The act of saving accounts in plaintext .json files

Wingy Bing's Avatar

Wingy Bing

29 Dec, 2018 09:17 AM

I think this is a really brilliant idea and an extremely good way of saving all of the values used to generate all of my passwords, so if anyone really wanted to, they could steal my computer and copy the .mpw.d folder, run home and try to recreate my "account" as many times as they'd like until they guess the right password (although that's very unlikely, I'm just pointing out a security flaw.).

My question is simply who came up with this brilliant idea, you're a genius, I want your autograph, and I'd also like to know why you didn't choose to make it in a hash or something to obscure the information.

I understand that it's obviously safer to not save any accounts in the app, but I shouldn't be completely exposed if I choose to do so.

Thanks

  1. Support Staff 1 Posted by Maarten Billemo... on 29 Dec, 2018 02:59 PM

    Maarten Billemont's Avatar

    Hi Wingy,

    First off, thanks for the praise!

    Secondly, it's important to point out that the strength of this solution's security rests solely on the master password. The other tokens (eg. your name) do not contribute to its security strength, just like the email address you use to log in on any site does not contribute to that account's security either. Anyone can guess your email address, your real name, or the name of the site you use, as such, those pieces of data can not be relied upon to make the security stronger: they are metadata, not security data.

    This is why your mpsites file isn't a risk: it contains only public information (your name, the name of the site, etc.) None of this information can really assist an attacker with getting into your account - this is why losing an mpsites file does not compromise you in any way. Master Password was engineered such that the bridge keeps standing just as strongly, whether you tell everybody your name, or don't.

    If you're asking why the data in the mpsites file isn't just a hash, well, the answer is both - it is - and - it can't be.

    Firstly - it is: the mpsites file contains a sha256-hash of your master key. This hash is used to check whether you've made any typo's when entering your master password. Without this check, you could log into your account with any master password - but your site passwords would be wrong each time you used the incorrect master password. This can lead to a lot of trouble for people. The hash isn't a security issue, because it's a hash of a very large (64-byte) number. This makes stealing the hash unhelpful, because there is no way to guess a 64-byte long number by picking random ones and hashing them to see if they match the hash in the mpsites file (there's just too many possible keys to try in the lifetime of the universe, no matter the power of your computer).

    Secondly - it can't: the mpsites file contains a lot of information. Your name, a list of sites you've used in the past, the password template you want for them, etc. This information is saved for your convenience (so you don't need to re-type & re-select it in the user interface each time). Information cannot be saved as a hash, because hashes are non-reversible. You can think of a hash as a way to recognize something without actually having that something. For example, a very simple hash could be, "the last four digits of your credit card". With those digits, you can check which credit card is the right one, but there's no way to use those four digits to "get" the whole number. The same is true for any hash (of course, the hashes that are employed in Master Password are much more cryptographically robust than this trivial example). I can't save your name as a hash in the mpsites because if I did, I wouldn't be able to "load" your name out of it again - only ask you to re-type it and then check it against the hash to see if you gave me the right one.

    Note also that the Master Password apps allow you to use the algorithm without any mpsites file. That's using it as a "dumb" (in the technical sense) calculator instead of as a stateful app. Some of my apps call this "incognito" mode.

    Let me know if you have any more thoughts or questions.

    Cheers,
    Maarten.

  2. 2 Posted by Wingy Bing on 29 Dec, 2018 05:35 PM

    Wingy Bing's Avatar

    The site 'masterpassword.app' told me that the real name was used, in conjunction with the master password to generate the passwords for the sites, which is why I was under this presumption. Fair enough. The way that it asks you to put in a real name each time, at least to me, implies that it strengthens the algorithm somehow. A more intuitive design would be to not ask for a name unless you press some sort of a "new account" button, which would then ask you to name both accounts as you create the second one, to separate them and the saved sites and passwords connected to that account. Just a thought. Here's what's stated on the site's "What" tab, the following is stated:

    "Think of it as, a store-bought calculator. If your name was 1337, your master password was 5317 and you'd like to log into the site 707, take any calculator in the world and type in 1337 + 5317 + 707 to get the password to use for this site, = 7361"

    Not that I know anything, but this sure makes it look like someone on your team doesn't understand how the app works.

    "Does a calculator need to sync with the cloud before you can use it? No, just remember your own name and master password."

    This wasn't the main problem I have though, the main problem is this:

    "This is why your mpsites file isn't a risk: it contains only public information (your name, the name of the site, etc.) None of this information can really assist an attacker with getting into your account - this is why losing an mpsites file does not compromise you in any way."

    It -can- assist an attacker. Why wouldn't it? Let's say you're the attacker and you know the website input of the person you're attacking, you know that they always set their counter to 1, you know that the passwords always are at max strength, all based on information from the plaintext mpsites file, all you now need is the password.

    I don't know how this problem is supposed to be solved. Maybe irreversible hashes are a bad idea and there is no real way of obscuring this data. Maybe there should just be a little disclaimer somewhere on the site that says "bear in mind that any sites you save to your account are saved in plaintext, so if you feel that you need another layer of security, don't save any of the sites or counter values you use and just try to remember them instead'.
    I don't know. All I know is that the site could use a revamp or at least be rewritten to include a few more bits of information and fewer bits of inaccurate information.

    By the way, what does 'stay resident' mean in the user preferences? I can't find anything on what it does and it doesn't seem to do anything anyways.

  3. Support Staff 3 Posted by Maarten Billemo... on 29 Dec, 2018 06:49 PM

    Maarten Billemont's Avatar

    Hi again!

    It is of course perfectly natural to feel the way that you do. There will always be a sense that if you give an attacker any information at all, it will help him compared to not giving him anything. It is only natural to feel this way.

    In the security world, however, we make a clear distinction between public and private information. Public information is information that is freely shared. Private information is information that is only ever in the possession of the person authorized to perform the action. Cryptographic locks are built such that no matter who knows the public information, the strength of the lock is derived from whether or not the user has access to the private information.

    The most important aspect to this distinction is in forcing the algorithm to be designed sufficiently strongly that it must be able to stand 100%, even if the public information is known. Yes, hiding that public information from an attacker will make things harder for him (but in all honesty – if an attacker is willing to invest resources into mounting an attack against your master password, finding this public information will be a trivial effort in comparison, mpsites file or no). In the end, it's about what Master Password was engineered to guarantee. And it was engineered to guarantee that it can withstand an attack even if you give your attacker all your public information. That doesn't mean you should - it just means you're perfectly safe even if it does happen.

    Now, why does the site say the name is integral to the algorithm when I claim that it doesn't contribute to the strength of the lock?

    It is true, your name, as well as the name of your site, are inputs to the algorithm. They're not there for strength, they're there for diversification. The site name makes sure that every site has a unique password. The user's name makes sure that every human has a unique master key (with the obviously infinitesimally unlikely caveat of two humans with the exact same full name and exact same master password having a collision). Furthermore, the user's name functions as a seed to the master key's derivation, which is integral in ensuring malign actors cannot compute a large Master Password rainbow table and then sell that table to every attacker interested in breaking in. If you're curious, I can explain in more detail.

    There is a risk in knowing a little about cryptography, but not knowing enough to know how little you know. Not to discourage you at all: it's great to be concerned about your security, and great to be critical of any security products, so kudos for asking these questions. But be aware that a little bit of knowledge can be a dangerous thing for bias.

    For instance, yes, your name is saved in plain text, but you speak of this as though it forms the basis of an issue. Yes, there is no guard by castle's solid outer wall - you can just walk right up to it. But this isn't a problem. The wall as designed such that the interior security is unaffected, even if an attacker is standing on the other side. Master Password was designed to be just fine, even if an attacker knows who you are and what site you use. Without the ladder that is your personal master password, he can go no further.

    "Stay Resident" means the app stays open in the background, so that when you hit the hotkey (cmd-alt-p) it re-opens without the need to log in again. This could probably be made more clear in the interface.

    I agree that there is definitely room for improvement in communicating the intricacies of Master Password's security properties, but realize that this is a complex topic, and any such communication would need to either be surface level (it's safe, trust me!) or needs to go as far as breaking through the bias of insufficient knowledge - and I can't exactly write up an in-depth cryptography course. It's a challenge! Thanks for your input, though.

    Don't hesitate to let me know if you have any further comments or thoughts on this or related matters.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac