Security
A Periodic Table of password managers
As was mentioned in the context of the Fedora Project's new password-selection rules, keeping track of the glut of "low-value" passwords that accumulate in daily web usage prompts many users to look into password-management applications. In theory, a password list saved to a file encrypted by a suitably strong algorithm beats a desk covered in sticky-notes or a single, re-used-everywhere password — provided that you remember the password that unlocks the password vault file itself. Not all such utilities are created equal, however, especially when you consider factors like usability and cross-platform compatibility.
Although this tour of password managers is limited just to those with a desktop Linux build, it is important to consider whether or not versions of the application exist for other OSes, so that you can have access to web site passwords when away from home base. These days, after all, the list of non-native OSes includes not just Windows and OS X, but mobile platforms like Android as well. It is also important to distinguish between the classes of secret information you need to store — some applications provide a simple scratchpad on which you can jot any username/password combination in plain text, while others attempt to manage OpenPGP and SSH keys as well, complete with key-signing, key lookup, and other related functionality.
The available options also vary in security-related features. Some provide a mechanism to create and manage multiple "password safes" at once, while others associate just a single safe with the active user account. The encryption algorithms used to lock the password safe are well-known and reliable, but some applications go out of their way to provide additional security through key strengthening techniques, such as hashing the original passphrase through multiple rounds (typically thousands of iterations, known as "key stretching") and/or applying a salt. Those techniques can make attacks against the password using rainbow tables or brute force more difficult or impossible. A few applications also make a point of using locked (with mlock()) memory, which prevents the kernel from swapping pages containing cleartext passwords out to disk where those passwords could be recovered by an attacker.
The noble desktop-environment natives
GNOME and KDE both provide an "official" GUI application for managing keys and passwords, each of which is a front-end to the environment's built-in key-management service. GNOME's offering is Seahorse, which serves as a front-end to GNOME Keyring, and KDE's is KWalletManager, a front-end for KWallet. Naturally, each inherits core functionality like the vault-encryption algorithm from its respective back-end service.
![[Seahorse]](https://static.lwn.net/images/2011/pwmgr-seahorse-sm.png)
Seahorse and GNOME Keyring use AES-128 to encrypt the password safe, with a salt and multiple hash iterations applied to the password, and use locked memory. Seahorse separates your managed "secrets" into three tabs: one for passwords, one for your personal OpenPGP and SSH keys, and one for the public keys you have collected for others. You can create multiple "password keyrings" (as Seahorse calls them) while in the password tab, though Seahorse will continue to collect automatically-saved passwords (such as those used by online services integrated with GNOME) in the default password keyring. There is not a facility to export a password keyring to an external file, and Seahorse can only import raw keys (as opposed to encrypted files produced by other applications).
KWallet and KWalletManager use the Blowfish algorithm to encrypt the password safe. The safe's password is put through multiple hash rounds, although I have not found a clear description of either salting or locked memory usage. KWallet's approach to managing your secrets collection is different — whereas GNOME Keyring allows you to create separate "password keyrings" that are distinct from the collection of encryption keys, KWallet allows you to create separate "wallets," each of which can contain several types of credentials (passwords included). It, too, does not include functionality for exporting a password safe to an external file or importing the password safes of other applications.
The Schneier-ides
Security guru Bruce Schneier developed his own password safe application — for Windows only — called simply Password Safe, which currently sits at version 3.26. The Windows-only nature of the project has prompted several independent attempts to duplicate its functionality (with file-format compatibility) on other OSes.
![[MyPasswordSafe]](https://static.lwn.net/images/2011/pwmgr-mypasswordsafe-sm.png)
MyPasswordSafe is a Qt-based Password Safe work-alike designed to run on Linux desktops. The last formal release was in 2004, however the project has migrated to Github, and there have been sporadic commits to the code as recently as early 2011. MyPasswordSafe uses Blowfish to encrypt the password safe, but the FAQ makes a point of playing down any other security features (including explicit mention that locked memory is unsupported). On the other hand it does provide a feature to copy passwords to the clipboard, and then automatically clear the clipboard after the password has been pasted. The application supports the creation of multiple safes. Like the original Password Safe, it implements password storage only, but allows you to associate each saved password with a title, username, and text notes.
Password Gorilla is another clone of Schneier's application, which uses Tcl/Tk for its GUI, and is still in active development. It supports Linux, Windows, and Mac OS X, and claims to maintain compatibility with the current 3.2-series of Password Safe, something that might be problematic for the older MyPasswordSafe. Multiple password safes are supported, encrypted by the Twofish algorithm, and protected by key stretching. As is the case with MyPasswordSafe, only password storage is implemented, and using the same schema. Password Gorilla can export a password safe as a plain (unencrypted) text file, and can open safes created in Password Safe or MyPasswordSafe.
There are several projects implementing Password Safe-compatible functions for the major mobile device OSes, some of which are open source. Passwd Safe is an Android application, and pwSafe is an app for iOS. Both support multiple password safes, and are under active development. PwSafe uses Twofish to encrypt the password safes, and salts and stretches the key.
The KeePass series
KeePass is another password manager that originated on Windows. Like Schneier's work, it was open source. However, when the project undertook a rewrite for version 2.0, it switched to Microsoft's .NET application framework, adopted several Windows APIs, and changed its file format. The project has continued to release updates for both the 1.x and 2.x series. Although it is possible to make KeePass 2.x run using the Mono implementation of .NET — with some effort — the rewrite has largely isolated the Windows code base from other platforms.
A friendly (at least, friendly enough to be linked to from the KeePass site) fork of the code called KeePassX has continued development from the 1.x branch, simultaneously supporting Linux, OS X, and Windows. KeePassX sports more flexibility than many of the other password managers; it can use either AES or Twofish to encrypt password safes, and can incorporate other authentication mechanisms, such as the presence of a "key file" in addition to a password. The original KeePass application used protected memory, password salting, and key stretching; KeePassX forum users routinely point those asking questions to the KeePass documentation, which suggests that those features have not faded away, though KeePassX does not make any representations to that effect. For file format compatibility, KeePassX would need to preserve the same password-hashing scheme, of course, but locked memory (particularly on non-Windows OSes) is another story.
![[KeePassX]](https://static.lwn.net/images/2011/pwmgr-keepassx-sm.png)
Feature-wise, KeePassX supports multiple password safes, and within each safe allows you to create named groups of saved passwords. Two are provided by default with new safes, "Internet" and "Email." Each password entry comes with several associated fields: Title, Username, URL, the password itself, Comments, an optional expiration date, an icon, and optional file attachments. KeePassX can import password safes from most other password managers, including the Schneier Password Safe and its clones and KWallet's internal XML format. Individuals have posted instructions for converting other password manager files to the forums. KeePassX can export its safes to plain text or unencrypted XML.
There are also unofficial KeePass "ports" to popular mobile platforms, including Android and iOS. The Android application KeePassDroid is open source, as is one of the iOS apps, iKeePass.
The rest
Several password managers are still available through the major distribution's repositories, even though they are no longer actively developed. Of note are Revelation and Figaro's Password Manager (FPM), both written for GNOME.
Revelation focused on password safes, but could open other encrypted files, including those encrypted with LUKS. It could import password safes from several other applications, including Password Safe, and could export safes to many of the same formats in addition to unencrypted XML. It used AES-256 to encrypt the safe, with the password salted and iteratively hashed. Within each password safe, it supported ten specific "secret" types, each of which had its own combination of database fields: phone, credit card, cryptographic key, shell account, FTP account, email, web site, database, door lock code, and generic. You could create folders within each safe to further group your passwords. Revelation ceased development in 2007.
In addition to the standard password safe feature set, FPM added the ability to launch applications by clicking on an entry in the password list — primarily a web browser, but user-configurable for any executable, on a per-password basis. It also supported copying saved passwords to either the system clipboard or to the X primary selection (so that they could be pasted with a middle-click). FPM protected the password safe with Blowfish, and used locked memory. It supported multiple safes, and could import safes from several other applications of the same age.
![[FPM2]](https://static.lwn.net/images/2011/pwmgr-fpm2-sm.png)
Although FPM's last release was in 2003, another developer independently started a fork called FPM2, which is still undergoing active development. The basic feature set is the same, but it adds several enhancements. First, it encrypts the safe with AES-256, and adds key stretching for additional protection. It also allows you to assign a "category" text label to each saved password, and extends the "launcher" concept. FPM2 launchers can be configured to pass other arguments (such as hostname or username) from each saved entry to the launched application. It can also launch a URL in the browser, and at the same time copy the associated username to the clipboard and the password to the primary selection.
Pick your poison
These days, all of the actively-maintained password managers offer rough parity on the security of stored password safe — at least on the Linux desktop. A bigger question is whether or not the existence of compatible applications for your mobile device is important, since, depending on the device, you may not be able to assess the security risks inherent in that platform. Using a mobile client also supposes that the password safe is retrievable, so it must either be stored in a location accessible from the Internet, or be periodically synchronized between the PC and device.
For a casual user, the built-in password managers supplied by GNOME and KDE are probably sufficient, considering that they are already used to manage OpenPGP, SSH, and other credentials. The Schneier and KeePass families primarily offer better cross-OS support and usability niceties (such as extended data fields for each password entry and import/export for other formats). Whether or not you can make use of those features, of course, depends largely on the number of passwords you are required to juggle and how many machines you need to use.
Brief items
Security quotes of the week
A really strong password is one that nobody else has ever used.
That's all you need. More complicated advice about password length or using numbers and punctuation just leads to 'Password1!' if its not motivated by finding something unusual enough to be globally unique.
New vulnerabilities
acroread: be afraid
| Package(s): | acroread | CVE #(s): | CVE-2011-2424 CVE-2011-2431 CVE-2011-2432 CVE-2011-2433 CVE-2011-2434 CVE-2011-2435 CVE-2011-2436 CVE-2011-2437 CVE-2011-2438 CVE-2011-2439 CVE-2011-2440 CVE-2011-2442 | ||||||||||||||||||||
| Created: | November 8, 2011 | Updated: | November 21, 2011 | ||||||||||||||||||||
| Description: | The proprietary acroread tool has a whole long list of vulnerabilities leading to code execution when a PDF file has a specially-crafted SWF file embedded within it. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
ffmpeg: code execution
| Package(s): | ffmpeg | CVE #(s): | CVE-2011-3973 CVE-2011-3974 CVE-2011-3504 | ||||||||||||||||||||||||||||||||||||
| Created: | November 8, 2011 | Updated: | August 30, 2012 | ||||||||||||||||||||||||||||||||||||
| Description: | The Chinese AVS video decoder in ffmpeg suffers from multiple memory corruption and application crash errors (CVE-2011-3973/CVE-2011-3974). There is also a vulnerability in the Matroska decoder (CVE-2011-3504) that can enable code execution via a malicious media file. | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
firefox, seamonkey: cross-site scripting
| Package(s): | seamonkey firefox | CVE #(s): | CVE-2011-3648 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | November 9, 2011 | Updated: | July 23, 2012 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | A flaw in firefox's and seamonkey's handling of multibyte character sets can lead to a cross-site scripting vulnerability. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
firefox, seamonkey: privilege escalation
| Package(s): | iceape seamonkey firefox | CVE #(s): | CVE-2011-3647 CVE-2011-3650 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | November 9, 2011 | Updated: | July 23, 2012 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | Firefox's and Seamonkey's addon-handling code contains an unspecified privilege escalation vulnerability (CVE-2011-3647), and JavaScript profiling can lead to memory corruption (CVE-2011-3650). | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
icedtea-web: sandboxing failure
| Package(s): | icedtea-web | CVE #(s): | CVE-2011-3377 | ||||||||||||||||||||||||||||||||||||||||
| Created: | November 9, 2011 | Updated: | March 14, 2012 | ||||||||||||||||||||||||||||||||||||||||
| Description: | A flaw in the same-origin policy implementation in the icedtea-web browser plugin can enable malicious Java | ||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||
kernel: multiple vulnerabilities
| Package(s): | kernel | CVE #(s): | CVE-2011-4081 CVE-2011-4077 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | November 7, 2011 | Updated: | December 20, 2011 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Red Hat bugzilla entries [1, 2]: CVE-2011-4081: The ghash_update function passes a pointer to gf128mul_4k_lle which will be NULL if ghash_setkey is not called or if the most recent call to ghash_setkey failed to allocate memory. This causes an oops. Fix this up by returning an error code in the null case. This is trivially triggered from unprivileged userspace through the AF_ALG interface by simply writing to the socket without setting a key. The ghash_final function has a similar issue, but triggering it requires a memory allocation failure in ghash_setkey _after_ at least one successful call to ghash_update. CVE-2011-4077: A flaw was found in the way Linux kernel's XFS filesystem implementation handled links with pathname larger than MAXPATHLEN. When CONFIG_XFS_DEBUG configuration option was not enabled when compiling Linux kernel, an attacker able to mount malicious XFS image could use this flaw to crash the system, or potentially, elevate his privileges on that system. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
kernel: information disclosure
| Package(s): | kernel linux | CVE #(s): | CVE-2011-2494 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | November 9, 2011 | Updated: | October 24, 2012 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | The taskstats interface fails to enforce access restrictions, allowing hostile processes to obtain more information than is called for. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
mahara: multiple vulnerabilities
| Package(s): | mahara | CVE #(s): | CVE-2011-2771 CVE-2011-2772 CVE-2011-2773 | ||||
| Created: | November 7, 2011 | Updated: | November 9, 2011 | ||||
| Description: | From the Debian advisory: CVE-2011-2771: Teemu Vesala discovered that missing input sanitising of RSS feeds could lead to cross-site scripting. CVE-2011-2772: Richard Mansfield discovered that insufficient upload restrictions allowed denial of service. CVE-2011-2773: Richard Mansfield that the management of institutions was prone to cross-site request forgery. (no CVE ID available yet): Andrew Nichols discovered a privilege escalation vulnerability in MNet handling. | ||||||
| Alerts: |
| ||||||
man2html: cross-site scripting
| Package(s): | man2hhtml | CVE #(s): | CVE-2011-2770 | ||||
| Created: | November 7, 2011 | Updated: | November 9, 2011 | ||||
| Description: | From the Debian advisory: Tim Starling discovered that the Debian-native CGI wrapper for man2html, a program to convert UNIX man pages to HTML, is not properly escaping user-supplied input when displaying various error messages. A remote attacker can exploit this flaw to conduct cross-site scripting (XSS) attacks. | ||||||
| Alerts: |
| ||||||
moodle: multiple vulnerabilities
| Package(s): | moodle | CVE #(s): | |||||
| Created: | November 7, 2011 | Updated: | November 9, 2011 | ||||
| Description: | From the Debian advisory: Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning:
| ||||||
| Alerts: |
| ||||||
nss: insecure pkcs11.txt load path (possible code execution)
| Package(s): | nss | CVE #(s): | CVE-2011-3640 | ||||||||||||||||||||||||
| Created: | November 7, 2011 | Updated: | January 5, 2012 | ||||||||||||||||||||||||
| Description: | From the CVE entry: ** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug." | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
openswan: denial of service
| Package(s): | openswan | CVE #(s): | CVE-2011-4073 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | November 3, 2011 | Updated: | September 12, 2013 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Red Hat advisory: A use-after-free flaw was found in the way Openswan's pluto IKE daemon used cryptographic helpers. A remote, authenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon. This issue only affected SMP (symmetric multiprocessing) systems that have the cryptographic helpers enabled. The helpers are disabled by default on Red Hat Enterprise Linux 5, but enabled by default on Red Hat Enterprise Linux 6. (CVE-2011-4073) | ||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||
perl: multiple vulnerabilities
| Package(s): | perl | CVE #(s): | CVE-2011-3597 CVE-2011-2939 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | November 3, 2011 | Updated: | January 29, 2014 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Red Hat bugzilla entries [1, 2]: CVE-2011-3597: A flaw was reported in perl Digest module's "Digest->new()" function, which did not properly sanitize input before using it in an eval() call, which could possibly be exploited to inject and execute arbitrary perl code. CVE-2011-2939: Perl bundles 'Encode' module that contains 'Unicode.xs' file where a heap overflow bug has been fixed recently. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
xen: code execution
| Package(s): | xen | CVE #(s): | CVE-2011-3262 | ||||||||
| Created: | November 7, 2011 | Updated: | November 9, 2011 | ||||||||
| Description: | From the Debian advisory: CVE-2011-3262: Local users can cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image. | ||||||||||
| Alerts: |
| ||||||||||
Page editor: Jake Edge
Next page:
Kernel development>>