search

LedgerHQ / app-passwords

Password Manager application for Ledger devices
Apache License 2.0
81 stars 22 forks source link

Integrate with libsecret #20

Open TheFrozenFire opened 6 years ago

TheFrozenFire commented 6 years ago

Gnome provides a keyring library out-of-the-box called libsecret. It supports remote password managers, and could in theory be integrated into this app to provide access to passwords, instead of using HID emulation. This approach would presumably mitigate keyloggers as well.

TamtamHero commented 3 years ago

It's a good idea, but from a pure security perspective, if you have a keylogger on your computer, it's just a matter of time until the bad guy gets his hands on libsecrets as well, isn't it?

TheFrozenFire commented 3 years ago

The way that I view security is that it's about mitigations. There is no "perfectly secure" system.

However, HID inputs, especially keyboard inputs, are a promiscuous interface. That's what keyloggers rely upon. There isn't much of a security scheme in place for protecting plaintext HID inputs. The generic interface also means that one cannot layer such a scheme on top.

Moving to an interface like libsecret allows for a much more sophisticated security context. Yes, in theory, you could attack the secrets service directly. But, if that becomes a common attack, that secrets service can be updated to include more effective mitigations against such attacks.

With libsecret, there is a verbose API that allows for some degree of negotiation of secret retrieval. Secret collections can be locked and unlocked, allowing for designs such as timing out the unlock of a collection, requiring the user to unlock the collection again to retrieve passwords from it.

For paranoid users, the Ledger app could also require per-retrieval authorization from the Ledger device.

TamtamHero commented 3 years ago

Sounds good! I had a little look and I think I will go (when I get the time, no ETA :crying_cat_face: ) with https://pypi.org/project/keyring/, which is compatible with Secret Services (the thing which libsecret is using under the hood) but also with other keychains from different OS. It would be a portable tool that would retrieve passwords from the passwords app and copy them in the appropriate keychain. Is this what you had in mind ?

Edit: maybe you were thinking of a system where libsecret is a client of the password app and retrieves passwords only when needed, without storing them in its own database ? That would probably be quite a lot of work, and even more to have compatibility with Windows/MacOS :thinking:

It supports remote password managers

I couldn't find much about this from the docs, did I miss something ?