From a424531a8a59f54defed6981841f05f6fd591622 Mon Sep 17 00:00:00 2001 From: Maarten Billemont Date: Fri, 13 Mar 2015 09:56:28 -0400 Subject: [PATCH] Some more anchors on secutity.html. --- Site/2013-05/security.html | 8 ++++---- Site/2013-05/sync | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Site/2013-05/security.html b/Site/2013-05/security.html index 8e28554f..78255f7c 100644 --- a/Site/2013-05/security.html +++ b/Site/2013-05/security.html @@ -340,21 +340,21 @@
-

Changing your master password

+

Changing your master password

results in all your site passwords to change, since they are the mathematical result of your master key, which in turn is a mathematical result of your master password. That means, if somebody learns your master password, you'll need to reset all your site passwords to new ones. It also means the solution is incompatible with "password recovery". It is your responsibility to think of a good and memorable master password, and more importantly, ensure that nobody learns your master password. If you chose to share it anyway (say, with your spouse), you should do so in full expectation that you'll need to change all your sites' passwords if your trust relationship with them degrades.

This trade-off is a direct result of the desire to create a stateless solution which is immune to data loss. The solution relies entirely on the master password you can remember, which means that the only point of failure is now entirely under your control.

-

Custom passwords

+

Custom passwords

are sometimes still a necessity. You may want to store a password you've been using for a long time in your manager, or your boss may have set an unchangeable password on your computer for you to use. Since Master Password's passwords are a mathematical result of your unchanging master password, it is impossible for it to be used with passwords that are created via another way.

The Master Password application however functions as a hybrid password manager, implementing both the Master Password algorithm and a vault-like password solution. In the second mode, Master Password uses your master key to encrypt custom passwords and store the encrypted result in a vault. Since we use the master key for this process, the result is a vault that is much harder to break into than that used by many other vault-based password solutions (specifically because the encryption key is a large key derived from your master password using scrypt key derivation). As a result, this trade-off has been mitigated.

-

Password templates

+

Password templates

are the presets that tell Master Password what your final password should look like. They specify where to put the letters, numbers or other characters. We've made the decision to only provide a set of template presets rather than allowing users to determine their own templates to use for a site. As a result, you cannot chose to design your own custom template, such as, "a 6-digit password that starts with a lower-case letter".

This decision has been made in the interest of password recovery after a total loss scenario. Recovering the correct password for sites that use such custom templates would be extra difficult, since now you're forced to recall the specific custom template you drafted for this site. This problem becomes more difficult the more sites you've made custom templates for.

As a partial mitigation of this trade-off, we've created a set of password templates designed to cover nearly all use cases. The default template should work on nearly all websites. When this template fails, it's usually because the site imposes a low maximum-password-length restriction. This type of restriction is a serious red flag which almost always indicates a sloppy security implementation on their end. When you encounter it, you should @@ -362,7 +362,7 @@

-

A one-factor solution

+

A one-factor solution

is an authentication solution that requires only one factor of security. Master Password is a one-factor solution since its security relies solely on "something you know". That means, if somebody steals your master password, that's all they need to gain access to your sites. The alternative is usually a two-factor solution which relies on two distinct security factors, such as "something you know" and "something you have". Now, when somebody's obtained the "something you know", they'll still need to obtain the "something you have" before they can break in. The most popular example of a two-factor solution is a bank card: Your PIN number is the secret you know, but with the PIN alone a thief can't get to your money. They'll need to first steal your card as well.

A vault-based password manager is often considered two-factor, since it relies on your vault password as well as access to your vault file. Most security experts disagree, however. To be truly multi-factor, the security factors should come from separate categories:

diff --git a/Site/2013-05/sync b/Site/2013-05/sync index 0aa09492..cb65aefb 100755 --- a/Site/2013-05/sync +++ b/Site/2013-05/sync @@ -2,5 +2,5 @@ set -e cd "${BASH_SOURCE[0]%/*}" -s3cmd sync --exclude '.git/**' --delete-removed --follow-symlinks --preserve --acl-public --reduced-redundancy . s3://masterpasswordapp.com/ -rsync -avPL --no-group . satura.lyndir.com:/usr/local/www/masterpasswordapp.com/htdocs-secure/ +s3cmd sync --exclude '.git/**' --follow-symlinks --preserve --acl-public --reduced-redundancy "${@:-.}" s3://masterpasswordapp.com/ +rsync -avPL --no-group "${@:-.}" satura.lyndir.com:/usr/local/www/masterpasswordapp.com/htdocs-secure/