0

I want to create a generative password manager. Generative password managers generate passwords based on seeds such as the master password and the website's URL. In contrast, most password managers store the password in an encrypted file (encrypted with the master password). In this regard, since generative password managers do not store any information, would it be more secure than a normal password manager which delivers an encrypted password file to the user to be decrypted on the client-side? An attacker can theoretically look into the generative password manager's memory and retrieve the generated password. Would this be more difficult than trying to breach a server, steal the password file, and then trying to brute-force it?

mrQWERTY
  • 443
  • 3
  • 7
  • The issue I see with this kind of password manager is that you can no longer change your password should it become compromised. – André Borie Jun 04 '16 at 17:35
  • @AndréBorie That is true. I think that is the main reason why generative password managers are relegated as merely an academic novelty. – mrQWERTY Jun 04 '16 at 17:37
  • It's also worth mentioning that sending an encrypted file to a client will also require sending them the key which adds a layer of inherent risks. Furthermore, isn't it easier to guarantee the security of your server than the one of each client? – Julie Pelletier Jun 04 '16 at 17:55
  • If the only criteria for a generative is the master password (website URL being implied), it's just as secure as a password manager that stores the passwords in an encrypted file (well, mostly; with an encrypted file you'd at least be able to tell it decrypted correctly, but you'd need to try the same number of guesses anyways). Additionally, such a thing would automatically enable offline attacks, allowing attackers to precompute what amount to rainbow tables (given most peoples' password habits...). – Clockwork-Muse Jun 05 '16 at 06:17
  • 1
    A breach-and-steal (for offline cracking) probably isn't your biggest worry, it's client compromise. At that point, pretty much anything goes, and storage vs generated doesn't matter much. @JuliePelletier - Most online password managers do **not** store the key (or at least, not the only one), specifically to prevent breaches, instead relying on the client to supply a password. The real strength is still dependent on the client, which is something that can't really be dodged. – Clockwork-Muse Jun 05 '16 at 06:28
  • Relevant: [Mozilla Confirms Web-Based Execution Vector for Meltdown and Spectre Attacks](https://www.bleepingcomputer.com/news/security/mozilla-confirms-web-based-execution-vector-for-meltdown-and-spectre-attacks/) – kenorb Jan 10 '18 at 14:50

1 Answers1

0

Stealing data from the memory is definitely easier than stealing it from an encrypted file. You can take a dump of your memory and then scan it to search the password.

On a side note, I believe the bigger risk here is that there is a very simple mapping between the seed and the password. Also, the seeds seem to be predictable. Once that is compromised, do you have a safety/fallback mechanism to protect other passwords?

Limit
  • 3,191
  • 1
  • 16
  • 35
  • ...yes, but even password (storage) managers have to decrypt the password at some point (for display/output). There _are_ ways to have protected memory for a process, but presumably that would be used for both generative and storing managers, so there isn't anything special there... – Clockwork-Muse Jun 05 '16 at 06:07
  • @Clockworkmuse I am not comparing between the two when I say that it is easier to fetch data from memory. I'm just answering one part of the question with that line. My main point is that such a simple mapping makes it a weak cryptosystem – Limit Jun 05 '16 at 06:48