Slacky Nick Jan 7, 2023

Looking into @passbolt (open-source password manager for teams/personal) and have been impressed so far 🤔 It can be hosted or self-hosted, passwords are encrypted on server, and best of all, they published a security white paper: https://help.passbolt.com/assets/files/Security%20White%20Paper%20-%20Passbolt%20Pro%20Edition.pdf

Some summary:

When you create an account, a PGP key pair is created. The private key is stored locally in browser extensions (and in 2023, desktop apps). This key is wrapped with a local passphrase (different devices can have different passphrases).

To create a new 'item'/secret, the user enters their passphrase to decrypt the private key, which is used to encrypt and sign the item. All sensitive data manipulation happens locally, the server will not have access to decrypted data. This is to remove trust from the server.

By default, for each item, its password and description are encrypted. The resource name (e.g. "Google"), URI (gmail‍.com), username ("...@‍gmail.‍com"), users (that can access the item), and comments (between users) are not encrypted. (This is not a true zero-knowledge system)

Apart from mobile apps (and the desktop apps that are coming in 2023), the interface is a web app (at your domain if self-hosted) but the smart thing is that the server still does not have access to your items/passwords!

Instead, the web app (https://yourdomain.‍com) contains an iframe (moz-extension:‍//). The browser ext decrypts your data and inserts them into this iframe. Thanks to Cross-Origin Policies, the web app/server cannot access your decrypted data, even if it was compromised. This means that decrypted sensitive data never goes to the server, and therefore end-to-end encryption is achieved.

Because it is designed for password sharing among teams, each team member gets their own key pair during sign-up, and thus the secret/password can be encrypted separately for each user with their own public key.

Some huge pluses:
+ Less trust on the server. Sensitive data are manipulated locally. No key derivatives server-side.
+ Open-source, free, self-hosted, open API. Can be used internally without internet access. New features added rapidly.
+ Uses PGP, can use any tools you like.

Some drawbacks (to my understanding):
- Not true zero knowledge system.
- Having to rely on browser exts. Safari support is not prioritised at all.
- Private key is not ephemeral (it's just like a password). No backward secrecy.

One interesting fact to add is that (based on my understanding) given the open-source nature, it's technically possible to detect if the server wants to steal your password via the 'share' function. Because when you share passwords, you need to encrypt them with the recipient's public key. As long as you can verify the public key, you should not be able to get MITM'ed by the server. Also, the server can't share all passwords to itself secretly, if you can verify the public key.

In conclusion, I'm pretty impressed by Passbolt! Thanks for reading and definitely check them out at passbolt.com

Show threadtkteo

@warmwolf

what's your take on KeePass (Classic) or KeePassXC. I think URI, notes and so on are also encrypted. (I think so for both forks of KeePass)

Jan 7, 2023 at 9:19amWeb
Show threadSlacky Nick Jan 7, 2023

@tkteo You are correct: “KeePass database files are encrypted. KeePass encrypts the whole database, i.e. not only your passwords, but also your user names, URLs, notes, etc.” — https://keepass.info/help/base/security.html

KeePass has been around for a while and is quite respectable. However I won’t look too closely because I am not looking for ones with decentralised databases or those without mobile apps.

If anyone have in-depth analysis of Bitwarden, I’d like to know too 👀

Security - KeePass