6

All the popular password managers on the market advertise that they have AES-256 grade security. In a nutshell, the user has the master key and the password manager has the cipher-text. So the password manager cannot read any of the user data.

How do password managers have the feature to share passwords between friends and family?

Since password managers only have the cipher-text, when sharing with another person it should have the other person's master key for it to create a new cipher-text (which can be decrypted with the other person’s master key).

The above is achievable either by sharing the data as a plain text or maybe having a temporary sharing key. Even if they have either of the solutions, then editing shouldn't work.

Apps like Dashlane allow sharing with editable options. How is it possible to do that without knowing both parties master key? Are they somehow saving my key without my knowledge?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Kavin Varnan
  • 163
  • 4
  • 5
    Does this answer your question? [How does a shared vault in password managers such as 1Password work?](https://security.stackexchange.com/questions/234747/how-does-a-shared-vault-in-password-managers-such-as-1password-work) – karlsebal Feb 05 '21 at 22:00

2 Answers2

5

This could be implemented in a way that the provider has no access to the password. For example, the password can be asymmetrically encrypted. If the password is encrypted using your public key, and it's encrypted using your friend's public key, only you two can read the password. And you can modify and re-encrypt the password using both public keys. The provider can't read the password.

I don't know whether Dashlane or other password managers actually do this, but it's certainly possible.

Sjoerd
  • 28,707
  • 12
  • 74
  • 102
5

I work for 1Password. We cannot decrypt your data, but you can share it. I will describe how it is done in 1Password to be able to talk more specifically, but it should give you some idea of the kind of approach used by other password managers as well.

In the case of of 1Password, your data is organized into vaults. All of the items in a single vault are encrypted with the same symmetric key. The vault key, AES-256, is created by the user’s client on their own device when they create a vault. So when someone, say Patty, creates a vault a new vault key will be created, and that vault key will be used to encrypt any item Patry adds to that vault.

When another user, say, Molly, creates her account there are many things the 1Password client will do. And one of them is it will generate an asymmetric key pair (public key and private key). Again, this happens all on Molly’s machine. No one else every has her private key. The public and private keys are mathematically related to each other, in a way that allows someone to encrypt something with Molly’s public key that can only be decrypted with Molly’s private key.

So when Patty shares a vault with Molly, Patty encrypts the vault key using Molly’s public key. Molly (and only Molly) can then decrypt that vault key by using he private key.

I’ve skipped over a couple of steps and additional controls, but if you want many more details see the 1Password Security Design document. While the details will also differ from password manager to password manager, the general scheme is to use symmetric keys to encrypt the data and then using asymmetric cryptography for sharing the symmetric keys.

Jeffrey Goldberg
  • 5,839
  • 13
  • 18
  • Thanks for answering as one of the workers. Yes, this is a common way. However, the real problem is the verification of the public key as Signal does. Does 1Password provide the security against the man in the middle attacks? – kelalaka Dec 18 '20 at 10:44
  • @Jeffrey_Goldberg I raised a concern about 1Password relating to the master password and secret key generation on the website https://security.stackexchange.com/questions/242342/1password-security-weakness – g491 Dec 20 '20 at 06:11
  • I wish I had a good answer for this. There was a time when people asked that I would say that you could attach a debugger to see what keys you were encrypting to. But that was hardly a good answer, and now it is harder to run in a debugger. There is an appendix in the white paper that discusses the problem, but it doesn’t really offer a solution. – Jeffrey Goldberg Dec 20 '20 at 18:25