Author Topic: Specify Drive/Path of rdf file  (Read 50831 times)

Offline rodengelsman

  • Normal Members
  • *
  • Posts: 1
Specify Drive/Path of rdf file
« on: May 16, 2006, 08:48:44 PM »
First of all... Thank-you for this wonderful product! Now to make my life complete (well, not complete unless you can supply booze and broads, too)...

This is mentioned briefly in the thread about encrypting the rdf file.

The usage scenario I envision is the following...

The rdf file could be stored on a usb key or floppy (does anyone use those anymore?).  You log on to your computer, insert the key, fire up TrueCrypt, supply that password. Then your file is available when you start up Firefox. This is high security; to get access to your files an attacker would need to:

1. Gain physical access to your computer.
2. Hack your logon password.
3. Have physical access to your key.
4. Hack the Truecrypt password.
5. Hack your master password.

I can't memorize dozens of reasonably high-entropy passwords, but I can probably manage to memorize three of them.

--

Rod

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Specify Drive/Path of rdf file
« Reply #1 on: May 17, 2006, 02:15:23 AM »
Hi,

This is pretty easy to do. I can implement it quickly, too, but I'm a little embarrassed to release a new version without the #1 requested feature being in that version.

Anyway, expect it shortly.

Tanstaafl, I thought this was in the FRL... but I don't see it. I know it's been requested before. Can you add it along with a vote from randomthot?

thanks,
eric

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Specify Drive/Path of rdf file
« Reply #2 on: May 22, 2006, 11:47:14 AM »
Quote from: Eric H. Jung
I thought this was in the FRL... but I don't see it. I know it's been requested before. Can you add it along with a vote from randomthot?

thanks,
eric
Done... sorry for the delay - been busy, and we've been getting spammed so much, I think I deleted this email notification by accident when deleting some of the spams...

I think I recall you saying that were already planning on adding this capability when you did the 'Encrypt RDF file' request, so didn't see a need for a separate request, but it does make sense to keep it separate...
« Last Edit: May 22, 2006, 11:47:40 AM by tanstaafl »

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Specify Drive/Path of rdf file
« Reply #3 on: May 23, 2006, 02:36:08 AM »
Quote
I think I recall you saying that were already planning on adding this capability when you did the 'Encrypt RDF file' request
Right, but they can be done independently so it's better to break them out.

Offline craig

  • Normal Members
  • *
  • Posts: 4
Specify Drive/Path of rdf file
« Reply #4 on: July 21, 2006, 05:27:47 PM »
Quote from: randomthot
This is mentioned briefly in the thread about encrypting the rdf file.

The usage scenario I envision is the following...

The rdf file could be stored on a usb key or floppy (does anyone use those anymore?).  You log on to your computer, insert the key, fire up TrueCrypt, supply that password. Then your file is available when you start up Firefox. This is high security; to get access to your files an attacker would need to:

1. Gain physical access to your computer.
2. Hack your logon password.
3. Have physical access to your key.
4. Hack the Truecrypt password.
5. Hack your master password.


This product seems like a good thing, but I'm still a bit concerned about it's security as currently implemented.  You outline a method to get around some of it's shortcomings, but I would take them a step further.

PWM should probably do the following:

1) Allow you to select the config file from anywhere on your computer each time PWM starts up (the config file can have any name; not the obvious passwordmaker.rdf which can be searched for using any search tool), but it will prevent Windows and itself from remembering this location (similar to what TrueCrypt does with it's volumes and Windows MRU lists).  This prevents checking the default location for your passwordmaker.rdf  file or a search for it.
2) The file should be encrypted with your master password and one or more key files (again similar to TrueCrypt).  It should not track the key file locations and it should prevent windows from putting the file in the most recently used file lists.
3) PWM should then read the config file into memory only.  This will prevent anyone or another process from copying the decrypted config file.

Until all of this is done it is vulnerable to keyloggers and here's why:

1) If a keylogger gets installed on your system then a copy program would be 10 times easier to install along with it as it only requires normal user privs to copy files, especially ones you created (i.e. the passwordmaker.rdf file)
2) You log in, the keylogger records your master password as you use PWM.
3) The copy program then copies your passwordmaker.rdf file.
4) Pass off the master password and the config file to the hacker
5) The hacker simply configures PWM the same as you per the config file they stole and use your master password to get all your account passwords.  They even know all the URL's as that's in the config file too.

Even the TrueCrypt solution posted by randomthot won't work as once he mounts the TrueCrypt volume any process will then be able to also read the files in that volume.  It's just another drive; right?

This FAQ seems a bit misleading too as all anyone really needs are the master password and your passwordmaker.rdf file; not the 10 other variables as its all in plain view in the rdf file.

Quote
If someone gets my master password, can't he determine all of my generated passwords?
No. There are ten other variables he would need for each account. They are:

    * URL
    * character set
    * which of nine hash algorithms was used
    * date counter (if any)
    * username (if any)
    * password length
    * password prefix (if any)
    * password suffix (if any)
    * which of nine l33t-speak levels was used
    * when l33t-speak was applied (if at all)

Probably the most interesting of these is character set because it gives you the flexibility to determine precisely which characters can and can't be included in generated passwords.


Unless I'm misunderstanding things here this seems a little too risky for me yet.  Please let me know of any workarounds to this, but if PWM can make these changes it will be a great and complete password manager.

Craig

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Specify Drive/Path of rdf file
« Reply #5 on: July 26, 2006, 12:23:54 PM »
I really don't understand your concern...

If someone compromises your computer to the extent you are describing, then NOTHING can prevent him from getting your secret passwords, REGARDLESS of how you store them.

There is no such thing as 'perfect' security.

Offline craig

  • Normal Members
  • *
  • Posts: 4
Specify Drive/Path of rdf file
« Reply #6 on: July 26, 2006, 04:53:44 PM »
Quote from: tanstaafl
I really don't understand your concern...

If someone compromises your computer to the extent you are describing, then NOTHING can prevent him from getting your secret passwords, REGARDLESS of how you store them.

There is no such thing as 'perfect' security.

So, you are saying installation of a keylogger will compromise PasswordMaker to the point a 3rd party can determine all your passwords.  I'd say you are correct as currently implemented.  I also agree that their isn't "perfect" security, but it should be better than this on something as important as a password cache.

If the changes I suggested are made:
1) change the config file to any name you desire (i.e. no default name)
2) use keyfiles along with the master password to encrypt that config file
3) Do not remember or allow windows to track the files in 1) and 2)
4) Only decrypt the config file when reading it (i.e. always encrypted on disk)

then a keylogger or file copier will not be able to determine the passwords in PWM as the master password is not the only thing used to encrypt your config file.

I guess what bothers me the most is that an FAQ outlines how PWM prevents keyloggers from stealing your passwords, but according to your reply that is not the case and I concur.  Right now, a keylogger only needs your master password and the passwordmaker.rdf file to determine all passwords tracked in PWM.  If PWM becomes popular enough the hackers will write their keyloggers to search the default location or name of that file to copy it and send it along with the master password back to them.

I hope you will reconsider the changes, but I'm sure they are not trivial.  But until these changes are made it just too easy to give all your passwords away.

Craig


Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Specify Drive/Path of rdf file
« Reply #7 on: July 26, 2006, 05:16:47 PM »
A keylogger is defeated if you use auto-populate.

By the way, you can encrypt passwordmaker.rdf right now with 3rd-party tools like TrueCrypt.

The ability to configure the location of the settings files is coming soon.

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Specify Drive/Path of rdf file
« Reply #8 on: July 27, 2006, 11:48:29 AM »
Quote from: craig
So, you are saying installation of a keylogger will compromise PasswordMaker to the point a 3rd party can determine all your passwords.  I'd say you are correct as currently implemented.
No, thats NOT what I'm saying.

A keylogger, IF combined with a method of stealing your RDF file, COULD be used to this purpose though.

As Eric already pointed out, if you are using auto-populate, the keylogger cannot get your generated password, but it could get your Master password.

Quote
I also agree that their isn't "perfect" security, but it should be better than this on something as important as a password cache.
PWM is not a password 'cache'...

Quote
If the changes I suggested are made:
1) change the config file to any name you desire (i.e. no default name)
2) use keyfiles along with the master password to encrypt that config file
These are both good ideas, and in fact both have been suggested before, but apparently they never made it to the FRL... I'll add them in a bit...

Quote
3) Do not remember or allow windows to track the files in 1) and 2)
Not sure how - or even if - this would be accomplished...

Quote
4) Only decrypt the config file when reading it (i.e. always encrypted on disk)
Isn't this the same as this?

Quote
then a keylogger or file copier will not be able to determine the passwords in PWM as the master password is not the only thing used to encrypt your config file.
As Eric has pointed out, you can already accomplish much of what you want using TrueCrypt or some other 3rd party utility.

Quote
I guess what bothers me the most is that an FAQ outlines how PWM prevents keyloggers from stealing your passwords, but according to your reply that is not the case and I concur.
As previously mentioned, it DOES, but only if you use the auto-populate functionality.

Offline thibros

  • Full Member
  • ***
  • Posts: 107
Specify Drive/Path of rdf file
« Reply #9 on: July 27, 2006, 06:14:08 PM »
Quote from: craig
If PWM becomes popular enough the hackers will write their keyloggers to search the default location or name of that file to copy it and send it along with the master password back to them.
You should realize that in this case almost nothing can help. No matter how much PWM encrypts stuff, hide files and keys, etc. a keylogger can be written to do exactly the same things. Nothing that is based on software can increase security against a keylogger, not on a windows machine, only hardware (like a key card with a private key) could.

If you need more security, be different from the mainstream! Use some extra measures that nobody else uses, and best if you came up with it yourself. If you know programming, change the source code a little, and make your own PWM version.

I am much aware of the shortcomings of PWM, and I'm glad you are too. I also agree that user should be aware of everything that could happen to compromise PWM, but I'm positive that for most users the risk they are taking with PWM is far lower than during the time before they started using PWM. Also due to the fact that PWM is not yet popular enough to be attacked by custom keyloggers.

In my opinion, if we want to take PWM to the next level, especially if we want to publish an IE extension/edition (most internet users still use IE, after all), we should gather all these thoughts, and have a transparent security policy.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Specify Drive/Path of rdf file
« Reply #10 on: July 27, 2006, 06:18:35 PM »
What is a transparent security policy? You mean something published in writing about the risks?

What is a transparent security policy? You mean something published in writing about the risks?

Offline thibros

  • Full Member
  • ***
  • Posts: 107
Specify Drive/Path of rdf file
« Reply #11 on: July 27, 2006, 06:42:09 PM »
Quote from: Eric H. Jung
What is a transparent security policy? You mean something published in writing about the risks?
Sort of. With transparent I mean easily to comprehend. It could have something like "best practices" too, as for how to use PWM and what to avoid. Of course higher security means more effort and less comfort, so the policy even could have a few levels of security, and how to achieve them.

And I think this shouldn't be something to write afterwards like a manual, it's better to keep it in mind already while writing the code. I might come up with something as soon as I find the time to write it down, but if anyone else has ideas, I'm always open for suggestions.

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
Specify Drive/Path of rdf file
« Reply #12 on: July 31, 2006, 12:06:15 PM »
Ok, added '/filename' to the existing 'Specify drive/path...' request...

Added 'Specify keyfiles for RDF file encryption' FR, with one vote from randomthot...

randomthot, you have 3 more votes...

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Specify Drive/Path of rdf file
« Reply #13 on: July 31, 2006, 02:05:18 PM »
Thibros, if you want to write a security policy for the website, go ahead and we'll post it.

Offline craig

  • Normal Members
  • *
  • Posts: 4
Specify Drive/Path of rdf file
« Reply #14 on: July 31, 2006, 05:34:03 PM »
Quote from: Eric H. Jung
A keylogger is defeated if you use auto-populate.

If a keylogger gets your master password and you are using auto-everything, then the hacker already has everything they need except your browser history which is all too easy to get.

Quote
By the way, you can encrypt passwordmaker.rdf right now with 3rd-party tools like TrueCrypt.

Can you explain exactly how to configure TrueCrypt to do this as I looked into it and it seems that TrueCrypt creates encrypted volumes which are then mounted like normal hard drives.  How can I use it to just encrypt the passwordmaker.rdf until the user is allowed to specify where that file is located?

Quote
The ability to configure the location of the settings files is coming soon.

I appreciate the ability to configure the location of the settings file and allowing the user to name it anything they wish would be even better.  This would defeat default searches using desktop search engines.

Craig

PasswordMaker Forums

Specify Drive/Path of rdf file
« Reply #14 on: July 31, 2006, 05:34:03 PM »