This is mentioned briefly in the thread about encrypting the rdf file.
The usage scenario I envision is the following...
The rdf file could be stored on a usb key or floppy (does anyone use those anymore?). You log on to your computer, insert the key, fire up TrueCrypt, supply that password. Then your file is available when you start up Firefox. This is high security; to get access to your files an attacker would need to:
1. Gain physical access to your computer.
2. Hack your logon password.
3. Have physical access to your key.
4. Hack the Truecrypt password.
5. Hack your master password.
This product seems like a good thing, but I'm still a bit concerned about it's security as currently implemented. You outline a method to get around some of it's shortcomings, but I would take them a step further.
PWM should probably do the following:1) Allow you to select the config file from anywhere on your computer each time PWM starts up (the config file can have any name; not the obvious passwordmaker.rdf which can be searched for using any search tool), but it will prevent Windows and itself from remembering this location (similar to what TrueCrypt does with it's volumes and Windows MRU lists). This prevents checking the default location for your passwordmaker.rdf file or a search for it.
2) The file should be encrypted with your master password and one or more key files (again similar to TrueCrypt). It should not track the key file locations and it should prevent windows from putting the file in the most recently used file lists.
3) PWM should then read the config file into memory only. This will prevent anyone or another process from copying the decrypted config file.
Until all of this is done it is vulnerable to keyloggers and here's why:1) If a keylogger gets installed on your system then a copy program would be 10 times easier to install along with it as it only requires normal user privs to copy files, especially ones you created (i.e. the passwordmaker.rdf file)
2) You log in, the keylogger records your master password as you use PWM.
3) The copy program then copies your passwordmaker.rdf file.
4) Pass off the master password and the config file to the hacker
5) The hacker simply configures PWM the same as you per the config file they stole and use your master password to get all your account passwords. They even know all the URL's as that's in the config file too.
Even the TrueCrypt solution posted by randomthot won't work as once he mounts the TrueCrypt volume any process will then be able to also read the files in that volume. It's just another drive; right?
This FAQ seems a bit misleading too as all anyone really needs are the master password and your passwordmaker.rdf file; not the 10 other variables as its all in plain view in the rdf file.If someone gets my master password, can't he determine all of my generated passwords?
No. There are ten other variables he would need for each account. They are:
* URL
* character set
* which of nine hash algorithms was used
* date counter (if any)
* username (if any)
* password length
* password prefix (if any)
* password suffix (if any)
* which of nine l33t-speak levels was used
* when l33t-speak was applied (if at all)
Probably the most interesting of these is character set because it gives you the flexibility to determine precisely which characters can and can't be included in generated passwords.
Unless I'm misunderstanding things here this seems a little too risky for me yet. Please let me know of any workarounds to this, but if PWM can make these changes it will be a great and complete password manager.
Craig