Security Question - Random String

[gamedevsam]

In the protected memory section, I see the random string is always the same. Could another extension with knowledge of this random string access the protected memory of this extension, and decrypt the master key?

[subdavis]

Short answer: no.

Longer answer:

That's more of an operating systems question.

The memory is separated by process isolation, the same abstraction that every cryptographically sensitive application hinges on. You may remember "Meltdown" and "Spectre" from the news last year.

Browser site isolation is, in some cases, more fragile than other sorts [citation needed]. There's research about special circumstances where this can be abused, but the exploits are very, very sophisticated. If you're really worried, stick with Chrome. It is regarded as having the most robust site isolation of any browser [citation needed].

That "random string" doesn't really need to be random. The objective is to obfuscate memory from casual scans and humans reading core dumps.

There would be no real benefit to having runtime randomization of that string since, in your threat model, whatever malicious software with access to Tusk's protected memory would also see the encryption key.

Feel free to follow up with any other questions, or close this issue if that answer is satisfactory.

[gamedevsam]

Thanks for the explanation!

I think more deep dives into the security model of Tusk, and the specific code that makes it secure is something that would help other developers, as well as give users more confidence when using this extension.

I know that kind of work takes time away from development, so perhaps the community can help with that. Humanity deserves a future free from the tyranny of passwords, KeePass + Tusk is a great step towards that end goal :)

[subdavis]

Definitely.

If you didn't see it, check out some of the implementation details on the wiki

https://github.com/subdavis/Tusk/wiki/Home

I definitely agree that there could be deeper content there.