Symmetric encryption with sufficient key strength, such as 256bit AES, which is typically used on data at rest, uses different maths and is not considered vulnerable to the potential of quantum computers, or any conceivable method of computing.

Ripper said:

There is always a chance that some new discovery will change everything we know, but by known physics and mathematics, there is no feasible threat to strong symmetric encryption, correctly implemented.

There is an important difference between symmetric and asymmetric cryptography. Asymmetric cryptography (also called public key encryption), is used for things like SSL and email encryption. This type is vulnerable to quantum computing, and it's what the excited stories about the end of encryption are talking about. Symmetric encryption with sufficient key strength, such as 256bit AES, which is typically used on data at rest, uses different maths and is not considered vulnerable to the potential of quantum computers, or any conceivable method of computing.

Click to expand...

It is really great we can have some cryptography discussions here, one of my favourite subjects. With the conventional computers we have today I guess it'd take a super computer something like 10^52 years to hack 256bit symmetric AES. But this assume quite a lot of others things, for example that the key was generated by a perfect random numbers generator ( unlikely ). Also flaws have been discovered in the AES algorithm, I think it is likely that more flaws will be found. Further more the quantum computers that we have today are very basic, but once we do get an advanced one working it might be feasible to brute-force as well.

It's important to note that quantum computers are not simply uber-computers that are vastly more powerful, and can brute force anything they like. Qubit computing is immensely efficient at doing certain things, but is actually less efficient than traditional computers at others.

If the nature of a calculation falls within the realm of quantum computing's strengths, then it will completed vastly more quickly, but other types of calculations will not. If your encryption scheme uses the type of problem that is hard for traditional computing, but trivial for qubit computing, then that encryption will be broken, but other types of problem remain infeasibly hard.

There are a number of physical laws that put absolute limits on the ability to process information in the universe, by any means. Even with a theoretically perfectly efficient ultracomputer, the amount of energy that would be required to do the computing to brute-force strong symmetric encryption would be on the order of entire planetary masses converted into energy, and would take billions of years.

Of course, one can always say that if your implementation of the encryption is flawed, then it might be broken - that's obvious. But, correctly implemented, there is no known threat to strong encryption.

Ripper said:

It's important to note that quantum computers are not simply uber-computers that are vastly more powerful, and can brute force anything they like. Qubit computing is immensely efficient at doing certain things, but is actually less efficient than traditional computers at others.

If the nature of a calculation falls within the realm of quantum computing's strengths, then it will completed vastly more quickly, but other types of calculations will not. If your encryption scheme uses the type of problem that is hard for traditional computing, but trivial for qubit computing, then that encryption will be broken, but other types of problem remain infeasibly hard.

There are a number of physical laws that put absolute limits on the ability to process information in the universe, by any means. Even with a theoretically perfectly efficient ultracomputer, the amount of energy that would be required to do the computing to brute-force strong symmetric encryption would be on the order of entire planetary masses converted into energy, and would take billions of years.

Of course, one can always say that if your implementation of the encryption is flawed, then it might be broken - that's obvious. But, correctly implemented, there is no known threat to strong encryption.

Click to expand...

You are making it easy for yourself by saying correctly implemented, actually what we are discussing is KeePass, so we are talking about either AES or Twofish, neither of which does have a known major flaw, even if some minor ones has been found. However none has proven that they are "correctly" implemented. Same thing goes for SHA-256. It is far from the first time we have found algorithms we believed where "unbreakable", only for them to be more or less trivial to crack today.

As for the random number generation it is based on

"KeePass needs to generate several random bytes (for the IV, the master key salt, etc.). For this, several pseudo-random sources are used: current tick count, performance counter, system date/time, mouse cursor position, memory status (free virtual memory, etc.), active window, clipboard owner, various process and thread IDs, various window handles (active window, desktop, …), window message stack, process heap status, process startup information and several system information structures. Additionally, KeePass uses random bytes provided by the system's default CSP RNG.

This pseudo-random data is collected in a random pool. To generate 16 random bytes, the pool is hashed (SHA-256) with a counter. The counter is increased after 16 generated bytes. This way, as many secure random bytes can be produced efficiently as needed."

This might sound like a good scheme, but in reality I would think this would greatly reduce the amount of possible random number generations, it is definitely not an optimal random number generation method at least.

Pibbur was asking about the idea of encrypted password stores generally - Myrthos mentioned Keepass, but thats's not the focus of the conversation. If you want to say that there's a possibility of a vulnerability somewhere in the Keepass code and its RNG, of course that's true, and it would be silly to suggest that any software is perfectly secure. My original point is that I consider strong symmetric encryption to be secure in itself, but that doesn't do you much good if your device is vulnerable - potentially including its implementation of encryption software!

I was then responding to a different specific point - your suggestion that quantum computers are coming that could brute force strong encryption - and pointing out why I think that's mistaken.

And I got the information I was looking for.

pibbur

Keepass and nothing else; I was helping a bit in that project a few years ago on Sourceforge. The author refined this baby since years and does not stop.

As for the security some things come to mind:

- Password strengthening against brute force ("# of hashing rounds")
- Some RAM protection
- PW entry in secure desktop possible (still, you should trust your computer/OS)
- some additional security on auto typing
- policies (An example: you can disallow things like printing/exporting etc., changes need a restart, which needs the master key. This way, if you leave the manager open, which never should happen, the attacker can only copy/paste passwords one by one).

I am not saying "open source", because this is not a very good point to me - who will read and understand the source code, IRL?

Also it has all the convenience, e.g. like syncing databases, a command interface, triggers, plugins… yay yay yay.

Ripper said:

Pibbur was asking about the idea of encrypted password stores generally - Myrthos mentioned Keepass, but thats's not the focus of the conversation. If you want to say that there's a possibility of a vulnerability somewhere in the Keepass code and its RNG, of course that's true, and it would be silly to suggest that any software is perfectly secure. My original point is that I consider strong symmetric encryption to be secure in itself, but that doesn't do you much good if your device is vulnerable - potentially including its implementation of encryption software!

I was then responding to a different specific point - your suggestion that quantum computers are coming that could brute force strong encryption - and pointing out why I think that's mistaken.

Click to expand...

You are right that symmetric encryption is much more resistant to quantum computers, we still do not know what they'll be able to do though, but basically from the current logic, cracking a 256-bit AES with a quantum computer would be like cracking a 128-bit AES with a regular computer. So it would be weakened even if not broken.

I use Lastpass, works perfectly fine.

I never use key managers under the general philosophy that if it were compromised then all my passwords would be exposed. I suppose a local only key manager might be ok since compromising the computer have effectively compromised my passwords but I would never use one of these remote (cloud) password managers that I see so many folks using. In fact if I'm not mistken one of the larger ones was compromised last summer.

GothicGothicness said:

You are right that symmetric encryption is much more resistant to quantum computers, we still do not know what they'll be able to do though, but basically from the current logic, cracking a 256-bit AES with a quantum computer would be like cracking a 128-bit AES with a regular computer. So it would be weakened even if not broken.

Click to expand...

Yes, Grover's algorithm does that, which is why I was careful to say that symmetric encryption requires sufficient key strength. It's also why the NSA moved to 256bit encryption - 256bits is massive overkill against classical computing, but against quantum algorithms it is equivalent in difficulty to 128bit encryption, which is still astronomically hard to compute.

It is likely, though, that in order for there to exist an algorithm that could render the problem non-hard, it would be necessary that P=NP. I remember a couple of years ago when there was a claim that a signal had been sent faster than light, one professor in the UK said that if it were proved true, he would eat his underpants live on television. To my mind, P=NP is about as likely.

As another scientist put it, "As far as we can tell, the universe is in favour of privacy."

Ripper said:

Yes, Grover's algorithm does that, which is why I was careful to say that symmetric encryption requires sufficient key strength. It's also why the NSA moved to 256bit encryption - 256bits is massive overkill against classical computing, but against quantum algorithms it is equivalent in difficulty to 128bit encryption, which is still astronomically hard to compute.

It is likely, though, that in order for there to exist an algorithm that could render the problem non-hard, it would be necessary that P=NP. I remember a couple of years ago when there was a claim that a signal had been sent faster than light, one professor in the UK said that if it were proved true, he would eat his underpants live on television. To my mind, P=NP is about as likely.

As another scientist put it, "As far as we can tell, the universe is in favour of privacy."

Click to expand...

To Chuck Norris P=NP.

As an apropos to recent developments in the TYDNTK thread: Chuck Norris can divide by zero.

pibbur who

GothicGothicness said:

+1, except for one thing, we might think strong symmetric encryption is unbreakable today, but nothing is unbreakable, we already have quantum computers.....

Click to expand...

Forgive my ignorance.

Could someone explain what "symmetric" encryption means to a layman ?


Sent from my iPhone using Tapatalk

Pladio said:

Forgive my ignorance.

Could someone explain what "symmetric" encryption means to a layman ?


Sent from my iPhone using Tapatalk

Click to expand...

What it means to a layman? Probably not as much as to governments, banks and other professional organizations.

pibbur who may have (deliberately) misunderstood what the pladio just wrote. And who promises to refrain from derailing attempts (in this thread) hereafter.

Pladio said:

Forgive my ignorance.

Could someone explain what "symmetric" encryption means to a layman ?


Sent from my iPhone using Tapatalk

Click to expand...

Asymmetric encryption is also known as public key encryption. This means that different keys are used for encrypting and decrypting the message. This is useful, for example, for encrypted email exchange. You can make public the encryption key, so anyone can send you an encrypted message, but you keep the decryption key to yourself, so only you can decrypt the messages. This is used extensively on the internet.

Symmetric encryption means that the same key is used for encryption and decryption. This is typically used for encrypting data on your own computer, where only you need to know the key. Bitlocker on windows works this way.

Because of the different ways they work, they use different algorithms and different types of complex mathematical problems to make the data extremely hard to decrypt without the key.

Although we don't have practical quantum computers yet, we know how quantum computer science must work, and people have been working on the maths for decades. We know that quantum computers will be extremely fast at calculating the types of problem used by asymmetric encryption, and will likely be able to break some of it. They are not as good at solving the problems used by symmetric encryption, and if the symmetric encryption is complex enough, there no known way that any computer could break it without taking billions of years and astronomical amounts of energy.

you said:

I never use key managers under the general philosophy that if it were compromised then all my passwords would be exposed. I suppose a local only key manager might be ok since compromising the computer have effectively compromised my passwords but I would never use one of these remote (cloud) password managers that I see so many folks using. In fact if I'm not mistken one of the larger ones was compromised last summer.

Click to expand...

Interesting. Got any details (I'd like to look it up)?

pibbur who, when looking at the mirror, finds himself a bit assymetric.

EDIT: Browsed the net, it seems that LastPass has had security probems both in 2014,2015 and summer of '16 (According to Wikipedia).

pibbur who oiuytghiolj907565567ygnm,lølkjuop+0+opoky7u (using a random encryption algorithm)