
Mitro Releases a New Free and Open Source Password Manager - gbarboza
https://www.eff.org/deeplinks/2014/07/mitro-a-new-free-password-manager
======
k2enemy
I'll use this as an opportunity to give a shout out for my new favorite
password manager: pass [0]

It uses gpg to encrypt passwords that are then stored locally, but can be
synced using Dropbox, rsync, unison, etc. It is a command line program, so it
doesn't have things like browser integration, but on a mac, a little Automator
magic alleviates most of that pain. Besides, after trying 1password, lastpass,
and a few others, the browser integration was usually a source of frustration
instead of convenience.

For my setup, I have a keyboard combo mapped to an Automator action that gets
the current URL from Safari, passes it to a shell script that strips out the
hostname, then uses pass to copy the password to the clipboard for 45 seconds.
Then, I use another script to have a notification pop up with my username in
case I've forgotten it. So I press "cmd+\", then a second later I have my
password in the clipboard and my username showing on a temporary desktop
notification.

I'm also using pass to store bank credentials, software keys, and other
things. I also have it set up to use a different gpg key to keep a journal. It
has turned out to be a very versatile and reliable piece of software.

[0] [http://www.passwordstore.org](http://www.passwordstore.org)

~~~
zellyn
Very nice, but:

1) one of the reasons I use a password store is to share passwords with my
wife. I can't imagine her using this 2) iPhone? Android? 3) 1password's
integration with the browser is very helpful: since I've been using a linux
box as my day-to-day machine (where 1password doesn't have a native version),
I've been using it significantly less, because it adds friction. On Mac OS, I
would just auto-gen a horrific 12-16 character random password for any
website, and have it automatically saved to my 1password.

As you might guess, I have high hopes for Mitro, especially if they (well, I
guess it's now _we_ ) can create a compelling don't-use-their-host story
(either hosted, or file-based (eg. dropbox)) and pass at least a cursory
security smoke test. :-)

~~~
reedlaw
I'd love to find a way to securely share passwords with mobile devices. But
from what I understand, there's no very secure way to do it on Android. If you
store a private key on the device then other applications may have access to
it. And with iOS, each app is its own silo, so I'm not sure how you'd get
password autocomplete working. An ideal solution would allow selective sharing
because there are some secrets you wouldn't want stored on your mobile device.

~~~
TheCraiggers
>Android

It depends on how you do it. If you use the local app storage, it's protected
via the OS. Only the App itself can read/write from it.

If you use "USB Storage" then the data is stored on the sd card or equivalent.
Any other app with the USB Storage permission can read or write to that
directory and it's very much not secured.

As for interfacing with other apps to "autocomplete" your password, there are
permissions and ways to do that too, although I can't speak for them since
I've never done it.

------
vijayp
We're very excited to make this available to the community and welcome pull
requests, bug reports, etc..

Pitch in on Github: [https://github.com/mitro-
co/mitro](https://github.com/mitro-co/mitro)

~~~
scrollaway
Congratulations on the release guys.

Would you mind talking about your strengths and weaknesses compared to
KeepassX?

~~~
timonel
For starters, maybe we should ask why Mitro is only using 128­bit AES (stated
in their PDF design doc)?

~~~
AaronFriel
AES-256 is not the most secure variant of AES any longer, as it appears that
variant with key extension improves certain types of attacks. One of those,
called a related key attack, requires only 2^119 time against AES-256, and
2^172 time against AES-192. (Time against AES-128 is approximately 2^128, I'd
wager about 2^126-127).

This is a very particular kind of attack, however, and it doesn't necessarily
mean other weaknesses will be exposed. Cryptographers, though, are a
conservative sort by nature, and many feel more comfortable sticking with
AES-128, which was part of the original Rijndael specification and what was
designed most rigorously. AES-128 also seems to have had the fewest weaknesses
developed against it. The fact that _any_ attack succeeded in reducing AES-256
to below AES-128's security can give crypto folks pause.

I think realistically they are all very safe and AES-128 is unlikely to be
broken by anything within the next decade. After that? I wouldn't wager.

------
wlesieutre
I'm a 1password user, but I'll definitely be checking this out. Having
recently switched to Windows, I'm liking it a lot less. To put it charitably,
their Windows version is not quite as nice as the Mac and iOS releases.

It's a sunk cost at this point, but owning 1password on 3 platforms is
_expensive_. $70 for my laptop and desktop, and another $18 for my phone. But
I bought into it because the Mac version is great and I was primarily a Mac
user at the time. Oh well.

~~~
mikestew
If you stay within the Apple ecosystem, 1Password is great. If you stray
outside of that bubble, not so great. Their Android app sucks (quit putting an
icon in my system bar every time I open the app, for starters), and the
Windows version isn't so hot, either.

Yeah, it's pricey, but in the end I think it's worth the aggravation and time
it saves me.

~~~
heinrich5991
I heard that you have to do this in order to not get killed when inactive.

~~~
mikestew
That's the annoying part. I'm not privy to the internal workings, but I just
need the app to fire up and stick something on the clipboard. After that, let
the OS kill you off because I'll fire you back up again ad hoc.

The notification says it's synchronizing with my chosen cloud provider, maybe
it doesn't want to get inadvertently killed during that process. Okay, fair
enough. But can't the notification be removed after it's done? (An honest, if
rhetorical question; don't know enough about Android to say for sure.) I have
enough special snowflake apps sticking their crap in the notification bar, one
less would be nice.

~~~
nerdyverde
I work for AgileBits, the makers of 1Password.

You are not alone in requesting less clutter in the notification drawer. This
is a popular request that we have received from a number of our customers.

We pride ourselves in considering all feedback from our customers and I'm
happy to say that we've made improvements in this area. In our upcoming 4.1
update, successful sync notifications will be automatically cleared from the
notification drawer.

We are planning to release the 4.1 update on August 19th. Feel free to read
our blog post for additional details:
[http://blog.agilebits.com/2014/07/26/1password-4-for-
android...](http://blog.agilebits.com/2014/07/26/1password-4-for-android-
price/)

------
nicpottier
This looks really great, sadly this is the type of product where being an
early adopter makes me nervous, but after a few minutes of playing with it I'm
impressed with the UI.

I love the functionality of LastPass, I really do, but man their UI is
terrible. I trust them from a security front though and in the end that is
what matters most to me.

If Mitro builds up that same rep then I'll switch over, but until then waiting
it out. (sorry!)

~~~
edcastro
The UI is indeed awesome. I'd love to see a little more development on the
features (doesn't support wildcard domains, for example). But it's definitely
a great starting point to work on.

~~~
missmeng
Aw, your comment about the UI made my day. Wildcard domains didn't come up at
all as a use case—interesting you bring it up. Since it's open source now,
I'll upload the rest of the UI design that hasn't been implemented yet which
supports a few other features. Anything else you'd like to see?

------
marco1
SpiderOak [1] released (or rather "endorsed") an "open source, 'Zero-
Knowledge', cloud-based password manager" called Encryptr [2] as well.

[1] [https://spideroak.com/](https://spideroak.com/) [2]
[https://github.com/devgeeks/Encryptr](https://github.com/devgeeks/Encryptr)

------
dnfehren
Since the company has been acquired what are the plans for the service?
[http://labs.mitro.co/](http://labs.mitro.co/) says that "The service will
continue to operate as-is for the foreseeable future." but there is a lot of
ambiguity in 'forseeable.'

While I really appreciate the value of having the client and server code open
sourced I don't want to run my own server nor do I want to sign up for a
service that, with the changes that will likely happen after the acquisition,
could disappear without a lot of warning.

Can anyone clear this up? from Mitro, EFF?

Congrats and thanks!

~~~
dingdingdang
"Mitro has committed to funding continued operations of its servers until at
least the end of 2014. If their code proves to be secure and popular with the
community, we will be advising them on how to create a sustainable home for
that infrastructure.". Erh. Yes, so I'll be staying on KeePass, strategically
"cloud" backupped in encrypted form to my email address (also, yes, this does
not solve Android integration..etc. so suggestions are welcome!)

~~~
smacktoward
KeePassDroid? [http://www.keepassdroid.com/](http://www.keepassdroid.com/)

~~~
JelteF
I recently started using KeePass2Android [1] instead of KeePassDroid. It has
some features I really like, like cloudstorage integration with Google Drive,
Dropbox and more.

[1]
[https://play.google.com/store/apps/details?id=keepass2androi...](https://play.google.com/store/apps/details?id=keepass2android.keepass2android)

~~~
techsupporter
I really, really love KeePass2AndroidOffline. The app itself needs no
permissions except the ability to read a file from the phone's local storage.
Using OwnCloud's app and the "keep a file up to date" feature, I have my
KeePass file synced to my various computers and my phone. Plus, KP2A has the
"type this password for me" keyboard instead of relying on copy/paste. I
didn't realize until I read the docs for another project, the clipboard is an
API that can be hooked by other apps to see what's on the clipboard. It makes
obvious sense but I never thought about it.

------
Sephr
There's no method to reset Mitro, so if you're like me and Mitro ran into an
error partway through importing your KeePass database, you won't be able to
reset Mitro and try importing with a different method.

Do I seriously have to click manage->delete secret thousands of times just to
reset Mitro?

~~~
dguaraglia
Not really, nobody is forcing you to delete everything manually. You can
always implement the feature yourself!

(Sorry, didn't meant to be _that guy_ , but seriously don't know why people
expect a clearly new piece of open source software to do everything they
want.)

~~~
dserodio
Apparently, it's just been open sourced but it's not a new project

------
andrey-p
Currently using KeePassX + Dropbox. What sort of benefits would I get from
Mitro?

~~~
SideburnsOfDoom
Not keeping sensitive data in Dropbox.

~~~
Andrenid
Is there a "secure" way to get a KeePass file onto an iPhone if Dropbox isn't
safe?

I don't need realtime sync, I'm happy to manually copy it across when I make
changes, just curious what the proper way to do it is, if not via Dropbox.

~~~
smacktoward
SpiderOak: [https://spideroak.com/](https://spideroak.com/)

It's Snowden-approved! [http://blogs.wsj.com/digits/2014/07/17/snowden-says-
drop-dro...](http://blogs.wsj.com/digits/2014/07/17/snowden-says-drop-dropbox-
use-spideroak/)

------
marcoamorales
If I can host my own server, this sounds like a very promising solution.

~~~
evanj
That is absolutely the intention. Currently the docs are lacking, but we will
try to add directions about running your own server in the next few days.

~~~
mercnet
Will there be an option to use your own server in the chrome extension and
android app? Or will I have to compile both with my custom server address?

~~~
vijayp
The chrome extension already supports this via an option on a hidden
preferences page: chrome-extension://EXTENSIONID/html/preferences.html

------
gabriel34
I'm no crypto or security expert, but this worries me:

    
    
       "For security, the online password databases are encrypted with client-side keys derived from your master password"
    

What is going on here? Does it hash my master password, generating a new pass?
If so, this seems like it would only increase the number of bits in the
possible keyspace but not increase the number of possible keys, while actually
lowering security (since hash collisions can occur). This worries me because
non-standard crypto applications tend to actually introduce holes and
vulnerabilities. What other vulnerabilities lie hidden here?

~~~
arantius
My guess is they're using the standard approach for deriving an encryption key
from a password:
[http://en.wikipedia.org/wiki/PBKDF2](http://en.wikipedia.org/wiki/PBKDF2)

~~~
gabriel34
Thanks for the clarification (and thanks to throwaway above as well), seems
this is standard. Is there a salt in this implementation? Is it bruteforced
the first time I open the database on a new device?

~~~
throwaway41597
It says the encryption is done client-side so a salt would be public.

edit: they may be salting with the username or email address.

------
JungleGymSam
Hi. Looks very nice but why would I switch from LastPass? They don't know my
passwords too. They also have multi-factor authentication. They also have add-
ins for all browsers and mobile too.

~~~
dserodio
Because it's open source, so it will be easier to audit, and probably because
of the UI (Lastpass UI got a lot better in the latest releases, but still
sucks).

------
JoshTriplett
How does this compare to letting Firefox remember my passwords and sync them
via Firefox Sync?

~~~
RyanMiller
I don't know much about Mitro but most Password software don't store your
passwords as plaintext on your computer. They also don't make it easy to
generate random password under certain criteria.

Personally, I'd trust Mozilla with at most my bookmarks/settings/tabs. Keep
your security safer with people dedicated to just it. Doubt that's an
endorsement for Mitro, though. At least for now.

------
filmgirlcw
This looks great. I'm a diehard 1Password user, and that probably won't
change, but I love having open source options that have great features.

------
cpeterso
The blog post says Mitro is "joining" and "transitioning" to Twitter, but
doesn't say that Twitter acquired them. How does that work for Mitro's
investors?

Why would Mitro join Twitter’s location team to work on "geo-related projects"
instead of identity and authentication projects like "Sign in with Twitter"?

~~~
wastedhours
"Soft landing" "acquihire"?

------
0xeeeeeeee
It looks great. UI is really nice to look at.

Looking around, this has a long way to go before it is able to compete feature
wise with current commercial managers.

Also, it's going to take a long time, security-wise, to get up to par with the
current commercials as well. It sounds like I'm being harsh but there are a
lot of possible issues to consider. An HSTS header would be a nice start......

------
ern
A warning: this still seems very buggy, it seems to not have an easy easy way
to delete an account, and even deleting individual entries is not totally
reliable (deleted entries seem to stay in the list).

So unless you want to spend a lot of time repeatedly trying to delete
duplicates (created by failed imports) and/or every single entry, stay away,
for now.

------
Kequc
It would be nice since I don't have to remember any passwords anymore, if
Mitro would generate password strings for me.

------
Spooky23
Just use KeePassX.

Cost is zero, available on all platforms that you care about, and it's a
stable format. What more do you want?

Cleartext cloud storage is a no-no. Browser integration from my POV is really
dangerous as well... trying to keep secrets using the most widely attacked
platform out there sounds like an exercise in futility.

------
JungleGymSam
As computer people we should move away from teaching people that a strong
password is one that is made up of random numbers, letters, symbols, and is
hard to remember. Instead, let's teach them to create much longer passwords
that are nonsensical sentences.

*You can't beat the carrot!

OR

Passwords? They're for Sundays.

~~~
SideburnsOfDoom
> let's teach them to create much longer passwords that are nonsensical
> sentences.

Doesn't matter; nobody is going to remember fifty different ones. I have more
website logins that that. Password reuse is going to happen and it is bad.

The only secure way is for each password to be made up of a unique long,
generated string of "random numbers, letters, symbols" for maximum entropy and
stored in a password manager. The user just has to remember the password
manager's master password (and maybe a desktop PC login). Now these remaining
memorised passwords can be long nonsensical sentences if need be.

~~~
JungleGymSam
I did a really poor job of explaining myself. Really poor.

I meant the master password. Mitro's password strength meter uses guidelines
which are becoming (are?) old. So let's just move away from that altogether
(for passwords that people should remember) and doing something that makes it
easy to use lots of characters.

------
expose
I've been looking for open-source alternatives to LastPass. I'll give this a
whirl -- thanks!

~~~
click170
I would suggest Password Gorilla if you don't want your passwords stored in
the cloud.

------
hamburglar
It would be cool if they developed this using something like RemoteStorage so
you don't have to tie yourself to their server backend, which they say they're
only committed to keeping around until the end of the year.

------
mrbill
I imported my LastPass vault into Mitro, but can't get it to auto-fill pages I
have stored data for. I have to search for the page and then click "sign in"..

Am I wrong in expecting it to work exactly like Lastpass did?

~~~
vijayp
Strange, if the URL is shown in the 'details' view, the dropdown should show
up. If not, please email inbound@mitro.co.

------
jfchevrette
I received this by email shortly after installing Mitro:

"Congratulations on adding your first secret to Mitro"

This makes me a little uncomfortable. How do they know? Why should they know?

Edit: I could not find those words in the github repo.

~~~
lobster_johnson
Secrets are stored on Mitro's servers. Presumably -- hopefully -- the
passwords themselves are encrypted. Edit: Ah, yes:

    
    
        Mitro is distinctive amongst free/open source password managers
        in that it's architected around cloud storage. For security,
        the online password databases are encrypted with client-side
        keys derived from your master password. For availability, they
        are mirrored across three cloud storage providers. With this
        design ... passwords can be synchronized across all of your
        computers and devices with minimal effort.

~~~
jfchevrette
This I understand very well.

So presumably they sent the email only after I sent them the first "blob of
gibberish" telling them I added _at least_ one entry to my password database.

Presumably they don't know if and when or how may entries I have. In this case
they only noticed the first time I sent in my encrypted database.

~~~
vijayp
Secrets are stored as described in the design document; the server knows how
many secrets there are, but nothing about them: [https://github.com/mitro-
co/mitro/blob/master/PasswordManage...](https://github.com/mitro-
co/mitro/blob/master/PasswordManagerDesign.pdf)

------
sobkas
Where one could find a specification of the protocol used by Mitro?

~~~
vijayp
The design doc describes the architecture: [https://github.com/mitro-
co/mitro/blob/master/PasswordManage...](https://github.com/mitro-
co/mitro/blob/master/PasswordManagerDesign.pdf)

We unfortunately don't have a great description of the protocol. The closest
you can get is to look at the RPC proto spec: [https://github.com/mitro-
co/mitro/blob/master/mitro-core/jav...](https://github.com/mitro-
co/mitro/blob/master/mitro-
core/java/server/src/co/mitro/core/server/data/RPC.java)

------
IbJacked
Does the Firefox add-on not work, or is it just me? (It seems like it's trying
to load the full-size desktop page in the little drop-down window. Firefox 31
on Win7.)

------
substa
It seems great, but... if the mitro.co server goes down? I misunderstood or is
not possible to copy passwords on your computer?

------
pixelcort
How does the sharing access work? Does it sign in with the password locally
and share the resulting cookies to the recipient?

------
Numberwang
I wonder if they have any plans for a phone app.

~~~
vijayp
iOS and Android apps are available on the respective app stores now. Note that
the Android app might be vulnerable to clipboard hijacking, as described in
[http://fc13.ifca.ai/proc/4-2.pdf](http://fc13.ifca.ai/proc/4-2.pdf)

------
whyagaintango2
Really surprised none mentioned firefox sync?

------
frakkingcylons
The secret sharing across teams works which is good (LastPass's organization
features are broken), but saving secrets is very slow right now.

~~~
pwman
How are LastPass' organization features broken? Over 7,500 companies are using
them successfully.

[https://enterprise.lastpass.com/enterprise-administration-
ba...](https://enterprise.lastpass.com/enterprise-administration-
basics/shared-folders/)

~~~
frakkingcylons
I'm sure a lot do, but when we tried to set it up this past Wednesday, we
couldn't get it to actually share credentials. Perhaps we were using it wrong,
but if we couldn't get it to just work in an hour, there's a fundamental
problem with the product.

------
marcodena
Is it similar to Lastpass?

------
SideburnsOfDoom
Storing my passwords in the cloud means it's already got one mark against it.
What does it do to make make for that?

~~~
hackcasual
Presumably encrypting them with a password you control?

~~~
SideburnsOfDoom
It's still an avoidable risk. And one that can be applied retroactively.

[https://www.techdirt.com/articles/20130620/15390323549/nsa-h...](https://www.techdirt.com/articles/20130620/15390323549/nsa-
has-convinced-fisa-court-that-if-your-data-is-encrypted-you-might-be-
terrorist-so-itll-hang-onto-your-data.shtml)

------
Numberwang
No information or demo on the webpage = Worthless.

~~~
pyre
Presumably the code is released first, then the documentation is created. It
sounds like the product wasn't initially developed with the idea that it would
be released to others. That doesn't make it worthless. If Twitter spent the
time + money to acquire them and open-source their product, I would assume
that they have a vested interest in doing more than just dumping the code on
Github and ignoring it.

------
mstachowiak
"Good security practices require us to use different passwords for most or all
of the websites .... remembering all of your passwords requires an inhuman
display of memory."

It actually is possible to create unique passwords for every website and
remember them without inhuman displays of memory. To do so, there are two
basic things you need to remember:

1) A unique base password 2) A simple hashing function

The input to the hashing function can be the company's name or website address
(an overly simplified example - your hashing function could be the first two
characters of the website's domain name). A unique password for any website
could then be:

password = hash_function(domain) + base_password

A very simple way to create unique passwords for every website, inhuman
memorization skills not required.

~~~
rsanek
I used this form for a while but realized that if someone is doing a targeted
attack specifically on you and happens to find a single compromised password
of yours, all the others are only a few guesses away. It's better than re-
using passwords, but still worse than using truly unique ones.

~~~
Spooky23
If you're being specifically targeted, the key is accessing your email.

