Heartbleed and SuperGenPass

After an older post of mine a colleague pointed out SuperGenPass to generate different passwords for each service out there from a single master password and the domain name in use. The idea was interesting, especially since it’s all client-side, which sounded very appealing to me.

Unfortunately, it didn’t take long for me to figure out a few limitations in this approach; the most obvious one is of course Amazon: while nowadays the login page even for Audible is hosted at the amazon.com domain, the localized stores still log in on, e.g., amazon.co.uk, but with the same password. Sure it’s easy to fix this, but it’s still a bit of a pain to change every time.

Also, at least the Chrome extension I’m using, makes it difficult to use different passwords for different services hosted at the same domain. You have an option to enable or disable the subdomain removal, so if you disable it, you’ll get different passwords for http://www.example.com and example.com (unlikely to be what you want) while if you enable it, you’ll get the same password for forums.gentoo.org and bugs.gentoo.org (which is not what I want). Yes you can fix it on a per-service basis, but it adds to the problem above.

The last bother in the daily usage of the extension, has been with special characters. SuperGenPass does not, by default, use any special characters, just letter (mixed case) and numbers. Which is perfectly fine, unless you have a website that stupidly insists on requiring you to use symbols as well, or that requires you to use (less stupidly) longer or (insanely stupidly) shorter passwords. You then have to remember.

All three of these complains mean that you have to remember some metadata in addition to the master password: whether you have to change the domain used, whether you’re using subdomain removal or not for that particular service, and whether you have to change the length, or add special characters. It partly defeats the purpose of having a fully stateless hashing password generator.

There is also one more problem that worried me much more: while it makes it so that a leak from a single website would leak your base password for everything else, it does not entirely make it impossible. While there’s no real way to tell that someone is using SuperGenPass, if you’re targeting a single individual, it’s not impossible to tell; in particular, you now know I’ve been using SGP for a while, so if a password for an account named Flameeyes gets leaked, and it looks like an SGP password, it’s a good assumption that it is. Then, all you need to do is guess the domains that could be used to generate the password (with and without subdomain removal), and start generating passwords until you get to the master password used to generate that particular site password. Now you just need to have an educated guess to the domain you’re going to try login as me, and you’re done. And this is with me assuming that there is no weakness in the SGP algorithm — crypto is honestly too hard for me.

And now there is heartbleed — go change all your passwords, starting from xine. But how do you change your passwords when you have them generated? You have to change your master password. And now you have to remember if you changed the password for a given service already or not. And what happens if one of the services you’re using has been compromised before, such as Comixology? Now you have three different master passwords, if not more, and you’re back to square one, like SGP was never used.

So with all this considered, I’ve decided to say goodbye to SGP — I still have a few services that have not been migrated – but not those that I’ve named here, I’m not a moron – but I’m migrating them as I got. There are plenty of things I forgot I registered to at some point or another that have been mailing me to change their password. I decided to start using LastPass. The reason was mostly that they do a safety check for heartbleed vulnerabilities before you set up your passwords with them. I was skeptical about them (and any other online password storage) for a long time, but at this point I’m not sure I have any better option. My use of sgeps is not scalable, as I found out for myself, and the lack of 2FA in most major services (PayPal, seriously?) makes me consider LastPass as the lesser evil for my safety.

6 thoughts on “Heartbleed and SuperGenPass

  1. I used PasswordMaker for Firefox which is like SGP but customizable (some websites do not want special characters, some force you to…) and you can create rules per URLs, however the interface was horrible and I wanted to have my passwords outside of Firefox, so I switched to app-admin/pass. While it means I will have an enormous list of passwords, it’s still more convenient in the end.

    Like

  2. KeePass is better, especially with the KeeAgent plugin (store your certs in KeePass, woohoo) and the browser extensions (not on firefox but who cares about firefox right?)

    Like

  3. = SuperGenPass+ChromeI guess what makes work SGPass work for my use case is that I use it with Chrome. SGPass provides the password generation logic, and I can easily add an extra letter when it’s needed to pass validation. Chrome remembers that modified password, crypts it locally and stores it on servers maintained by competent people.If a website has multiple domains I recover the password for one domain and then Chrome remembers it for the other. I guess LastPass behaves similarly.= LastPassAs for LastPass I can’t help having a bad gut feeling about it: website in PHP, boosts its use of Paros and “Microsoft Application Verifier” (!) in its security section, boosts its use of local crypto but does not secure distribution of the app besides SSL (it’s not “host-proof”, you’re trusting the server anyway).All in all I see a lot of snake oil and weak signals of mediocre software engineering. Or maybe I’m just FUDing.= ClipperzThat one looks interesting. As host safe than my current solution, but cross-browser at the cost of ergonomy (no Chrome extension AFAIK). You may want to look into it.

    Like

  4. Well, honestly I’m not counting on either SGP, LastPass or Chrome for *very* important passwords, such as bank, Revenue, and so on. For those it’s memory and a gpg-encrypted file (with the gpg key on a smartcard). Those are the important ones.For everything else, I want something that is convenient, and sgeps is not convenient at all; SGP is sort-of-convenient but as I said, the few nails over there are enough for me to drop it out of the way. As for using Chrom(e|ium) to store the passwords, HAHAHA. Sorry, the reliability of Chrome to remember passwords is sketchy at best (it requires the website is properly marking its forms, and many are not — let’s not even try to think about our own “Please retype your password” screen that gets prefilled always with the wrong account). And it also assumes that I only ever care about passwords in Chrome, and not in mobile apps.Now as for LastPass image — I’m sorry to say I think you’re just FUDing here:* PHP: their website uses WordPress — I hate PHP as the next SRE (hey, I coined the term “pile of PHP”), but at least WordPress is not “roll your own PHP app” level of quality; I’m honestly not sure what other option you have if your main competence is not CMSs anyway;* Paros I don’t really know but from what I read on [their technology page](https://lastpass.com/whylas… it’s used for automated testing of the webapp — considering I know more widely used apps not receiving any testing, I don’t see it as a wrong thing;* from the same page, it says that “Microsoft Application Verifier” is used for the Internet Explorer plugin — unless I missed that we released something to test IE plugins, it seems like the perfect thing to do.I’m afraid your perception is skewed out of your current very-tight experience; I don’t see “mediocre” engineering in this, I have quite a long list of “mediocre” engineering services that I can think of. And you seem to really just trust one company (and I tend to think that there are more than that one company that do their best and more). If I am to discount any company that does not have the resources or the experience that Google has, well, it’s a very limited market out there and I don’t really want to live in such a world.

    Like

  5. LastPass has been very transparent in their operations so much so that with some effort, I believe you can write your own open source client. At the very least, it is enough to write your own encryption/decryption client and audit that extra stuff isn’t be stored and that the encryption/decryption is sound according to your own criteria. There have been some very detailed forum posts and Steve Gibson’s Security Now podcast episode 256 that disclose significant detail of what hashes are used for what and how things are encrypted and salted and such.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s