(in meme form: https://imgur.com/FcZNflQ)
Filed issue: https://github.com/antelle/kdbxweb/issues/5
(embarrassing/funny: it was me who wrote Salsa20 "user-space" generator used here (https://github.com/antelle/kdbxweb/blob/906e927d3e3384db4dd3...), but it should be properly seeded from secure random number source to be secure. Added this note to the gist where the author found it: https://gist.github.com/dchest/4582374#file-salsa20-js-L1-L1...)
I mean, I get that it's worse than other keepass implementations - that's obviously a problem - but if this gets people to stop using "hunter2" or "p4$$w0rd" that's got to be worth something, right?
However, this is an alternative to KeePass/KeePassX, so the typical behavior of KeePass users is to generate passwords with it, not reuse bad passwords.
For example, I use KeePassX to generate strong passwords for long-term encrypted archives, and if I switched to this app, I wouldn't get the same security.
I'm confused, though, should I say: "All right, people, fuck it, generate your passwords with Math.random! YOLO!"
This is a compromise, because I'd prefer to trust an open source tool and an encrypted local file, but I trust Lastpass enough, and the convenience is very nice.
Don't enable remote connections to the KeepassHttp browser integration: there's a gaping hole https://github.com/pfn/keepasshttp/issues/258
I know it doesn't add that much security since a determined attacker could still brute force the OTP with the way it works but it keeps out the casual attacker that's not that savvy.
I use KeePass across a range of devices, including my phone and laptop. I keep the dictionary synced with Syncthing.
I use it regularly to generate new passwords for websites, refreshing old website passwords (hello Heartbleed!) and logging into existing accounts. I also lock down the security questions so they can't be guessed. I'm now logged out of most services by default, especially banking, and the dictionary auto-locks after a short time.
Once I accepted a small price of inconvenience in setup and use, it has a positive impact. Now I remember only one password and updates are kept in sync across all my stuff.
I know the probability that vulnerability will be exploited is very low. But I also believe things should be done the right way.
Use another password manager, or just use KeepPass official to create the passwords.
EDIT: Not that I'm justifying using Math.random, I just don't see why you so strongly recommend against using this tool.
This is the question I ask every single time I read about anything in security. It feels like there's just SO MANY THINGS wrong about every damn thing now the only way I can figure out what I have to really worry about or focus on is anything with a PRACTICAL attack that's easily automated and remotely exploitable.
The best answer is to listen to what security people say. When they have a practical attack on something it is already too late.
(BTW, while we here argue about security experts, the author said "Thank you, I'll replace it of course.")
I don't care about why the bug happened or how easy it is/isn't to fix. I care about whether the existence of the bug is something I should be so concerned about as to not use the software. In order to gauge that, I need a little more info about the threat level.
Threat level is 0%. No currently known attacks exist. This threat level immediately goes to 100% when a practical attack is discovered. There is no guarantee that a practical attack exists that hasn't been brought to academic or mainstream attention (e.g some cracker has a practical attack that they're keeping under wraps). By the time the threat level hits 100% the cracker may have already broken into your account(s) before you even hear about the attack.
Therefore when something is shown that "attacking it is possible" you can make one of two assumptions
1) No practical attack exists and you'll be safe until it exists
2) A practical attack already exists and it is only a matter of time until you get pwned
Rather than worry about whether or not a practical attack already or will one day exist, I'd use cryptography that hasn't been shown to be broken.
This is why security people are so frustrating to talk to; you only talk in extremes.
> Rather than worry about whether or not a practical attack already or will one day exist, I'd use cryptography that hasn't been shown to be broken.
That's not what I'm worried about. I'm worried about given that they do exist what is the risk to me? What is the likelihood that my account has been broken into?
I'm not a security expert, more of a hobbyist. So I'll let someone else quantify potential specifics. To my understanding, they would not require physical access and would be able to guess any passwords generated (once an attack has been found/created).
>That's not what I'm worried about. I'm worried about given that they do exist what is the risk to me? What is the likelihood that my account has been broken into?
The chances of 0 becoming 1 are not quantifiable because it requires knowing unknowns. It is, however, non-zero. For a small list of unknowns:
1) Who knows about the attack
2) How practical is the attack?
3) What software/websites/people are they choosing to attack
4) Are you even using any of the software/websites that are being attacked?
5) Are they going to accept cracking <10%~ accounts if they can do so in <24 hours or is their goal to crack >50%~ accounts? Many crackers only care to scrape the bottom of a barrel. What are the chances you were in the part of the barrel they scraped?
I assume the worst because being compromised is a zero-sum game. I've been compromised or I haven't. Therefore my variables are:
Everyone. Extremely. Only things I use. Of course. Doesn't matter, I'm in the targeted group.
I wouldn't make any bets on security through obscurity.
But too often security people talk as though it's the only thing I should care about. And it's not, I care about other things too, to varying degrees.
So, to make an informed decision, I need to know more than just that Math.random() is insecure. Knowing that an attack wouldn't require physical access is the type of information I'm interested in. So thank you for that.
 Or the thief selling it to someone who is tech savvy enough. Still practically 0 for most everyone.
It's incredibly difficult (I'd say "impossible", but I'm being pedantic for now) to check a flaw against such strict definition and check it against all possible use cases and all possible inputs and decide if one of them will lead to bad consequences.
Thus, if there's any practical attack? How the hell would I or anybody else know. We can only know a resounding "yes" after you get owned, nobody can ever tell you a honest "no" to this question.
Proper would be: don't roll your own crypto, use what professionals created, and only in the way they document it to be used. When in doubt, email tptacek or another professional he would point out.
> The RandomSource.getRandomValues() method lets you get cryptographically random values. The array given as the parameter is filled with random numbers (random in its cryptographic meaning).
> To guarantee enough performance, implementations are not using a truly random number generator, but they are using a pseudo-random number generator seeded with a value with enough entropy. The PRNG used differs from one implementation to the other but is suitable for cryptographic usages. Implementations are also required to use a seed with enough entropy, like a system-level entropy source.
IMO, in most cases it is a non-issue. But... If you use a badly generated password as a key for a encrypted volume, then you might have a problem.
Edit: I am a daily user of KeePassX and get really tired of the UI after a while so I will definitely be trying this out ASAP!
And if you use a Mac, have you tried MacPass?
(I think I was able to fix it in that case by opening and saving it with Keepass.)
The mono version?
Haven't tried MacPass but it looks great and I will give it a whirl. Thanks!
I'll happily give an sr.ht account to anyone who wants one for this purpose, mention HN in your application comments: https://sr.ht
I submitted an issue here: https://github.com/antelle/keeweb/issues/111
Of course exploiting this would be very difficult, but it is possible to MITM the connection between the CloudFlare proxy and GitHub pages as long as keeweb.info continues to not use DNSSEC.
I use KeePassX on OS X. Will I be able to use this one with my database file?
keeWeb supports the newer .kdbx format that keepass2 introduced and keepassX can convert to from the older .kdb format. so... yes, it will work.
But, keep in mind that dropbox can delay updates to the server (could be hours if you are disconnected) with no warning to the user, which means that two different users could update the same file independently and create a conflict. For this reason, it isn't suitable as an enterprise solution.
Having said that I recommend dropbox as a poor man escrow, so that somebody you trust as easy access to all your passwords for banking, social network (keep your alt accounts somewhere else :-) ), servers' root, etc...
Is there any way to have a system-wide shortcut to auto-enter passwords? In KeePassX it's called "Global Auto Type Shortcut". I just can't live without this ;)
1password has the advantage of excellent platform integration on iOS, and various browser extensions with auto-fill.
But if you want to sync your credentials across devices, you still have to upload them somewhere, right? Doesn't this just support sync via Dropbox? If so, aren't you then just playing the trust game between two third-parties?
An employee of that company, or if the file was leaked due to technical errors, a member of the general public won't be able to decrypt it. If one of the richest governments wanted to, they might be able to, but if you had reasons to be a target you'd know better than using this.
Also, take a look at SpiderOak.
where did you this idea?
oneeyedpigeon: But if you want to sync your credentials across devices, you still have to upload them somewhere, right?
dorfsmay: You are uploading a file that is encrypted using very strong encryption, not plain text password
I took that to mean:
(with keepass) you are uploading a file that is encrypted ... not plain text password (as for 1password)
dorfsmay has now confirmed that was their meaning in this comment: https://news.ycombinator.com/item?id=11177045
With keepassx, your password never leaves your device in unencrypted form.
"The easiest way for us to protect your data and data about you is to not have that data in the first place. You may be noticing a theme by now: we can’t reveal or abuse data that we don’t have.
We do not have your 1Password data. We do not know your 1Password Master Password. We don’t even know if you use 1Password. We do not know how many items you have in your vault or their type."
Also, you're putting too much faith in other people's computers.
That said, most of these password managers use really strong encryption so having your password file exposed isn't much of an issue.