Password managers’ promise that they can’t see your vaults isn’t always true
- Thread starter JournalBot
- Start date
Gnafu the Great
Ars Centurion
When I finally recognized my need to set up a password manager and set new, unique passwords for all our important accounts, I chose KeePassDX/KeePassXC and Syncthing(-Fork) to share a password database with my wife. The bonus is that I ended up using Syncthing for a bunch of other stuff and it's made my life better in a number of ways. I have full control over where our password databases are stored, and they're synced instantly across several devices that are not controlled by any cloud service.
EDIT: I recognize that's not always the best solution for a larger team, but even then I highly recommend people consider FOSS server options like Vaultwarden.
EDIT: I recognize that's not always the best solution for a larger team, but even then I highly recommend people consider FOSS server options like Vaultwarden.
Upvote
111
(131
/
-20)
This is pretty much why I use KeePass plus Syncthing. It has its own issue but the whole chain is under my control.
Upvote
38
(63
/
-25)
While I appreciate anyone bringing security issues to light and making security products better, I have to say that sometimes researchers do oversell their findings. This comes close to the old maxim that once someone has physical access to hardware you're toast.
There really is no such thing as total security. Now if I was someone a lot more important than I am, I'd worry about state-level actors managing a total server compromise of Bitwarden, and targeting my vault for extraction. As it is.. this is not a threat-scenario I lie awake worrying over.
Edit: Also I do support the recommendation of KeePass if you really do need that extra security. Just be very sure you have thought through all the potential issues with syncing it yourself. It can be the most secure option - but if you don't know what you're doing it's probably not.
There really is no such thing as total security. Now if I was someone a lot more important than I am, I'd worry about state-level actors managing a total server compromise of Bitwarden, and targeting my vault for extraction. As it is.. this is not a threat-scenario I lie awake worrying over.
Edit: Also I do support the recommendation of KeePass if you really do need that extra security. Just be very sure you have thought through all the potential issues with syncing it yourself. It can be the most secure option - but if you don't know what you're doing it's probably not.
Upvote
267
(276
/
-9)
I was kind of hoping to read how the process involved lead researcher Nic Cage who had followed a number of clues leading to the next step in the penetration of the vaults that spanned multiple cities in multiple states to peel away the layers to get to the ultimate vault of passwords.
Upvote
34
(46
/
-12)
This is exactly the sort of development I feared when 1Password announced they were doing away with local vaults. I really wish they could find a way to make that an option for users who want it, even if it were to still default to a cloud setup. Id prefer to know the bounds of my attack surface.
Upvote
91
(95
/
-4)
This is nice work, but I have to say that I don't find this entirely surprising. Someone correct me if I'm wrong here, but all of this seems to be contingent on either shared vaults or account recovery features.
In any case where my account can be recovered after I lose my master password, or where I have shared access with someone else, it is my assumption that there would be some series of steps/exploits which could result in my vault being decrypted without the use of my master password. If those steps involve gaining administrative access to the provider's infrastructure, that's probably about as good as you can do.
If that's not an acceptable threat model, then I'd recommend turning off account recovery and/or not sharing your vault. Or moving to a password manager that uses local vaults, which has tradeoffs of convenience for security.
In any case where my account can be recovered after I lose my master password, or where I have shared access with someone else, it is my assumption that there would be some series of steps/exploits which could result in my vault being decrypted without the use of my master password. If those steps involve gaining administrative access to the provider's infrastructure, that's probably about as good as you can do.
If that's not an acceptable threat model, then I'd recommend turning off account recovery and/or not sharing your vault. Or moving to a password manager that uses local vaults, which has tradeoffs of convenience for security.
Upvote
192
(194
/
-2)
- Add bookmark
- Featured
- #11
I'm tired of the posts promoting how keepass avoids cloud vulnerabilities. Yes it does.
But many of us want the features that having a vault in the cloud provides. And many (most?) of us don't want to or don't have the expertise to make our own NAS based internet vault server, LoL.
Heck, if I just memorize all my passwords, and that will be perfectly secure too!
At some point, the attacker can just use the $5 wrench attack.
https://imgs.xkcd.com/comics/security.png
But many of us want the features that having a vault in the cloud provides. And many (most?) of us don't want to or don't have the expertise to make our own NAS based internet vault server, LoL.
Heck, if I just memorize all my passwords, and that will be perfectly secure too!
At some point, the attacker can just use the $5 wrench attack.
https://imgs.xkcd.com/comics/security.png
Upvote
250
(301
/
-51)
RickRoyLeonPrisZhoraRacha
Ars Scholae Palatinae
I think you meant "breaches" not "branches" in the second paragraph of A psychological blind spot.
But I digress..
But I digress..
Upvote
5
(5
/
0)
Gnafu the Great
Ars Centurion
I just want to note that using Syncthing to sync a KeePass database can be done "serverless". Even if I do personally run Syncthing on my home server, you could simply run it on three or four devices and have a decent amount of data safety. If I took my home server out of the mix my password databases would still be on four devices.
Upvote
49
(59
/
-10)
So then like… what’s the follow up? I feel like password managers are still more secure than not using one. Do we just continue using them knowing they are flawed and be careful?
This seems really bad
This seems really bad
Upvote
45
(50
/
-5)
Or even if you have the expertise to do it. Do you really have the expertise and time needed to make sure it's actually secure through time? How do you know if a zero-day is found in Syncthing, or Keepass? Or even have the bandwidth or understanding needed to properly monitor a system for intrusion? The CLI isn't where most people can reasonably spend their lives.
Upvote
159
(174
/
-15)
It's important to note that all of the Bitwarden attacks appear to be predicated on enterprise/group-level memberships. For individual users, there does not appear to be a corresponding vector.
That being said, no matter what a service says: if their server is compromised, I'm going to change my master password immediately, and assume that every password and login I have has been compromised.
That being said, no matter what a service says: if their server is compromised, I'm going to change my master password immediately, and assume that every password and login I have has been compromised.
Upvote
131
(131
/
0)
Gnafu the Great
Ars Centurion
There's a big difference between a breach at a cloud provider and an exploit that requires access to an individual's device. Neither KeePass nor Syncthing require any CLI usage.
Upvote
56
(63
/
-7)
Paragraph 25, "The researchers estimate that the attack would require about 125 to decrypt the ciphertext.", 125 iterations, hashing iterations?
Upvote
30
(30
/
0)
I’m confused by this sentence about 1Password. What’s is it trying to say? That they didn’t analyze it but it would be subject to the same attacks? I feel like a sentence is missing.
Maybe I’m just not getting something obvious.
Upvote
116
(118
/
-2)
I understand the concerns but the burden of entry is pretty darn low. At least in windows there is no CLI at all involved in settings up Syncthing or KeePass.
As to zero days that would mostly be a matter of keeping the software up to date. Important to me is that the attack vector is very different and involves a compromised device most likely, not a cloud accessible server.
Upvote
31
(37
/
-6)
Well, a few things:
1. You are still better off using a password manager than not. Your most likely attack vector is an insecure service being compromised and password reuse getting you. Your second most likely attack vector is a weak password. Someone compromising the entire Bitwarden server infrastructure and targeting your vault is not high on the list of attack vectors.
2. These attacks are generally around shared credentials and/or vault recovery mechanisms. You should know that, if you share your passwords or have the ability of your cloud service provider to recover your vault, then there is something other than your master password encrypting it. That doesn't mean you shouldn't use those tools/features, but it shouldn't be understood that they marginally weaken your protections. So these specific attacks might be remediated or improved but it will still be an attack vector.
3. You can't protect against everything. It's okay to say that you are not accounting for the entire Bitwarden server infrastructure being rooted and malicious binaries rolled out to them.
Upvote
179
(179
/
0)
And that is great, I'm not going to talk bad about that. You've got a solution that works for you and that you trust, and I absolutely applaud that.
For me though, this is added risk: how about when I'm not in range of the other devices to update the vault? Am I updating over the open internet via syncthing, or am i using a VPN on every device? Do I run that VPN? If I do, what if my maintenance isn't perfect and the VPN connection goes down?
I do run several home servers and considered a self hosted solution. I ended up deciding that I didn't want to rely on -me- as the primary fault location for all of my passwords. Again, I'm not discounting anyone that does choose that, because it's a different decision tree for everyone's own situation, but it is food for thought.
Upvote
76
(80
/
-4)
I've been around more than half a dozen decades and there's one thing I learned a very long time ago: Whatever can be thought up by man, can be undone by man.
So when I hear "No way to...", I'm pretty sure there's not only A way to, there are probably several ways to. Even with the best intentions on the planet, you can't possibly defeat all of the Dave's standing in the way between you and cybersecurity nirvana...
Upvote
34
(38
/
-4)
I get that it can be annoying. It’s just, for some reason articles like this one call “Cloud Password Managers” “Password Managers.” So, keepass users probably feel the need to point out that this isn’t a problem with Password Managers, it is a problem with Cloud. Complain to the author, not the commenters with the valid and obvious correction.
This doesn’t seem fair. Most people can’t memorize enough high quality passwords to make this a practical option.
The wrench attack might work. But it has the downside of being easily detectable.
Upvote
28
(56
/
-28)
Literally came here to post the same question.
@dangoodin great article, but I think this paragraph could use a little touch up.
Upvote
52
(53
/
-1)
Firstly, Syncthing just synchronises files. A zero day isn't going to somehow give it access to your keypass master password or somehow decrypt your password db file.
And your password db is encrypted. Not even sure a zero-day in Keepass would let someone decrypt it. If your PC is compromised, you're dead anyway.
Upvote
39
(42
/
-3)
I use a 4096-bit hardware-random-number-generator for onetime-use passwords that I pipe immediately to /dev/null.
Upvote
8
(14
/
-6)
I honestly don't understand how anyone uses LastPass anymore. They've been hacked repeatedly, and whether or not user's vaults were leaked, it says a lot about them that should make anyone question the security of what they store with a company that can't keep itself safe.
Upvote
86
(91
/
-5)
The whole point of Keepass is you don't need to care about how you do the synching. You can email it to yourself, stick it on a thumbdrive, or whatever and it is secure. I just use Keepass with Microsoft Onedrive because it just works and I don't have to think about it.
To me the main downside of 1Password and the like is no control over software updating. If their server gets compromised, they can send you a bad version of the software that records and uploads the password needed to access your vault. That said I usually recommend most people to do the cloud password manager over Keepass because as someone else posted, the server compromise risk is a lot lower than all the other password related security risks for normal people.
Upvote
51
(59
/
-8)
Exact same setup, has been pretty solid for years for 5 people. Since I have a mixed OS homestead I have to support IOS which I do via mobious sync- it tries hard but IOS limitations can make it a bit less likely to stay in sync with out some nudging. I do like like keepassium for keepass file support in IOS and is wife approved for ease of use.
I've been kicking around setting up a self hosted vaultwarden to make things a little easier for IOS (and for fun) , but mostly the syncthing setup has worked good enough.
Upvote
5
(5
/
0)
This is one of those terms that always amuses me. FIPS, the Federal Information Protection Standard, has profiles for common ciphers including AES. AES is the default cipher for just about everything and even has hardware acceleration in processors from the past decade or so. In no way does this differ from normal encryption practices.
Also, the DoD has standards for pretty much everything, as they buy an enormous variety of goods. It's not just weapons and critical gear, but also super mundane stuff. Someone makes the plastic spoons found in MREs, but nobody is referring to those as "military-grade cutlery".
This makes absolutely no cryptographic sense. CBC is the de fact ostandard chaining mode for block ciphers and AES-CBC is everywhere. There is absolutely nothing wrong with CBC.
The padding oracle attacks referenced leverage the details of PKCS#7 padding combined with an incorrect implementation of message integrity. Alternative padding schemes, e.g. Ciphertext Stealing can prevent this problem. The real solution, however, is to follow the hard and fast rule about the order of operations and encrypt first and then checksum. Applying the message integrity to the ciphertext instead of plaintext results in a constant-time failure when attempting to decrypt modified ciphertext so there's no side channel information.
It is true that there's a push to move towards GCM encryption, but that's not driven by any technical weakness in CBC. The advantage of GCM is that it combines encryption and integrity into a single operation so programmers without a cryptographic background can't mess it up. Still, I wouldn't discourage you from using AES-CBC via a reputable high-level API that handles initialization vectors, padding, and integrity for you.
Upvote
47
(50
/
-3)
If you really want to make KeePass DBs secure, you need to use a YubiKey (or similar) HSK with them, and increase the strength of the KPDB security above that of the default.
Otherwise, I agree with posters about KeePass being a good solution.
And, you can store just about anything short of the kitchen sink in them as well!
Upvote
5
(7
/
-2)
MilanKraft
Ars Tribunus Angusticlavius
100%. When they did that is when I stopped using their product and switched to a different local only password manager. No fucking shot will I put my passwords on any server, anywhere, regardless of encryption tech or promises.
One or two people have mentioned Apple's Passwords app. IMO it's way too new a product to mess with, even on the level of simple things like accurate import/export to other trusted apps. Maybe in 3 or 4 years after they've hopefully fleshed out its capabilities and workflow some, I'll try it... but only if it's local. Any sort of forced iCloud BS and it'll continue to sit empty.
Upvote
-9
(8
/
-17)
Was disappointed when I looked for the coincidentally named researcher named Nic Cage in the article, to go with your joke, only to find there was none.
Upvote
7
(7
/
0)
Gonna 4th Vaultwarden as an option, and also add that I think Bitwarden the company deserves some small but very real credit on that front. Vaultwarden is a fully independent open source project, but Bitwarden the company has not taken any action to keep the official clients from being compatible with it, and even allows one of their employees to contribute on his own time. It's a pretty friendly arrangement, which is certainly not a given in the modern environment.
Special boos for 1Password. For 1Password 7 and earlier you could use Dropbox for syncing and purely local vaults for it, and AgileBits could have kept up and expanded in that direction, supporting WebDAV or making a (paid even) selfhosted server option someone could spin up in a VM or docker if they wished. But after taking a ton of VC money they got fully onboard the enshittification train and artificially forcing expensive subscriptions on everyone. No doubt good for investor returns, but they fully deserve any loss of trust and worry about risk.
Special boos for 1Password. For 1Password 7 and earlier you could use Dropbox for syncing and purely local vaults for it, and AgileBits could have kept up and expanded in that direction, supporting WebDAV or making a (paid even) selfhosted server option someone could spin up in a VM or docker if they wished. But after taking a ton of VC money they got fully onboard the enshittification train and artificially forcing expensive subscriptions on everyone. No doubt good for investor returns, but they fully deserve any loss of trust and worry about risk.
Upvote
39
(43
/
-4)
ReadandShare
Wise, Aged Ars Veteran
I've been using Keepass for years. I back up the one data file to my external drive and to my cloud drive (where it syncs to my phone). It's exactly how I back up my other data files (spreadsheets, documents, photos). Theoretically an easy and straightforward process.
Where I can get tripped up is when I add/update one password on Keepass using, say, my laptop - and then on the same day add/update another password on Keepass with my phone. Oops, now the nightly synching isn't straightforward anymore. As a single user sharing with no one, I just need to be careful. But I can certainly see a potential mess for a family/group trying to keep in sync!
Last edited:
Upvote
26
(26
/
0)