Storing Your Encrypted Passwords Offline On a Dedicated Device 107
An anonymous reader writes "The Hackaday writer Mathieu Stephan (alias limpkin) has just launched a new open source/hardware project together with the Hackaday community. The concept behind this product is to minimize the number of ways your passwords can be compromised, while generating long and complex random passwords for the different websites people use daily. It consists of a main device where users' credentials are encrypted, and a PIN locked smartcard containing the encryption key. Simply visit a website and the device will ask for confirmation to enter your credentials when you need to login. All development steps will be documented and all resources available for review."
Re: (Score:2)
generating long and complex random passwords
The NSA has been very helpful with solutions.
Re: (Score:2)
Am I the only one terrified that if something happens to my one "dedicated device", I'm screwed? The reason I keep my encrypted passwords in the cloud is that the service provides have redundancy. I'm seriously fucked if I lose access to my data store. How could anyone possibly sleep in peace knowing that their entire lives revolve around the safekeeping of one fallible hardware device??
Re: (Score:2)
That is why I don't store any passwords anywhere. I have 3 master passwords each in order of trustworthiness and then generate the passwords using supergenpass. As a result each website has their own unique passwords of reasonable complexity. The only issue I have is with system authentication, but that is a different password altogether.
Re: (Score:1)
Re: (Score:2)
This.
When all your online access depends on it, you can't have enough redundancy.
Security isn't just about secrecy. It's also about being safe from loss.
Which is exactly why I created Master Password (algorithm/app) [masterpasswordapp.com]: The theory is that all your passwords should be stateless, not rely on any form of storage at all, be long to be secure against brute-force attacks, be irreversible, and even if you lose everything you own tomorrow, be recreatable purely from your own knowledge.
what password server? passwords encrypted on card (Score:2)
The passwords are to be AES128 encrypted on the smart card. There is no password server.
Re: (Score:2)
yet, still lacks in reliability
Re: (Score:2)
Re: (Score:2)
... in a keepassx database
Keep-ass-X? I guess that's one place to store them, but it doesn't strike me as terribly hygienic. Mind you it should be safe from shoulder-surfing, unless you're in the shower and bend over for the soap.
Re: (Score:2)
Mind you it should be safe from shoulder-surfing, unless you're in the shower and bend over for the soap.
Even still, I would expect them to stop at the wrist or elbow.
Re: (Score:2)
Actually, it doesn't fulfil all the requirements.
You walk into a net cafe and want to log into random site you don't care much about password of. Will you plug in your stick and enter your encryption password, thus allowing the theft of all your passwords?
Having a device which masquerades as a USB keyboard addresses this use case.
Re: (Score:2)
"Storing Your Encrypted Passwords Offline On a Dedicated Device" = stick them in a USB stick in your pocket. My solution fulfills all of the requirements the easiest, the cheapest, and the most reliably.
Write them in a holy book, the G-Dless politicians would never think(if they ever knew how) to look there.
Re: (Score:2)
If your ciphertext must be stored in such a fashion, why bother? Properly encrypted data should be able to fall into the hands of an attacker, that's the whole point.
Because you want to avoid trusting the computer on which you are entering the password to also handle decryption duties. You do want the encrypted data to be useless without the key; but if you are planning on decrypting the data yourself, your key is going to be living in some computer's memory, at least briefly. If you are using a suitably compromised computer, it won't be a private key for long.
Re: (Score:1)
Air-gapped? You must not have heard about wifi yet.
-- hendrik
Re: (Score:2)
I've removed the processor and storage drive from my computer, thus rendering it 100% secure.
I store all the most sensitive data in my brain, where my faulty memory provides the necessary encryption.
Prior Art (Score:1)
Not sure how useful this system would be if people continue to use passwords like 'password.' Combining this with KeePass or something similar would be nice.
Re: (Score:2)
Re: (Score:2)
He's not talking about an ANCD or other transfer device. He's talking about our Common Access Cards (CAC) [cac.mil], by which we authenticate to DoD resources on the Web. The CAC has an encryption chip embedded in it, as well as some storage for certificates. I have a Smartcard reader [amazon.com] attached to a USB port on my computer. When I need to get into a military website, I place my CAC in the reader. Windows 7 and 8 have built-in drivers for smart cards, and the web site will send a request for authentication to my compu
it's been done? (Score:1)
Re: (Score:1)
Re: (Score:2)
True, but you still have to download it and decrypt it. Do that on a machine that can't be trusted and you may be hosed. Hell, look at the capabilities of a system like foxacid, and the very request you make to download your key file could be the same one that infects the local machine.
At least a device like this is only as vulnerable as typing, and exposes only the one password being used at a time, the master password is always protected as its only entered on the device.
Re: (Score:3)
Not well, from what I can see. It requires buying/building hardware, and you have to remember to take the device if you want to access a stored password away from home. KeePass + Dropbox goes everywhere my phone does.
Re: (Score:3)
The problem with that is that nothing that you enter on your phone or that's displayed on your phone is even remotely secure: your carrier, your phone vendor, various intelligence agencies, and police can all compromise your phone at the push of a button.
Re: (Score:1)
Keylogger to implement enhanced wiretaps (Score:2)
Re: (Score:2)
It's happened once before [wikipedia.org], it could certainly happen again. Google can remotely install applications to an Android phone (with Google's app store installed) at the click of a button. How else do you think apps are automatically installed when you buy them on the Play website or updated in the background. Apple may have some means to do this as well.
There are ways to make your phone more secure, but most phones are under the control of third parties.
Re: (Score:2)
On both the smartphone OS and the GSM portion, a keylogger can be installed as part of any OS update, or many application updates. Carriers, phone vendors, spy agencies, and police clearly all have had that capability for a while, and it's been in use.
Re: (Score:1)
Re:it's been done? (Score:4, Funny)
I don't understand your point about divulging a password. Why would one do that?
To make the men in black stop hitting you with hammers?
Re: (Score:2)
The complete phrase is 'password safe on Dropbox'. KeePass looks after the security and encryption - Dropbox is just the means of sharing the password safe between devices.
i.e. 'password safe' together is the noun rather than 'password' being the noun and safe being the adjective.
if you can access it on a website (Score:3, Insightful)
It's not offline.
This really is some guy just using a system he thinks is less likely to be compromised. Well, that's what everyone else does too.
Re:if you can access it on a website (Score:5, Informative)
The way it's described in TFA, you can't "access it on a website" (whatever that means).
It's a USB device that generates and stores passwords. The stored passwords are encrypted using a key contained in a smartcard. When you want a password, you use the touchscreen on the device to generate or decrypt a password and spit it out to the computer (presumably, the device looks to the computer like a HID keyboard device).
The only communication would, therefore, be from the device to the computer. All user interaction is through the device's touchscreen. The smartcard handles the security.
It's not a bad approach, though it would/could be ridiculously clumsy to use once you have accumulated hundreds or thousands of passwords.
Re: (Score:1)
The way it's described in TFA, you can't "access it on a website" (whatever that means).
It's a USB device that generates and stores passwords. The stored passwords are encrypted using a key contained in a smartcard. When you want a password, you use the touchscreen on the device to generate or decrypt a password and spit it out to the computer (presumably, the device looks to the computer like a HID keyboard device).
The only communication would, therefore, be from the device to the computer. All user interaction is through the device's touchscreen. The smartcard handles the security.
It's not a bad approach, though it would/could be ridiculously clumsy to use once you have accumulated hundreds or thousands of passwords.
Tools like Keepass have browser plugins to recognize what site you are on and call up the right password (or whatever fields need to be filled) accordingly. This sounds like taking that and moving the key onto an external device to remove the chances of a keylogger giving the perps the password to your whole keychain. Its effectiveness is limited by the fact that you very well could be giving away your most important passwords anyway, if a keylogger is around. The best defense is still a strong antivirus
Re: (Score:2)
Oh. Okay. The single page project page wasn't all that descriptive so I went by the summary partly and stated you had to go to a website and enter a PIN to log in. It wasn't particularly clear.
If this is just a smartcard, then this system has been in use for at least a decade. MS' internal VPN system used a smartcard login system, and IE supports it. That system is even more secure actually because it uses a challenge response and a PIN, it doesn't just decrypt a password which can be captured on the host c
Re:if you can access it on a website (Score:4, Insightful)
Clumsy is precisely the problem.
Three mail accounts. Laptop bios, laptop login, laptop root. Several encrypted archival hard drives. Slashdot login. The Register account. Furaffinity account. Home server user password, home server drive encryption password, home server root password. Minecraft account. Ukfur forum password. Work user password. Work domain admin password. Work test user account passwords. Ebuyer account password. Ebay password. Paypal password. GPG private key password. Retroshare private key password. Three sites I'd rather not mention. 1and1 hosting password. Domain name registrar password.
That's just what I can remember right now, so it's probably around half of what I actually have. How do I remember so many? I don't. Very few humans are capable of that. It's bordering on impossible. You need to either have a list somewhere written down, or reuse passwords a lot. Neither option is ideal - both introduce security vulnerabilities.
Re: (Score:3, Insightful)
Thought up some more: Furrymuck, latitude and SPR much passwords. EVE online password. two IRC nameserv passwords. Work computer bios passwords. Work network switch passwords. Combination to my wall safe. Unlock code for my phone. Unlock code for my tablet. Two internet banking passwords. Somewhere out there, a disused Second Life account from before I concluded it is crap.
At least I don't have a facebook account.
Re: (Score:2)
Actually, you do have a Facebook account since I am your account with your password. [grin]
Re: (Score:1)
Re: (Score:3)
You can use a single password, combined with the url of the website, to generate unique passwords for each website, via a hashing algorithm.
One implementation of this is: https://github.com/hughperkins/openpw [github.com] , which is a derivative of http://angel.net/~nic/passwd.current.html [angel.net] There are other implementations around.
The advantage of this system is:
- only one password to remember
- if a website gets hacked, that password can't be used on other websites, and can't realistically be used to obtain your master pa
This is a key management device, ask an expert (Score:2)
Re: (Score:2)
I don't understand why there is so much effort placed on storing passwords. We already know what to do with passwords from the perspective of the server: discard them as soon as possible!
The password should be salted and hashed immediately, and it should never be stored in plaintext. So let's not store them at all: let the user remember the risky password, and encrypt it as soon as possible. It's a validated methodology, and it removes many/most of the trust issues of the user/server relationship: I don'
Re: (Score:2)
Re: (Score:2)
It doesn't specifically solve any of those problems (except forbidden punctuation mark), although it simplifies them a bit.
Required characters (uppercase, punctuation, numbers) can be added post-hash as an insecure suffix to meet site requirements. These don't add any security, so you can carry them around with you, put them on a public website, or leave them on a sticky note on your monitor: "work suffix: #U1_. Github suffix: (#$JHi/."
The same thing can be said for length issues, although I've found that
Paper (Score:3)
I store my passwords on a piece of paper. Works fine for me.
Re: (Score:2)
I store my passwords on a piece of paper. Works fine for me.
Never tell anyone how you store your passwords!
Re: (Score:2, Funny)
Re: (Score:2)
Dammit, this shit is funny, why is it getting modded down? Truth hurting a bit much? :p
Too bad I don't have mod points anymore, I would've modded it up for funny.
Re: (Score:2)
(y)
(Notice how the thumbs-up signifier resembles the female form. Coincidence? I think not.)
Re: (Score:2)
Is it "pencil" this week?
Re: (Score:1)
Re: (Score:2)
1) The NSA can get the statistical wisdom from huge PW leaks posted by skiddies who dumped an SQL DB -- Or from those DBs themselves by deploying a single zero day vulnerability against the service.
2) Salted hashes are impervious to rainbow tables.
So it's something you have... (Score:2)
And something else you have?
What's the point of introducing a PIN-locked smart card? The PIN is what matters in this case, since both the device and the card need to be kept together anyway. All adding complexity does here is create an easier way to lose access to your credentials.
Why not handle it like OS X's Keychain, where your passphrase unlocks the encrypted secret... while the secret and the data store are on the same device?
Re: (Score:2)
Why not handle it like OS X's Keychain, where your passphrase unlocks the encrypted secret... while the secret and the data store are on the same device?
The trouble is that you end up storing your secret and your data on the same device as your big, complex, modern OS, your web browser, and all the other neat network connected stuff you may have installed. Anything goes wrong with all that, and it isn't a secret anymore.
Keepass + Dropbox (Score:2)
Re: (Score:2)
No, it really doesn't!
If someone compromises your machine, they can capture your keepass database and your password.
With this device, you're not entering your password into a system running piles of software that virtually no-one ever personally fully verifies (and how can they? Too much code), and furthermore if your password is captured you can't just clone the database to get all the passwords.
Keepass on Dropbox + keyfile on local devices + password is pretty good, but it isn't as good as this device fro
Re: (Score:2)
Been wanting to do this with an old phone (Score:2)
I've been wanting to do this for quite some time with an old Android phone. It provides a touch-screen interface. Many include a MicroSD meaning you can add software/updates to it without ever networking it. Kernel source is available for many, so you can build with the Linux HID Gadget driver to make it behave like a keyboard. Plus, people have the devices sitting around idle.
so basically an ident-i-eeze. (Score:5, Interesting)
Douglas Adams, right again.
"It was an Ident-i-Eeze, and was a very naughty and silly thing for Harl to have lying around in his wallet, though it was perfectly understandable. There were so many different ways in which you were required to provide absolute proof of your identity these days that life could easily become extremely tiresome just from that factor alone, never mind the deeper existential problems of trying to function as a coherent consciousness in an epistemologically ambiguous physical universe. Just look at cash point machines, for instance. Queues of people standing around waiting to have their fingerprints read, their retinas scanned, bits of skin scraped from the nape of the neck and undergoing instant (or nearly instant --- a good six or seven seconds in tedious reality) genetic analysis, then having to answer trick questions about members of their family they didn't even remember they had, and about their recorded preferences for tablecloth colours. And that was just to get a bit of spare cash for the weekend. If you were trying to raise a loan for a jetcar, sign a missile treaty or pay an entire restaurant bill things could get really trying.
Hence the Ident-i-Eeze. This encoded every single piece of information about you, your body and your life into one all- purpose machine-readable card that you could then carry around in your wallet, and therefore represented technology's greatest triumph to date over both itself and plain common sense. "
-Mostly Harmless, 1992
Smart card + OpenID (Score:2)
OpenID enabled websites offer you the opportunity to go further: send no password at all over the network.
OpenID relies on an Identity Provider (IdP) to validate your identity. You can set up your own IdP, and if you have a PKCS11 compliant smart card, your web browser can use it to perform client certificate authentication to the IdP using the certificate and private key stored in the smart card.
No extra device needed (Score:2)
Just use Keepass or a text editor in a trusted AppVM, plus the secured copy+paste in Qubes OS.
I doubt any remote attacker could take your passwords then.
Not good enough (Score:2)