May 18, 2012
A recent study by Elcomsoft questioned whether sixteen popular password keepers live up to their claimed levels of protection. The article uses many terms familiar to security experts but not to everyday users. At Ascendo, we received many emails from concerned customers. This article attempts to demystify some of the concepts discussed in the study to help non-security experts make informed decisions about password managers.
A basic feature of most password managers is data encryption using ciphers such as AES and Blowfish. A cipher is simply a mathematical formula which uses a string of characters (encryption key) and a user password to turn plain text into something unreadable. To read the information a hacker needs access to the encrypted data, encryption key, password and the formula used to encrypt the data.
One way to access the encrypted data is to obtain the device. A password manager can’t stop a thief but it can provide an alert if a person obtains your device, starts your password manager, and enters the wrong password.
Another way to access your data is to obtain a backup, however some operating systems embed a device identifier so that decrypting them is nearly impossible without the unlocked device. For example, iOS uses information from the Keychain to protect backups. Apple provides developers with access to store data in the Keychain for additional security.
The next challenge for a hacker is trying to obtain the encryption key. To make this as difficult as possible, most password managers do not store the encryption key in the app but use a formula and the user password to derive it. These formulas are generally referred to as Hash function and often include “SHA” in their names.
The master password is the key element stopping a hacker from accessing your data. It is very important that password managers avoid storing the master password in the app itself. However, as the Elcomsoft study explains, many password managers do store the master password, or an easily decipherable version of the master password, in the app itself.
This leads to a common question. If the master password isn’t stored in the app, then how does it know if the user entered the right one? Good password managers use a sophisticated Hash algorithm, applied over and over to the master password to produce a derived value or “hash” of the master password. This hash should be stored in a secure place such as the Apple Keychain. When a user enters their password, the same Hash algorithm is performed to see if the derived value is the same. It’s important to note that calculating the master password from the hash is virtually impossible.
If a hacker can’t find the master password in the app, they must try guessing it using techniques generally referred to as password recovery attacks.
The first line of defense is choosing a long master password containing many types of characters. If you limit the master password to four digits, there are only 10,000 possible combinations. If you increase the length of the master password to 8 alphanumeric characters, the number of combinations increases to 8 (characters) to the 38th power (26 alpha + 10 numeric) and even more if you include special characters such as “!@#$%”. Even a supercomputer would take a very long time to generate all possible combinations.
The second line of defense to a password recovery attack is to make it difficult to submit a guess. In the Apple environments, this can be done by storing the hash in the Apple Keychain so the hacker would need to get through two levels of security. In metaphorical terms,this would be like breaking into Fort Knox only to find the vault of the Bank of England.
All security systems are vulnerable to attack and experts such as Elcomsoft do a good job of describing these risks. However, good security software can make hacking your data an extremely difficult undertaking. While not invincible, a well designed password manager offers considerably more protection than commonly used alternatives.
by Marc Bolh
Founder & CEO of Ascendo
Developer of DataVault Password Manager