-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support sharing passwords #79
Comments
I looked into services that could be (mis-)used for this:
With the is.gd API being so simple to use (also, see their ethics commitment), the first option might be viable. Still, having to rely on two services for this seems suboptimal. |
After thinking more about this, I am leaning strongly towards combining a regular storage provider (Dropbox, Google Drive) with is.gd. This has the advantage that the same account can be used for sync and sharing. Also, while the person sharing their passwords needs to select a storage provider, the receiver only needs to type in the share name - is.gd will redirect to the proper storage provider, so it doesn't have to be known. This setup has the additional advantage of adding to the transparency, at least in case of Dropbox - the user can always verify what data is stored in their account. Share update can happen immediately when a password is updated, this especially affects editing notes. This way unnecessary uploads can be avoided, and passwords will always be unlocked on a share update. Surfacing an error should also be easier then. In addition, when a password is transformed (meaning in particular "Generate a new password for this user name" and "Replace by PfP 2.x password" features), the default should be adding the new password to the same shares as the original one. Users should have a way to disable automatic sharing however. I decided that sharing settings shouldn't be part of either backups or sync. The important consideration here is that sharing should always be performed by a single device, not multiple devices potentially uploading conflicting shares. Also, keeping shared passwords after they have been "unshared" should require non-trivial effort. The disadvantage is: if data is lost, sharing has to be set up from scratch, meaning in particular that all recipients have to learn the new share name. |
I might have been overly optimistic here. Fixed salt allows running this attack against all password shares simultaneously. So if in theory at some point PfP becomes wildly popular and its users create 100 million shares (yeah, like that’s gonna happen 🥲), attackers trying out all possible share names will have 100 million higher chances of hitting one that’s used. This will still take 150 years if their hardware can run 10,000 key derivation operations per second but… From the cryptography point of view, this scheme needs a salt. It might be the name of whoever shares passwords that the receiver will have to enter in addition to the share name. Or maybe shares should have human-readable names in addition to the code. If I am implementing this, I’m currently strongly leaning towards setting up a minimal service for it rather than relying on third parties. The share creator will be able to upload their data under a name of their choosing, and they will have the edit key required for updating the data. The receiver will only be able to download the data. This is simple enough to implement, and it doesn’t rely on third parties keeping their service alive and available to us. Never mind that their approach to privacy might be suboptimal. |
Most password managers use RSA to share passwords. This approach has a critical weakness: you have no way of knowing that the public key you share the passwords with belongs to the right person. Most of the time this boils down to trusting the server, not something we want to have here.
I see a better way however:
ABCD-EFGH-JKLM-NPQR
Some additional considerations:
The text was updated successfully, but these errors were encountered: