grahamking / kip

Command line script to keep usernames/passwords in gnupg encrypted text files.
GNU General Public License v3.0
22 stars 6 forks source link

Decryption on foreign computer #7

Open grahamking opened 12 years ago

grahamking commented 12 years ago

I would like to address the "wife's laptop" problem: I'm not at my computer, I'm at my wife's laptop, or at a library computer, or on a friends iPad, and I need my password.

Things that probably won't work

1) An easy and good solution is to put your keys on a USB stick, along with Gpg4win. Does that require any support from kip? I don't think so - gpg4win should be able to decrypt the files directly.

This only works if I can get to the USB port of the machine. At my library the computer might be locked down. My iPad does not have a USB port.

2) In-browser client-side decryption in Javascript. There is a JS opengpg library, but it only does encryption. The author says "Many people ask me about decryption in Javascript. I don't think that it could be really useful to do decryption in Javascript, because it requires the secret key and I would never paste my secret key in a web form." Decrypting the files on the client requires us to send your secret key to a potentially hostile computer.

Idea

I think using HTTP / a browser is the simplest and most widely available interface.

We should definitely use SSL, although we can probably leave that for external tools, such as stunnel (or any SSL and proxy capable web server).

We could decrypt everything server-side before you go travelling, and re-encrypt it with a "disposable" symmetric cipher, which also has a JS implementation, such as AES.

We add a kip server command which waits for a glob as the url path, and sends you the AES encrypted file, along with some JS. On the client the JS asks you for the passphrase and decrypts the file.

We can also use HTTP basic-auth to discourage people more.

Once you get back home you stop the kip server and delete the symmetric files. You're only at risk during your travels.

I would probably forget to do this before I leave, so setup must be simple enough that I can talk a friend through it on the phone ("Turn on my computer and type ssh remote_machine, now type kip server, ok enter this as the passphrase, that's it thanks!")

I think using SSL will protect us from network caches, and doing decryption in JS will protect us from the browser's cache.

This requires you to have an Internet visible server you can run stuff on.

What if there is a key logger on the machine I'm using?

Once we have a basic plan I can ask for feedback on a crypto forum.

@yml, @sethtrain, @wrb What do you think?

ghost commented 12 years ago

Wife's computer or a more of your computers should be fairly easy, just grab Dropbox or any similar service, since the unencrypted data are never committed to the filsystem. Unless I can't read source code that is.

Library computer is worse. I like your idea in general though I'm not sure how good would AES in javascript be. It also seems kind of redundant -- you are already using SSL to protect yourself from network sniffing (and you presumably have your server's fingerprint on a paper with you). It makes sense however if you really don't want to have both data and key on any computer for a long time.

Another way would be to use one time passwords -- generate asymmetrically encrypted data and use OTP to acces it (through SSL and http-basic) and when you session is done, press a button that makes the switch to the next OTP. That requires the remote computer to have the data in plain however.

grahamking commented 12 years ago

The idea of doing part of the decryption on the server (AES) is that it should defeat any browser caching / logging. It it's just in HTML the browser might write the page to the disk - browsers cache HTTPS content just like HTTP content.

I love the idea of one-time passwords. Maybe a combination of a passphrase and a one-time PIN code. "Web-based methods" here looks possible: http://en.wikipedia.org/wiki/One-time_password#Web-based_methods

yml commented 12 years ago

cherokee admin is using onetime password to secure the admin.

as the side note there is a gpg an attempt to write GPG client in in JShttps://github.com/GPGTools/Mobile .

On Fri, Mar 30, 2012 at 7:31 PM, Graham King < reply@reply.github.com

wrote:

The idea of doing part of the decryption on the server (AES) is that it should defeat any browser caching / logging. It it's just in HTML the browser might write the page to the disk - browsers cache HTTPS content just like HTTP content.

I love the idea of one-time passwords. Maybe a combination of a passphrase and a one-time PIN code. "Web-based methods" here looks possible: http://en.wikipedia.org/wiki/One-time_password#Web-based_methods


Reply to this email directly or view it on GitHub: https://github.com/grahamking/kip/issues/7#issuecomment-4847292

grahamking commented 12 years ago

Another option is, at the web cafe, download putty.exe, ssh to your server, and just run kip (with --print option) there.

(some time later, having though about it)... but then the web cafe (which we assume is running a key logger) has your ssh password. Double plus bad.

grahamking commented 12 years ago

Some thoughts:

grahamking commented 12 years ago

It sounds like javascript encryption doesn't add much security over SSL, like wrb mentioned. See Javascript Cryptography Considered Harmful. We can set headers to ask the browser not to cache the page.

Interesting discussion about key loggers at security.stackexchange.com. In short if you can't trust the client (web cafe machine), you shouldn't log in.

That said, there seems to be two ways to have secure login from an untrusted computer:

  1. Two-factor authentication. Combining "something you know", which is your passphrase, with "something you own", usually a physical security token, such as a SecurID. The Yubikey looks cool, but it requires USB port access and, well, I don't think we can expect people to buy a device to use kip.
  2. One time passwords. This is great, but I can't think of a way to manage it. You can't memorise them all.
    • Do you print out a big list and carry it around with you? That works for a short time, like a vacation, but not for random access on my wife's computer.
    • Do you use sentences from a book, like in a spy novel? You would only need to capture a couple of sentences for Google to find the matching book.

Unless we can come up with an elegant way of making one-time passwords, I think we should drop the requirement to be secure on an insecure client (web cafe), and focus on allowing access on a trusted machine (wife's laptop, friends house) which doesn't have kip / gpg on it. That's a much simpler scenario. As long as we're over SSL, we can ask for the secret key's passphrase.

GPG allows you to change your passphrase without changing your secret key, the passphrase just encrypts your secret key.

grahamking commented 12 years ago

Pull request in #11