

We can do better – Please fix plaintext credential storage in Chrome - shayanjm
https://medium.com/@shayanjm/we-can-do-better-a69547999f3e

======
mukyu
This article is simply incorrect. The passwords are only stored in plaintext
when there are no OS-level or desktop environment options available to protect
them.[0] In the absence of such a system where exactly do you expect Chrome to
store the encryption key for the list of passwords?

[1]
[https://code.google.com/p/chromium/wiki/LinuxPasswordStorage](https://code.google.com/p/chromium/wiki/LinuxPasswordStorage)

edit: Apparently there are people that run either incredibly old versions of
chrome or don't run a keystore daemon and actually upload all of their
dotfiles to github so I guess that part is technically accurate.

~~~
shayanjm
Off the back of a napkin - the key should never be stored anywhere first of
all. In the absence of keyring/keychain/etc., it'd be trivial to introduce a
masterpassword implementation in the browser client which is XOR'd with secret
credentials and stored as such.

Obviously not a 'secure' system by any stretch of the imagination but it's an
order of magnitude better than storing in plaintext.

------
sbierwagen
Okay, so it's possible someone might accidentally publish their passwords with
an unwise git commit, but has anyone _actually done this?_ Can anyone point to
a real life example?

~~~
shayanjm
Yes! There are tons of accidentally-uploaded profiles on github, for instance.
Search for the readme string and you'll see a number of very dangerous
commits.

------
ufoolme
Once the attacker has the username, password and access to the computer, the
game is already over. I can't see how adding anything on top is nothing but
smoke and mirrors.

~~~
shayanjm
As addressed in the post - there are no mitigating factors in the scenario of
accidental exposure. The lowest hanging fruit would be a dumb hashing function
which uses some master password.

If you've been hit with an OS compromise you're pretty much SOL, but it
shouldn't be so easy to grab highly sensitive data from accidentally exposed
profiles.

