Idea: "Paranoid" mode

[etipton]

@ryanjohns I'd be interested in implementing this if you think it's a good idea...

Basically, I want the option to utilize asymmetric encryption via RSA keys. This will allow me to store a version of my Passmaster instance on a USB thumb drive, which will require two things for decryption:

1. My password
2. The RSA private key (only present on the thumb drive)

My preferred workflow would then be to plug in my thumb drive when I need the ability to access my passwords, enter my password once, use the "Never expire" option for session timeout, and be able to access my passwords from the thumb drive instance until I remove the drive.

Two-factor authentication can (should) be utilized as a fallback to generate new RSA keys, in case the thumb drive is lost or stolen.

What I'm NOT sure about is how to handle Passmaster mobile since obviously a USB drive / on-device storage isn't really an option there. Maybe for "paranoid" mode we could just inform the user that mobile won't be an option.

[ryanjohns]

Can you add some more specifics in here? I'm not sure I fully understand how this would work or the benefits. How would RSA keys be generated and how do they work with the master password? Also, what do you mean by "store a version of my Passmaster instance on a USB thumb drive"? How would syncing to the server work?

[etipton]

FYI, I'm trying to gather my thoughts on this. Good questions that are making me really think through it. I'll respond in the next couple days hopefully.

[ryanjohns]

No worries! Take your time. :)

[etipton]

Update:

I think what I want is the best of two worlds, each of which applies to different types of passwords / data:

1. Passmaster as it exists today (encrypted data stored in cloud behind a login, and decrypted server-side). This is great for almost everything, and I love the ability to get my password from anywhere. The downsides are a.) if someone knows my master password, they can access anything from anywhere (see note about MFA below), and b.) I am hesitant to choose the "Never" Auto-lock option in case I forget to log out at an Internet cafe or something (see #2 below for why this is relevant).
2. Ability to store extremely sensitive passwords that can only be retrieved by having a physical device (USB stick) present - BUT, if that device is present, after entering password once, there's no need to enter again until after the device has been removed. aka, since the device is present, forget the concept of a "web session." This would be helpful for me because I like to have Passmaster easily accessible when I'm working on my laptop, and the highest level Auto-lock option (1 hour) gets annoying because it times out several times a day.

MFA works for #2 from a security standpoint, except that the current functionality seems to set a cookie or something so that it doesn't ask for the authentication code on every login -- for uber-security, I would want to disable this, BUT, then the friction of logging in is much higher than a system that simply detects that a RSA key exists.

I know that software exists for #2 (with private RSA keys stored on thumbdrive). But it doesn't have a "cloud" option for passwords that are a good fit for something like Passmaster.

So... I think I'd have to amend my initial idea slightly... I'd want the uber-secure, check-for-RSA-key security level to be an option on a per-password level, not at the overall preferences level.

---

"How would RSA keys be generated and how do they work with the master password?"

RSA keys can be generated client-side with javascript, pushing the public key to the server AND (very importantly) prompting the user to download and save the encrypted private key. The master password would be used to symmetrically encrypt / decrypt the private RSA key.

Also, what do you mean by "store a version of my Passmaster instance on a USB thumb drive"?

By this I mean basically the same thing that currently gets sent when a backup is emailed. BUT if the private key file is bundled with the html file, as I'm imagining it on the USB drive, that's what allows the uber-sensitive passwords to be decrypted (no Internet connection needed).

How would syncing to the server work?

The public RSA key would need to be uploaded and stored server-side, for encrypting future passwords. Otherwise everything would be handled client-side.

[etipton]

Also, I realize that this is overkill 99.9% of the time. It was kinda fun to think about and geek out over just now though, haha.

@ryanjohns I don't expect you to read and respond anytime soon, BUT if you find any holes in my logic, let me know :)

[etipton]

Slight amendment to this, as I have been thinking about this today... I wouldn't actually want the encrypted passwords (the "backup") to exist on the USB drive along with the private key, as from a security standpoint this would just be a more-roundabout way of just encrypting the USB drive itself but otherwise storing the passwords on it in a .txt file or something.

Anyway, stepping back to a 1,000-foot view --

What I'd like is for when I think "I need my [X] password", all I have to think is "passmaster" -- currently, that is the case for most of my passwords, but I still have some passwords that I'd like to protect via an on-disk RSA key (256 bits to decrypt vs a "standard password"), and so if there's a way to roll everything into one easy-to-use system -- and even keep it using all web (non-native) tech, despite the need for accessing a local file -- that would be rad.

[etipton]

Most important conclusion here is... I ❤️ Passmaster and thanks for writing + maintaining it @ryanjohns :)

Whenever someone mentions LastPass / some other system, it just makes me feel more comfortable with the trust level I have in passmaster.io over those systems.

[etipton]

Happened to re-discover this. I still have a vision for what I was trying to describe here -- what we can now just call "Yubikey integration" (I didn't know about Yubikeys before) -- but going to close since it's likely overkill / unnecessary.