I'll use this as an opportunity to give a shout out for my new favorite password manager: pass [0]
It uses gpg to encrypt passwords that are then stored locally, but can be synced using Dropbox, rsync, unison, etc. It is a command line program, so it doesn't have things like browser integration, but on a mac, a little Automator magic alleviates most of that pain. Besides, after trying 1password, lastpass, and a few others, the browser integration was usually a source of frustration instead of convenience.
For my setup, I have a keyboard combo mapped to an Automator action that gets the current URL from Safari, passes it to a shell script that strips out the hostname, then uses pass to copy the password to the clipboard for 45 seconds. Then, I use another script to have a notification pop up with my username in case I've forgotten it. So I press "cmd+\", then a second later I have my password in the clipboard and my username showing on a temporary desktop notification.
I'm also using pass to store bank credentials, software keys, and other things. I also have it set up to use a different gpg key to keep a journal. It has turned out to be a very versatile and reliable piece of software.
1) one of the reasons I use a password store is to share passwords with my wife. I can't imagine her using this
2) iPhone? Android?
3) 1password's integration with the browser is very helpful: since I've been using a linux box as my day-to-day machine (where 1password doesn't have a native version), I've been using it significantly less, because it adds friction. On Mac OS, I would just auto-gen a horrific 12-16 character random password for any website, and have it automatically saved to my 1password.
As you might guess, I have high hopes for Mitro, especially if they (well, I guess it's now we) can create a compelling don't-use-their-host story (either hosted, or file-based (eg. dropbox)) and pass at least a cursory security smoke test. :-)
I'd love to find a way to securely share passwords with mobile devices. But from what I understand, there's no very secure way to do it on Android. If you store a private key on the device then other applications may have access to it. And with iOS, each app is its own silo, so I'm not sure how you'd get password autocomplete working. An ideal solution would allow selective sharing because there are some secrets you wouldn't want stored on your mobile device.
Applications are separated by Linux permissions on android. Attempting to read or write to other application directories simply won't work. Your fear is not correct for the average case user
It depends on how you do it. If you use the local app storage, it's protected via the OS. Only the App itself can read/write from it.
If you use "USB Storage" then the data is stored on the sd card or equivalent. Any other app with the USB Storage permission can read or write to that directory and it's very much not secured.
As for interfacing with other apps to "autocomplete" your password, there are permissions and ways to do that too, although I can't speak for them since I've never done it.
You're absolutely right -- my setup comes with a lot of limitations. They are ones that I'm happy living with, but when family and friends ask for advice on passwords I point them to 1Password. Hopefully Mitro will become my new recommendation!
That is limitations I could live with, I'm interested to give it a go. Could you post the scripts on pastie/github by any chance to spare me some dev time? or my mail is in my profile
I'll use this as an opportunity to give a shout out for my own unix password manager that I started writing because I did not like some design choices of pass: pw [1].
From the homepage:
> pw is an alternative to pass, keepassx and other similar programs.
> The main points of pw are:
> * The passwords are stored using a simple line-based text format.
> * Passwords can be protected using public-key encryption or symmetric encryption. Or both.
> * No information about the accounts is stored in clear-text.
> * All the work is done using only GPG and Unix tools.
> * The output is easy to use in pipeline with other tools.
> * Follows the XDG Base Directory specification: no clutter in your home directory.
That looks neat -- I've been using a somewhat similar little home-baked thing of my own (simple shell script wrapping gpg), largely because I wanted a simple command-line password manager and this 'pass' thing I've been seeing linked in various places strikes me as (a) pretty poorly designed and (b) quite over-sold -- e.g. its author declaring it "standard" when it's clearly nothing of the sort is rather off-putting. There've been patches posted on the xmonad development mailing list recently adding support for it, but I'm really hoping they don't get integrated because I don't view encouraging increased use of it as a good thing.
AES-256 is not the most secure variant of AES any longer, as it appears that variant with key extension improves certain types of attacks. One of those, called a related key attack, requires only 2^119 time against AES-256, and 2^172 time against AES-192. (Time against AES-128 is approximately 2^128, I'd wager about 2^126-127).
This is a very particular kind of attack, however, and it doesn't necessarily mean other weaknesses will be exposed. Cryptographers, though, are a conservative sort by nature, and many feel more comfortable sticking with AES-128, which was part of the original Rijndael specification and what was designed most rigorously. AES-128 also seems to have had the fewest weaknesses developed against it. The fact that any attack succeeded in reducing AES-256 to below AES-128's security can give crypto folks pause.
I think realistically they are all very safe and AES-128 is unlikely to be broken by anything within the next decade. After that? I wouldn't wager.
I liked the idea of a free and open-source password manager. It seems that Mitro has been around for nearly a year.[1].
It does not seem anywhere near as mature as Lastpass though. There are no additional features such as a credit card or notes store. Also, it seems buggy since I was only able to login once through the Chrome extension.
I'm a 1password user, but I'll definitely be checking this out. Having recently switched to Windows, I'm liking it a lot less. To put it charitably, their Windows version is not quite as nice as the Mac and iOS releases.
It's a sunk cost at this point, but owning 1password on 3 platforms is expensive. $70 for my laptop and desktop, and another $18 for my phone. But I bought into it because the Mac version is great and I was primarily a Mac user at the time. Oh well.
If you stay within the Apple ecosystem, 1Password is great. If you stray outside of that bubble, not so great. Their Android app sucks (quit putting an icon in my system bar every time I open the app, for starters), and the Windows version isn't so hot, either.
Yeah, it's pricey, but in the end I think it's worth the aggravation and time it saves me.
That's the annoying part. I'm not privy to the internal workings, but I just need the app to fire up and stick something on the clipboard. After that, let the OS kill you off because I'll fire you back up again ad hoc.
The notification says it's synchronizing with my chosen cloud provider, maybe it doesn't want to get inadvertently killed during that process. Okay, fair enough. But can't the notification be removed after it's done? (An honest, if rhetorical question; don't know enough about Android to say for sure.) I have enough special snowflake apps sticking their crap in the notification bar, one less would be nice.
You are not alone in requesting less clutter in the notification drawer. This is a popular request that we have received from a number of our customers.
We pride ourselves in considering all feedback from our customers and I'm happy to say that we've made improvements in this area. In our upcoming 4.1 update, successful sync notifications will be automatically cleared from the notification drawer.
Yeah, I get the feeling they don't care about their Windows users at all. I just try to ignore the Windows desktop app because at least the Chrome extension is fine in Windows.
> There's a v4 beta for Windows, which is very similar to the Mac version. Better than the stable v3.
Agreed. The v4 Windows client is much, much better than the old v3 - and finally allows you to use the same Chrome extension. I previously had to run two versions of the extension (and all the frustration that brings) if I wanted to use 1Password on my Windows installs.
I tried dashlane when it first came out. Pegged my CPU and uninstalled it immediately. I assume it's improved since then, but that was a major turn-off.
Honestly, it's going great. I've been a Mac user pretty much forever (the first home computer I used was running System 7), but now I'm on a Surface Pro 3 with Windows 8. It's a fantastic computer. The last thing that made me think "Oh shit I'm living in the future" this much was my first iPod Touch.
I'd been dual-booting OS X / Windows on my desktop already because Apple's GPU drivers are garbage, so it wasn't a huge step. Dropping OS X completely was mostly based on being a game dev hobbyist who's doing a lot of 3D work and digital painting. OS X had turned into a web browsing and email platform for me, and I can do that just as well elsewhere.
The experience with 1password is far from unusual though; Windows doesn't have a lot of developers making software of any quality. For every Mac program I try to find a substitute for, Windows has 30 different options that are all equally bad (looking at you, IRC clients that aren't Colloquy). So if you rely on a lot of little 3rd party software, it's not a good ecosystem. But if all you need is Firefox, blender, Unreal Engine, and Substance Designer, it's not a problem.
And that's not even mentioning the price of a Mac with an upgradable GPU. I could do yearly GPU upgrades on my desktop and still be cheaper than a baseline Mac Pro.
This looks really great, sadly this is the type of product where being an early adopter makes me nervous, but after a few minutes of playing with it I'm impressed with the UI.
I love the functionality of LastPass, I really do, but man their UI is terrible. I trust them from a security front though and in the end that is what matters most to me.
If Mitro builds up that same rep then I'll switch over, but until then waiting it out. (sorry!)
The UI is indeed awesome. I'd love to see a little more development on the features (doesn't support wildcard domains, for example). But it's definitely a great starting point to work on.
Aw, your comment about the UI made my day. Wildcard domains didn't come up at all as a use case—interesting you bring it up. Since it's open source now, I'll upload the rest of the UI design that hasn't been implemented yet which supports a few other features. Anything else you'd like to see?
I'm with you on that - I'm an early adopter for many, many things, but security software is not one of them. I'm happy to play with it a little, but I'm not certainly going to migrate my passwords until it's show to be relatively reliable (and long-lived)!
Since the company has been acquired what are the plans for the service? http://labs.mitro.co/ says that "The service will continue to operate as-is for the foreseeable future." but there is a lot of ambiguity in 'forseeable.'
While I really appreciate the value of having the client and server code open sourced I don't want to run my own server nor do I want to sign up for a service that, with the changes that will likely happen after the acquisition, could disappear without a lot of warning.
"Mitro has committed to funding continued operations of its servers until at least the end of 2014. If their code proves to be secure and popular with the community, we will be advising them on how to create a sustainable home for that infrastructure.". Erh. Yes, so I'll be staying on KeePass, strategically "cloud" backupped in encrypted form to my email address (also, yes, this does not solve Android integration..etc. so suggestions are welcome!)
I recently started using KeePass2Android [1] instead of KeePassDroid. It has some features I really like, like cloudstorage integration with Google Drive, Dropbox and more.
I really, really love KeePass2AndroidOffline. The app itself needs no permissions except the ability to read a file from the phone's local storage. Using OwnCloud's app and the "keep a file up to date" feature, I have my KeePass file synced to my various computers and my phone. Plus, KP2A has the "type this password for me" keyboard instead of relying on copy/paste. I didn't realize until I read the docs for another project, the clipboard is an API that can be hooked by other apps to see what's on the clipboard. It makes obvious sense but I never thought about it.
The best thing would be if they would release the server software. That way you could run the software yourself and be totally independent. If that happens, I'm totally on board. Now I'm still on the fence between this and LastPass
There's no method to reset Mitro, so if you're like me and Mitro ran into an error partway through importing your KeePass database, you won't be able to reset Mitro and try importing with a different method.
Do I seriously have to click manage->delete secret thousands of times just to reset Mitro?
Not really, nobody is forcing you to delete everything manually. You can always implement the feature yourself!
(Sorry, didn't meant to be that guy, but seriously don't know why people expect a clearly new piece of open source software to do everything they want.)
Currently, this is the best option. Though I recommend KeePass proper as opposed to X since KeePassX's last stable release was over 4 years ago and they've only pushed out alpha builds since then.
Unfortunately, if you want to run on Linux, KeePassX is the best choice. KeePass "proper" does work on Linux under Mono, but the UI is pretty buggy (textfields don't render the cursor in the right place, and the UI just looks awful in general). I really do wish there was a better native Linux client - some new features would be nice.
There are several good reasons to use KeePassX over Keepass, even with the current status of Alpha 6 in the KeePassX 2 series.
* KeePassX has a consistent UI across Windows, OS X, Linux
* It's a small, portable binary. I've had good luck running the Windows and Linux binaries off of USD drives.
* Alpha 5 and Alpha 6 have been really stable. I started using Alpha 5 and haven't had a need to look back.
I've been recommending KeePassX as the go-to password manager for Windows, OS X, and Linux over Keepass.
I use Keepass2 exclusively now(started using it this past year due to needing windows and cloud sync support) and have had no major issues across linux and windows. I guess YMMV, but it's been a great success for me.
I refer you to the techdirt article linked above. If you upload a KeePass file to dropbox now, you may be vulnerable to a way of cracking keepass files available at some future date.
Yup; but I'd say you're letting the perfect be the enemy of the pretty damned good.
KeePass' encryption is quite solid -- if it starts to show some cracks in the face of quantum computers or whatnot somewhere in the future, I can always upgrade and change my passwords so the old database isn't valuable any more.
That'd be a PITA, but I don't expect this to happen -- nor for the govt to come up with a huge vulnerability that no one else sees -- so that's the kind of bet I'm comfortable taking.
Is there a "secure" way to get a KeePass file onto an iPhone if Dropbox isn't safe?
I don't need realtime sync, I'm happy to manually copy it across when I make changes, just curious what the proper way to do it is, if not via Dropbox.
I'm in the same boat (KeePassX and Dropbox), but I have been thinking about a peer-to-peer sync option. I don't need it to sync on WAN, just LAN sync is probably good enough for me. If it syncs between my couple of laptops and my phone, that's good enough for me. I have to see if BitTorrent Sync helps me do this.
That is absolutely the intention. Currently the docs are lacking, but we will try to add directions about running your own server in the next few days.
I'm no crypto or security expert, but this worries me:
"For security, the online password databases are encrypted with client-side keys derived from your master password"
What is going on here? Does it hash my master password, generating a new pass? If so, this seems like it would only increase the number of bits in the possible keyspace but not increase the number of possible keys, while actually lowering security (since hash collisions can occur).
This worries me because non-standard crypto applications tend to actually introduce holes and vulnerabilities. What other vulnerabilities lie hidden here?
I'm no expert but I see no harm here. In order to use symmetric encryption, you need a certain key size (e.g. 128-bit key for AES-128). How do you transform a password of, say, 15 characters to 128 bits? You guessed it, with a hash (well a key derivation function to slow down brute force). What they do is I think standard practice.
> but not increase the number of possible keys
So yes, if your password is weak, then it won't make it strong.
> while actually lowering security (since hash collisions can occur)
But I think you're wrong here. On a human password of 30 bits of entropy, there is very little chance of collision. If one collision was to happen, you'd still have a key space of (30^2) - 1, which is very much the same number.
Thanks for the clarification (and thanks to throwaway above as well), seems this is standard. Is there a salt in this implementation? Is it bruteforced the first time I open the database on a new device?
Hi. Looks very nice but why would I switch from LastPass? They don't know my passwords too. They also have multi-factor authentication. They also have add-ins for all browsers and mobile too.
Because it's open source, so it will be easier to audit, and probably because of the UI (Lastpass UI got a lot better in the latest releases, but still sucks).
I don't know much about Mitro but most Password software don't store your passwords as plaintext on your computer. They also don't make it easy to generate random password under certain criteria.
Personally, I'd trust Mozilla with at most my bookmarks/settings/tabs. Keep your security safer with people dedicated to just it. Doubt that's an endorsement for Mitro, though. At least for now.
The blog post says Mitro is "joining" and "transitioning" to Twitter, but doesn't say that Twitter acquired them. How does that work for Mitro's investors?
Why would Mitro join Twitter’s location team to work on "geo-related projects" instead of identity and authentication projects like "Sign in with Twitter"?
Looking around, this has a long way to go before it is able to compete feature wise with current commercial managers.
Also, it's going to take a long time, security-wise, to get up to par with the current commercials as well. It sounds like I'm being harsh but there are a lot of possible issues to consider. An HSTS header would be a nice start......
A warning: this still seems very buggy, it seems to not have an easy easy way to delete an account, and even deleting individual entries is not totally reliable (deleted entries seem to stay in the list).
So unless you want to spend a lot of time repeatedly trying to delete duplicates (created by failed imports) and/or every single entry, stay away, for now.
Cost is zero, available on all platforms that you care about, and it's a stable format. What more do you want?
Cleartext cloud storage is a no-no. Browser integration from my POV is really dangerous as well... trying to keep secrets using the most widely attacked platform out there sounds like an exercise in futility.
As computer people we should move away from teaching people that a strong password is one that is made up of random numbers, letters, symbols, and is hard to remember. Instead, let's teach them to create much longer passwords that are nonsensical sentences.
> let's teach them to create much longer passwords that are nonsensical sentences.
Doesn't matter; nobody is going to remember fifty different ones. I have more website logins that that. Password reuse is going to happen and it is bad.
The only secure way is for each password to be made up of a unique long, generated string of "random numbers, letters, symbols" for maximum entropy and stored in a password manager. The user just has to remember the password manager's master password (and maybe a desktop PC login). Now these remaining memorised passwords can be long nonsensical sentences if need be.
I did a really poor job of explaining myself. Really poor.
I meant the master password. Mitro's password strength meter uses guidelines which are becoming (are?) old. So let's just move away from that altogether (for passwords that people should remember) and doing something that makes it easy to use lots of characters.
FNB South Africa is a bank that has horribly complex rules for passwords - no repeated letters, no sequential letters, in addition to the normal password strength requirements.
Given the complexity, many people I know just save their passwords in plain-text.
It would be cool if they developed this using something like RemoteStorage so you don't have to tie yourself to their server backend, which they say they're only committed to keeping around until the end of the year.
I imported my LastPass vault into Mitro, but can't get it to auto-fill pages I have stored data for. I have to search for the page and then click "sign in"..
Am I wrong in expecting it to work exactly like Lastpass did?
Secrets are stored on Mitro's servers. Presumably -- hopefully -- the passwords themselves are encrypted. Edit: Ah, yes:
Mitro is distinctive amongst free/open source password managers
in that it's architected around cloud storage. For security,
the online password databases are encrypted with client-side
keys derived from your master password. For availability, they
are mirrored across three cloud storage providers. With this
design ... passwords can be synchronized across all of your
computers and devices with minimal effort.
So presumably they sent the email only after I sent them the first "blob of gibberish" telling them I added _at least_ one entry to my password database.
Presumably they don't know if and when or how may entries I have. In this case they only noticed the first time I sent in my encrypted database.
Does the Firefox add-on not work, or is it just me? (It seems like it's trying to load the full-size desktop page in the little drop-down window. Firefox 31 on Win7.)
iOS and Android apps are available on the respective app stores now. Note that the Android app might be vulnerable to clipboard hijacking, as described in http://fc13.ifca.ai/proc/4-2.pdf
I'm sure a lot do, but when we tried to set it up this past Wednesday, we couldn't get it to actually share credentials. Perhaps we were using it wrong, but if we couldn't get it to just work in an hour, there's a fundamental problem with the product.
We were unable to get LastPass to actually share passwords at all. Created a shared folder with some passwords, checked to see if a coworker could see it, and sometimes they could see it, but most of the times the folder wouldn't show up at all. Spent at least an hour just debugging why this was happening, but we kept getting totally inconsistent results.
I say this as a mostly satisfied LastPass (Personal) user.
Ah, right -- we've got some odd behavior there as well; newly-shared folders not showing up in particular.
I suspect there are bugs in how the (locally-cached) LastPass vault stays up to date, possibly coupled with a delay on the server side for updates to be propagated to all vaults.
Just from my experience working with encryption... I'll bet the sharing process is fiddly, and they have some unresolved flow problems. E.g., imagine a new folder share offer is encrypted and queued for the recipient's vault, and can't be merged in until the recipient next signs in... but depending on their browser plugin settings, they may only sign in once every few weeks. So the plugin pings for queued updates and can send up auth keys... but already we're getting into enough complexity that bugs would be likely.
(I don't actually know how their folder sharing functions, but deploying encryption where the server only occasionally has the keys can quickly make simple requirements turn into Rube Goldburg contraptions...).
In our case, the shared folders eventually showed up for everyone (we specifically tried signing out of LastPass and restarting browsers... though I don't think we quite nailed down an "always works" solution), and once the basic shared folders were set up, it was smoother sailing.
Presumably the code is released first, then the documentation is created. It sounds like the product wasn't initially developed with the idea that it would be released to others. That doesn't make it worthless. If Twitter spent the time + money to acquire them and open-source their product, I would assume that they have a vested interest in doing more than just dumping the code on Github and ignoring it.
"Good security practices require us to use different passwords for most or all of the websites .... remembering all of your passwords requires an inhuman display of memory."
It actually is possible to create unique passwords for every website and remember them without inhuman displays of memory. To do so, there are two basic things you need to remember:
1) A unique base password
2) A simple hashing function
The input to the hashing function can be the company's name or website address (an overly simplified example - your hashing function could be the first two characters of the website's domain name). A unique password for any website could then be:
password = hash_function(domain) + base_password
A very simple way to create unique passwords for every website, inhuman memorization skills not required.
I used this form for a while but realized that if someone is doing a targeted attack specifically on you and happens to find a single compromised password of yours, all the others are only a few guesses away. It's better than re-using passwords, but still worse than using truly unique ones.
that's a very very different scenario. your password manager's password is not sent over the wire, and you know it to have very secure hashing. it is stored only on your hardware
not so with external websites — if you use the proposed strategy on two websites with poor security (something which is completely opaque to you), your passwords are compromised.
It uses gpg to encrypt passwords that are then stored locally, but can be synced using Dropbox, rsync, unison, etc. It is a command line program, so it doesn't have things like browser integration, but on a mac, a little Automator magic alleviates most of that pain. Besides, after trying 1password, lastpass, and a few others, the browser integration was usually a source of frustration instead of convenience.
For my setup, I have a keyboard combo mapped to an Automator action that gets the current URL from Safari, passes it to a shell script that strips out the hostname, then uses pass to copy the password to the clipboard for 45 seconds. Then, I use another script to have a notification pop up with my username in case I've forgotten it. So I press "cmd+\", then a second later I have my password in the clipboard and my username showing on a temporary desktop notification.
I'm also using pass to store bank credentials, software keys, and other things. I also have it set up to use a different gpg key to keep a journal. It has turned out to be a very versatile and reliable piece of software.
[0] http://www.passwordstore.org