
KeeWeb: Unofficial KeePass web and desktop client - floriangosse
https://github.com/antelle/keeweb
======
dchest
Do not generate passwords with it, it uses insecure Math.random:

[https://github.com/antelle/kdbxweb/blob/906e927d3e3384db4dd3...](https://github.com/antelle/kdbxweb/blob/906e927d3e3384db4dd393f6a9cbba00b1c85720/lib/crypto/random.js#L19)

[https://github.com/antelle/keeweb/blob/master/app/scripts/ut...](https://github.com/antelle/keeweb/blob/master/app/scripts/util/password-
generator.js#L29)

(in meme form: [https://imgur.com/FcZNflQ](https://imgur.com/FcZNflQ))

Filed issue:
[https://github.com/antelle/kdbxweb/issues/5](https://github.com/antelle/kdbxweb/issues/5)

(embarrassing/funny: it was me who wrote Salsa20 "user-space" generator used
here
([https://github.com/antelle/kdbxweb/blob/906e927d3e3384db4dd3...](https://github.com/antelle/kdbxweb/blob/906e927d3e3384db4dd393f6a9cbba00b1c85720/lib/crypto/salsa20.js#L3)),
but it should be properly seeded from secure random number source to be
secure. Added this note to the gist where the author found it:
[https://gist.github.com/dchest/4582374#file-
salsa20-js-L1-L1...](https://gist.github.com/dchest/4582374#file-
salsa20-js-L1-L16))

~~~
judofyr
Is there a practical attack for this usage? The attacker would need to have a
bunch of your passwords already?

EDIT: Not that I'm justifying using Math.random, I just don't see why you so
strongly recommend against using this tool.

~~~
blakesterz
>> Is there a practical attack for this usage?

This is the question I ask every single time I read about anything in
security. It feels like there's just SO MANY THINGS wrong about every damn
thing now the only way I can figure out what I have to really worry about or
focus on is anything with a PRACTICAL attack that's easily automated and
remotely exploitable.

~~~
dchest
Cryptographic attacks become better, some of them become practical. RC4
attacks were not considered practical until recently, and now everyone runs
with their heads on fire replacing it.

The best answer is to listen to what security people say. When they have a
practical attack on something it is already too late.

~~~
Touche
Security experts, by in large, only care about academics and care very little
about usability, so I do not trust them unless they give me specific scenarios
where I am in danger.

~~~
dchest
Eh, okay? Your choice, dear Touche, your choice.

~~~
Touche
Just to clarify what I mean; we have to make decisions based on tradeoffs.
Having the most secure password possible is not the only thing that matters.
So "trust security experts" is not a good response; I need to know threat
levels so I can make informed decisions. I'm not just going to do the same
thing a security enthusiast does because I value different things, to
different degrees.

~~~
dchest
Looks like you didn't understand the sadness of the issue I was reporting. The
author of the software constructed his own random number generator from two
primitives: Salsa20 stream generator and Math.random. The last part is what
makes this PRNG theoretically insecure: because Math.random is not guaranteed
to give cryptographically secure random numbers, thus, theoretically, the
generated passwords can be guessed. (The fact that there are no current
attacks on current implementations of Math.random in browsers doesn't mean
that we won't get them in the future.) The secure alternative to author's PRNG
is ~one line of code: window.crypto.getRandomBytes. There are no tradeoffs
involved! On the contrary, the author's insecure construction is more
difficult to write than the secure one.

(BTW, while we here argue about security experts, the author said "Thank you,
I'll replace it of course.")

~~~
Touche
This is what I'm talking about. You, a security enthusiast, are only
interested in the technical security details. You respond to a comment about
tradeoffs with details on the bug.

I don't care about why the bug happened or how easy it is/isn't to fix. I care
about whether the existence of the bug is something I should be so concerned
about as to not use the software. In order to gauge that, I need a little more
info about the threat level.

~~~
Nadya
_> I don't care about why the bug happened or how easy it is/isn't to fix. I
care about whether the existence of the bug is something I should be so
concerned about as to not use the software. In order to gauge that, I need a
little more info about the threat level._

Threat level is 0%. No currently known attacks exist. This threat level
immediately goes to 100% when a practical attack is discovered. There is no
guarantee that a practical attack exists that _hasn 't_ been brought to
academic or mainstream attention (e.g some cracker has a practical attack that
they're keeping under wraps). By the time the threat level hits 100% the
cracker may have already broken into your account(s) before you even hear
about the attack.

Therefore when something is shown that "attacking it is possible" you can make
one of two assumptions

1) No practical attack exists and you'll be safe until it exists

2) A practical attack already exists and it is only a matter of time until you
get pwned

Rather than worry about whether or not a practical attack already or will one
day exist, I'd use cryptography that hasn't been shown to be broken.

~~~
Touche
This comment doesn't make sense. All attacks are not equal. Some require
physical access; some do not. Some require seed data; some do not. What
exactly are you talking about here?

This is why security people are so frustrating to talk to; you only talk in
extremes.

> Rather than worry about whether or not a practical attack already or will
> one day exist, I'd use cryptography that hasn't been shown to be broken.

That's not what I'm worried about. I'm worried about given that they do exist
what is the risk to me? What is the likelihood that my account has been broken
into?

~~~
Nadya
_> This comment doesn't make sense. All attacks are not equal. Some require
physical access; some do not. Some require seed data; some do not. What
exactly are you talking about here?_

I'm not a security expert, more of a hobbyist. So I'll let someone else
quantify potential specifics. To my understanding, they would not require
physical access and would be able to guess any passwords generated (once an
attack has been found/created).

 _> That's not what I'm worried about. I'm worried about given that they do
exist what is the risk to me? What is the likelihood that my account has been
broken into?_

The chances of 0 becoming 1 are not quantifiable because it requires knowing
unknowns. It is, however, non-zero. For a small list of unknowns:

1) Who knows about the attack

2) How practical is the attack?

3) What software/websites/people are they choosing to attack

4) Are you even using any of the software/websites that are being attacked?

5) Are they going to accept cracking <10%~ accounts if they can do so in <24
hours or is their goal to crack >50%~ accounts? Many crackers only care to
scrape the bottom of a barrel. What are the chances you were in the part of
the barrel they scraped?

I assume the worst because being compromised is a zero-sum game. I've been
compromised or I haven't. Therefore my variables are:

Everyone. Extremely. Only things I use. Of course. Doesn't matter, I'm in the
targeted group.

I wouldn't make any bets on security through obscurity.

~~~
Touche
Getting my reddit account hacked is not the end of my life. Hell, getting my
bank account hacked is not the end of my life. I don't want those things to
happen, I will take precautions to prevent it.

But too often security people talk as though _it 's the only thing I should
care about_. And it's not, I care about other things too, to varying degrees.

So, to make an informed decision, I need to know _more_ than just that
Math.random() is insecure. Knowing that an attack wouldn't require physical
access _is the type of information I 'm interested in_. So thank you for that.

~~~
Nadya
I understand completely. I feel most people's threat models stop even before
'threat has physical access'. The chances of both your computer being stolen
_and_ the person who stole it being tech-savvy enough [0] to break into things
may as well be 0 for anyone who isn't the target of a state actor or working
in a security field. At that point the only people who care are the people who
care about security or slim chances like that occurring. :)

[0] Or the thief selling it to someone who _is_ tech savvy enough. Still
practically 0 for most everyone.

------
wwarren
This is awesome. People are obviously going to give you a hard time about
security and your implementation of the important parts of the software, but
that's the advantage of open source!

Edit: I am a daily user of KeePassX and get really tired of the UI after a
while so I will definitely be trying this out ASAP!

~~~
ngrilly
Which version of KeePassX are you using? The 2.0 seems better.

And if you use a Mac, have you tried MacPass?

~~~
florianletsch
MacPass is excellent. It finally helped me completely move to a password
manager based life.

~~~
softawre
How is it better than KeyPassX? I (think I) want my manager to be simple..

~~~
hollander
It's native, much better user interface. Downside - for now: it's alpha, not
even beta yet, so better keep a backup of your database.

------
Sir_Cmpwn
Check out pass for those wanting a solution in line with the Unix way:

[https://www.passwordstore.org/](https://www.passwordstore.org/)

~~~
zipperhead
One issue I have with pass is that it leaks meta-data about what you have
stored. The contents are encrypted, yes, but the filename identifying the
content is sitting right there in the open.

~~~
noondip
Check out this similar gpg-based password manager, which uses just one
encrypted container for improved confidentiality -
[https://github.com/drduh/pwd.sh](https://github.com/drduh/pwd.sh)

------
Sephr
The reference implementation's domain is vulnerable to MITM attacks between
KeeWeb and CloudFlare until they set their CloudFlare crypto settings to
"strict" and get some real certificates of their own (e.g. Let's Encrypt).

I submitted an issue here:
[https://github.com/antelle/keeweb/issues/111](https://github.com/antelle/keeweb/issues/111)

Of course exploiting this would be very difficult, but it is _possible_ to
MITM the connection between the CloudFlare proxy and GitHub pages as long as
keeweb.info continues to not use DNSSEC.

~~~
Sephr
Update: The author has reasonably mitigated this vulnerability. This isn't
much of an issue now.

------
talles
I always get confused with KeePass, KeePass2 and KeePassX...

I use KeePassX on OS X. Will I be able to use this one with my database file?

~~~
ngrilly
Try MacPass. It's great.

[http://mstarke.github.io/MacPass/](http://mstarke.github.io/MacPass/)

~~~
yoasif_
Thanks, giving this a shot!

------
mjs7231
This looks awesome. My only gripes with KeePass is the confusion between
KeePass,2,X etc; get it together guys. Also there is a serious lack of good
browser extensions. There only seems to be one offering and its the clunkiest
thing I have ever used. -- That said, as soon as the second problem is
addressed, I'll be switching as soon as possible. I'd love to move off my
proprietary solution to an open one.

------
zaphoyd
How does it handle multiple users/computers trying to write to a database on
dropbox?

~~~
dorfsmay
I don't know about this version, but keepassx creates a file in the same
directory where the password kdb file is, and use it as a lock.

But, keep in mind that dropbox can delay updates to the server (could be hours
if you are disconnected) with no warning to the user, which means that two
different users could update the same file independently and create a
conflict. For this reason, it isn't suitable as an enterprise solution.

Having said that I recommend dropbox as a poor man escrow, so that somebody
you trust as easy access to all your passwords for banking, social network
(keep your alt accounts somewhere else :-) ), servers' root, etc...

~~~
zaphoyd
Yep, aware of how KeepassX does this. Its better than some (i.e. there are
locks at all) but dropbox doesn't always cooperate. Have been looking for a
better solution, but most seem to not even do the lock file thing.

------
phjesusthatguy3
That's pretty nice. I'm going to look into packaging it for myself for
FirefoxOS. My only issue with it right now is aesthetic: the top item (search
box on the main page, "< back to list" in entries, etc) scrolls off the top of
the screen, leaving that much blank white space at the bottom of the screen.
I'm on a ZTE Open C running the nightly version of FxOS from
[http://builds.firefoxos.mozfr.org/doc/en/devices/zte-
open-c-...](http://builds.firefoxos.mozfr.org/doc/en/devices/zte-open-c-eu)

~~~
C0d3r
Offtopic but, are you using FirefoxOS in your main phone? Is it good enough? I
have one but never found it useful...

~~~
phjesusthatguy3
Yes, my only phone is FxOS. No, it's not good enough. I'm sure if I was on
better hardware, it would be okay. My _only_ requirements for it are a) decent
web browser (it fails on this point) and b) Google 2 factor auth (I'm using
GAuth[0]). I really don't care about playing games on my phone (I have a
hacked PS Vita for that) and I have a laptop for everything else.

[0][https://marketplace.firefox.com/app/gauth](https://marketplace.firefox.com/app/gauth)

------
openaccount
The notes field should be a multiline text field. This is mandatory since some
data needs more explanation than just a password.

------
relaxitup
Does there exist an enterprise grade server/webui solution based on a keepass
db? We are looking for an enterprise password manager solution that does not
need all the ldap/ad integration bells/whistles (although we may explore ldap
integration with the tool in the future). So I was thinking why not just use
keepass. And by enterprise grade I guess I really mean it needs to be a multi
user solution, but everyone would be working from the same pw db..

~~~
paulryanrogers
PleasantSolutions.com may help. (Full disclosure: I sell an unrelated KeePass
plug-in.)

~~~
relaxitup
This looks very interesting thanks!

------
greggarious
This is great. My weekend project this weekend was to move to KeePassX, but
it's not very usable. This UI is great!

~~~
hollander
Try MacPass!

~~~
greggarious
Thanks a ton - extremely helpful reply!

------
slavik81
The title should probably be "KeyWeb - a KeePass Web and desktop client" to be
clear that this is not the official KeePass client. I was briefly concerned
because I generated many passwords with KeePass, but this post is about a
different piece of software.

~~~
dang
We added "unofficial" to the title.

------
jareds
Just built this, looks good so far. Being a totally blind back-end developer
I've wanted to look at web accessibility, while the app is accessible I think
it could be made better so hopefully I can use this as a way to learn.

------
qertoip
Excellent work! Clean, beautiful and works out of the box.

Is there any way to have a system-wide shortcut to auto-enter passwords? In
KeePassX it's called "Global Auto Type Shortcut". I just can't live without
this ;)

------
theomega
Would it be possible to connect this to WebDav (i.e. Own cloud)?

~~~
netoarmando
They have plans for that in Q2 2016.
([https://github.com/antelle/keeweb/wiki/TODO](https://github.com/antelle/keeweb/wiki/TODO))

------
magicmu
Looks awesome! I've been using 1password, are there any big advantages that
KeePass has over it?

~~~
cmrx64
I'm not sure about "big", it all depends on how much you trust 1password and
what your threat model is. For me, the advantage of keepass is that I don't
need to upload my credentials anywhere, or trust some closed source blob
running in the browser, etc. It has a XML format that enables things like this
client to be created.

1password has the advantage of excellent platform integration on iOS, and
various browser extensions with auto-fill.

~~~
oneeyedpigeon
> the advantage of keepass is that I don't need to upload my credentials
> anywhere

But if you want to sync your credentials across devices, you still have to
upload them somewhere, right? Doesn't this just support sync via Dropbox? If
so, aren't you then just playing the trust game between two third-parties?

~~~
dorfsmay
You are uploading a file that is encrypted using very strong encryption, not
plain text password.

An employee of that company, or if the file was leaked due to technical
errors, a member of the general public won't be able to decrypt it. If one of
the richest governments wanted to, they might be able to, but if you had
reasons to be a target you'd know better than using this.

Also, take a look at SpiderOak.

~~~
oneeyedpigeon
Is strong-encryption something that 1password is fundamentally opposed to, or
something they just haven't implemented yet? If I'm going to switch, the
answer to question is pretty important.

~~~
DenisM
>strong-encryption something that 1password is fundamentally opposed to?

where did you this idea?

~~~
oneeyedpigeon
The comment I replied to which suggested that strong-encryption was a
differential between keepass and 1password.

~~~
DenisM
As far as I can see, the comment you replied to contains no mention of these
things. Can you quote the relevant part?

~~~
oneeyedpigeon
cmrx64: it all depends on how much you trust 1password and what your threat
model is. For me, the advantage of keepass is that I don't need to upload my
credentials anywhere

oneeyedpigeon: But if you want to sync your credentials across devices, you
still have to upload them somewhere, right?

dorfsmay: You are uploading a file that is encrypted using very strong
encryption, not plain text password

I took that to mean:

(with keepass) you are uploading a file that is encrypted ... not plain text
password (as for 1password)

dorfsmay has now confirmed that was their meaning in this comment:
[https://news.ycombinator.com/item?id=11177045](https://news.ycombinator.com/item?id=11177045)

~~~
DenisM
Thanks. This was very cryptic, I'm surprised you pieced it together.

------
pickle27
I've been waiting / hoping someone would build this! thanks!

