Contrary to what password managers say, a server compromise can mean game over.

tehstu@hachyderm.io

@dangoodin Interesting article. Always good to know the trade-offs of cloud vaults vs local, etc.

As a Bitwarden user, are there any mitigating actions one might take? Or is this more of a "know your threat model" sort of thing?

chris@nutmeg.social

@dangoodin and it really is game over if your password manager is also doing 2FA codes and passkeys. I love the convenience, but I feel like I'm totally defeating the security of both by having my password manager handle everything.

Maybe selectively using external 2FA methods for high-risk logins is better tradeoff.

leeloo@chaosfem.tw

@dangoodin
You mean cloud password managers?

Using a desktop password manager, I don't see how any server would see my password except through some spyware.

sc00bz@infosec.exchange

@dangoodin Three things the paper got wrong:

* Bitwarden has a minimum of 5000 iterations (https://github.com/bitwarden/clients/blame/e262441999e4e243f903c8a781fcefc7906fa60c/libs/key-management/src/models/kdf-config.ts#L18).

* 1Password's "KDF Parameter Downgrade" attack doesn't exist because they use a PAKE (SRP6a).

* The mitigations for "KDF Parameter Downgrade" attacks is to give anyone trying to log in a password hash of the user's password. "Further, authenticating security-critical user settings like PBKDF parameters (such as the iteration count) would mitigate the KDF attacks (BW07, LP04). The client can use the server-provided KDF parameters to derive the authentication key, use it to verify the integrity of the parameters themselves, and – in case of a mismatch – abort before any further communication with the server." (page 17) An attacker can guess the password and check the MAC to see if it generated the correct key.

Also this is all I really looked at because I was wondering if they found the downgrade attacks I've been complaining about for ~15 years.

dangoodin@infosec.exchange

@tehstu

Well, first it's entirely possible that your threat model doesn't really require a nation-state group hacking a Bitwarden server. Beyond that, turn off the key escrow and other features mentioned in the article and you're likely fine.

causeofbsod@wetdry.world

@dangoodin i mean if the server can deliver code (say, to a web-based version) then its simple to push some code that sends the actual encryption keys back

gullevek@famichiki.jp

@xlrobot @dangoodin Hahahaha. Poor ars fucked themselves over hard. Nobody will trust anything thy write anymore

lupus_blackfur@mastodon.world

@dangoodin
@briankrebs

FFS...

Have we not known this since...
Oh, I don't know...

Maybe since the cloud FUCKING has existed...???

tartley@fosstodon.org

@dangoodin One of the reasons why ppl should simply use a non-cloud password manager like Keepassxc. Sync the encrypted file where you need it using something like syncthing. Own your data! And especially such a crucial thing as all your passwords. Why why why would you ever entrust that to someone else?

iveyline@mastodon.nz

@dangoodin I keep all my passwords on two separate external drive which are disconnected from my laptop ehen I don't need them

slyborg@vmst.io

The only way to win is not to play - and 1Password removed the ability to have local vaults in order to increase shareholder value. I cringe every time I see that page of theirs that proudly claims that “1Password has never been breached” because the headline revealing a massive 1Password breach is simply inevitable. (3/3)

slyborg@vmst.io

So… “your data is safe even if the server is breached” and also “nothing can prevent data compromise if an attacker controls the server”. Subtle difference, I guess - maybe your vault is uncrackable if the data leaks/is stolen, but the actual worst case threat model is where an attacker has backdoored your infrastructure. (2/3)

slyborg@vmst.io

@dangoodin https://1passwordstatic.com/files/security/1password-white-paper.pdf

"At present there’s no practical method for a user to verify the public key they’re encrypting data to belongs to their intended recipient. As a consequence it would be possible for a malicious or compromised 1Password server to provide dishonest public keys to the user, and run a successful attack. Under such an attack, it would be possible for the 1Password server to acquire vault encryption keys with little ability for users to detect or prevent it.” (1/3)

x41h@infosec.exchange

@Iveyline @dangoodin only useful if you trust the 3P is actually encrypting your password on their server.

angelascholder@mastodon.energy

@dangoodin Yeah, great!
Still happy to be using KeePass with the database on our own NAS with a copy in an online recoverable place for a big disaster where we would lose all our electronic devices.

The desktops connect direct to the database file on the NAS. It's synchronised to our netbooks and laptop, and on the mobiles the file is synchronised via WebDAV. So, we have access on all our devices, and it's all under our own control.

angelascholder@mastodon.energy

@tartley @dangoodin I don't really like KeePassXC, but didn't manage to get KeePass back on my Ubuntu machine.

cafeinux@infosec.exchange

@gullevek
Care to elaborate? I suppose Ars published some bad AI slop but I didn't get to witness the drama, so I don't know the details nor the extend of it.
@xlrobot @dangoodin

gullevek@famichiki.jp

@cafeinux @xlrobot @dangoodin https://sfba.social/@jeridansky/116089180436195865

Basically Ars published an article where most of the quotes where made up by AI and the article was about the Mathplot guy who “upset” an LLM agent that then wrote a hate post about beeing rejected from a pull request. The whole thing is just surreal. I lost all hope into the future

rrustema@mastodon.social

@notyourfanboy @dangoodin That version is not supported anymore, is it? I was forced to use their cloud when upgrading from version 7 to 8.

rrustema@mastodon.social

@notyourfanboy @dangoodin I am sorry, I assumed 1Password. Will check out Password Safe!