On 6/9/12, Scott Howard <scott@doc.net.au> wrote: [snip]
Security is all about trade-offs. In this case it's the trade-off between storing an excrypted password database on a 3rd party server, v's re-using passwords and having (potentially) weaker passwords as a result of not [snip] Yes. Using an encrypted online password vault is a trade-off.
Risks that are unaffected: o A randomly generated password might be more guessable than a human-created password, if generated by an insecure PRNG, for example, if the possible generation outcomes for given input parameters can be predicted through analysis. o A password can easily be stolen by malware on a computer the password is typed on that logs keystrokes and mouse clicks (even a vault's master password). o A password can easily be stolen if transmitted to a remote site unencrypted, by a computer on the local or remote LAN with malware infection (even a switched LAN). o If either endpoint's SSL certificate (or a CA) is compromised, a MITM attack can be used to learn the contents of encrypted communications. o A password can be stolen by malware if stored temporarily at rest or temporarily in RAM in an unencrypted format. o A password can be stolen if stored at rest in unencrypted format. o A password can be stolen, even if encrypted, if the symmetric encryption key can also be stolen. New risks increased in magnitude: o If malware running on a computer is aware of the password vault application, it may be able to maliciously modify the executable code of the password vault application in memory, resulting in data compromise. o Your password data is vulnerable to local compromise if your master pw is guessed or stolen. (Use a vault with multi-factor authentication to mitigate). o If password vault data is stolen, the thief has a convenient list of accounts. Risk can be reduced by using multiple vaults of different types for different security levels/use frequency. o If the password vault software fails, DB is corrupted, or the online password vault service goes offline, you can lose access to your accounts, because you don't remember the passwords. o The pass vault is an additional piece of software; if the software developers' systems are compromised, it might be possible for malicious code to be inserted in the password vault application. o If the password vault software has a bug, the encryption doesn't work properly, or fails to maintain good security hygene, all your passwords may be vulnerable. For example, if you keep a GPG encrypted list of passwords, and you create a "temporary plain text file" when re-encrypting to create a new encrypted list, passwords are vulnerable to theft during this process, and afterwards via latent disk analysis techniques. Examples of Risks mitigated by online encrypted password vault VS shared or similar passwords that are memorized: o Reduced risk of loss of access to account, resulting from forgetting which password was selected for a particular account, or adverse password changes enforced by "password setting" or "mandatory password change" policies. o No need to use short/guessable passwords (less than 16 characters); high-entropy passwords can be chosen which can only be attacked by brute force, and which will take massive amounts of money or time to successfully attack. o If the login password to one site is compromised, guessed, or accidentally disclosed by any means; many of your accounts are at increased risk. Risks eliminated pw vault VS passwords written down on a slip of paper: o No risk of losing the paper, resulting in account compromise and loss of access o No risk of a piece of paper being stolen. o No need to use short passwords (less than 32 characters) that can easily be written down -- -JH