Contrary to what password managers say, a server compromise can mean game over.
-
@dangoodin Interesting article. Always good to know the trade-offs of cloud vaults vs local, etc.
As a Bitwarden user, are there any mitigating actions one might take? Or is this more of a "know your threat model" sort of thing?
Well, first it's entirely possible that your threat model doesn't really require a nation-state group hacking a Bitwarden server. Beyond that, turn off the key escrow and other features mentioned in the article and you're likely fine.
-
Contrary to what password managers say, a server compromise can mean game over.
Password managers' promise that they can't see your vaults isn't always true
Contrary to what password managers say, a server compromise can mean game over.
Ars Technica (arstechnica.com)
@dangoodin i mean if the server can deliver code (say, to a web-based version) then its simple to push some code that sends the actual encryption keys back
-
@dangoodin cool cool just remember that contrary to what Ars says, their articles aren't written by people
@xlrobot @dangoodin Hahahaha. Poor ars fucked themselves over hard. Nobody will trust anything thy write anymore
-
Contrary to what password managers say, a server compromise can mean game over.
Password managers' promise that they can't see your vaults isn't always true
Contrary to what password managers say, a server compromise can mean game over.
Ars Technica (arstechnica.com)
FFS...
Have we not known this since...
Oh, I don't know...Maybe since the cloud FUCKING has existed...???
-
Contrary to what password managers say, a server compromise can mean game over.
Password managers' promise that they can't see your vaults isn't always true
Contrary to what password managers say, a server compromise can mean game over.
Ars Technica (arstechnica.com)
@dangoodin One of the reasons why ppl should simply use a non-cloud password manager like Keepassxc. Sync the encrypted file where you need it using something like syncthing. Own your data! And especially such a crucial thing as all your passwords. Why why why would you ever entrust that to someone else?
-
Contrary to what password managers say, a server compromise can mean game over.
Password managers' promise that they can't see your vaults isn't always true
Contrary to what password managers say, a server compromise can mean game over.
Ars Technica (arstechnica.com)
@dangoodin I keep all my passwords on two separate external drive which are disconnected from my laptop ehen I don't need them
-
So… “your data is safe even if the server is breached” and also “nothing can prevent data compromise if an attacker controls the server”. Subtle difference, I guess - maybe your vault is uncrackable if the data leaks/is stolen, but the actual worst case threat model is where an attacker has backdoored your infrastructure. (2/3)
The only way to win is not to play - and 1Password removed the ability to have local vaults in order to increase shareholder value. I cringe every time I see that page of theirs that proudly claims that “1Password has never been breached” because the headline revealing a massive 1Password breach is simply inevitable. (3/3)
-
@dangoodin https://1passwordstatic.com/files/security/1password-white-paper.pdf
"At present there’s no practical method for a user to verify the public key they’re encrypting data to belongs to their intended recipient. As a consequence it would be possible for a malicious or compromised 1Password server to provide dishonest public keys to the user, and run a successful attack. Under such an attack, it would be possible for the 1Password server to acquire vault encryption keys with little ability for users to detect or prevent it.” (1/3)
So… “your data is safe even if the server is breached” and also “nothing can prevent data compromise if an attacker controls the server”. Subtle difference, I guess - maybe your vault is uncrackable if the data leaks/is stolen, but the actual worst case threat model is where an attacker has backdoored your infrastructure. (2/3)
-
Contrary to what password managers say, a server compromise can mean game over.
Password managers' promise that they can't see your vaults isn't always true
Contrary to what password managers say, a server compromise can mean game over.
Ars Technica (arstechnica.com)
@dangoodin https://1passwordstatic.com/files/security/1password-white-paper.pdf
"At present there’s no practical method for a user to verify the public key they’re encrypting data to belongs to their intended recipient. As a consequence it would be possible for a malicious or compromised 1Password server to provide dishonest public keys to the user, and run a successful attack. Under such an attack, it would be possible for the 1Password server to acquire vault encryption keys with little ability for users to detect or prevent it.” (1/3)
-
@dangoodin I keep all my passwords on two separate external drive which are disconnected from my laptop ehen I don't need them
@Iveyline @dangoodin only useful if you trust the 3P is actually encrypting your password on their server.
-
Contrary to what password managers say, a server compromise can mean game over.
Password managers' promise that they can't see your vaults isn't always true
Contrary to what password managers say, a server compromise can mean game over.
Ars Technica (arstechnica.com)
@dangoodin Yeah, great!
Still happy to be using KeePass with the database on our own NAS with a copy in an online recoverable place for a big disaster where we would lose all our electronic devices.The desktops connect direct to the database file on the NAS. It's synchronised to our netbooks and laptop, and on the mobiles the file is synchronised via WebDAV. So, we have access on all our devices, and it's all under our own control.
-
@dangoodin One of the reasons why ppl should simply use a non-cloud password manager like Keepassxc. Sync the encrypted file where you need it using something like syncthing. Own your data! And especially such a crucial thing as all your passwords. Why why why would you ever entrust that to someone else?
@tartley @dangoodin I don't really like KeePassXC, but didn't manage to get KeePass back on my Ubuntu machine.
-
@xlrobot @dangoodin Hahahaha. Poor ars fucked themselves over hard. Nobody will trust anything thy write anymore
@gullevek
Care to elaborate? I suppose Ars published some bad AI slop but I didn't get to witness the drama, so I don't know the details nor the extend of it.
@xlrobot @dangoodin -
@gullevek
Care to elaborate? I suppose Ars published some bad AI slop but I didn't get to witness the drama, so I don't know the details nor the extend of it.
@xlrobot @dangoodin@cafeinux @xlrobot @dangoodin https://sfba.social/@jeridansky/116089180436195865
Basically Ars published an article where most of the quotes where made up by AI and the article was about the Mathplot guy who “upset” an LLM agent that then wrote a hate post about beeing rejected from a pull request. The whole thing is just surreal. I lost all hope into the future
-
@notyourfanboy @dangoodin That version is not supported anymore, is it? I was forced to use their cloud when upgrading from version 7 to 8.
-
@notyourfanboy @dangoodin I am sorry, I assumed 1Password. Will check out Password Safe!
-
Well, first it's entirely possible that your threat model doesn't really require a nation-state group hacking a Bitwarden server. Beyond that, turn off the key escrow and other features mentioned in the article and you're likely fine.
Likely fine for now, until the next server-hosted "not really zero knowledge" problem is discovered. Very likely, it already has been discovered... So you're down to hoping the discoverer isn't hunting you and your secrets in particular.
-
Contrary to what password managers say, a server compromise can mean game over.
Password managers' promise that they can't see your vaults isn't always true
Contrary to what password managers say, a server compromise can mean game over.
Ars Technica (arstechnica.com)
@dangoodin @briankrebs How many cybersecurity terms have lost their original strong meaning over time? Two-factor authentication, one time pad, military grade encryption, and now zero knowledge. That’s off the top of my head. There must be other obvious ones I’ve missed.
