Secret-in.me

A pentester design of password secret manager

Who am I ?

Security engineer

Working at SCRT France !

Password manager

Password

A string

● You have to remember

● To authenticate yourself

● Others can't guess

Very hard for human mind.

Try to remember 4csVIus9TG82BXRedA5B5gAZjHKm7dNa

Secret

Information shared by very few people

You should find a way to share it.

Only the concerned people should access it.

Multiple services => multiple passwords

Impossible to do with your mind

Try to remember 235 random strings...

Password manager

SSO/LDAP binding● Linked to the Active Directory

● Centralized management

● One private password by employee

● Multiple access to the service

● Access log rely on the service

● Service should support SSO !

KEEPASS● Not easy to share

● Centralized management

● Work with any services

● One private password by employee

● One access to the service

● Useless access log on the service

Company's headache : managing access authorization

● Multiple equipment● Employees in and out

Password manager

SSO/LDAP binding KEEPASS● Identify user using keepass

● Wait for the keepass to be unlocked

● KeeFarce

● Do it for every users

Pentest timePick your favorite vulnerability

● WPAD + weak password● Outdated software● Default passwords● ...

Password manager

● Secret encryption with standards => Obvious

● Open source => To check claimed security

● Limited dependencies => Reduce trust surface

● Cryptography not written by us => Crypto is hard

● Double authentication standard => Obvious

● Sharing possibility => Needed in company

● Logging possibility => Needed in company

● Browser integration => Easier to use

What's a good secret manager ? (from our point of view)

Secret-in.me

Started in 2015 after Gandi 15 years anniversaryImproved a lot more recently

TADAAAA!

Secret-in.me● Reduce trust surface

– "We don't want to install new client software"● Maintenance, backdoor…

– We trust the browser (I hope you do)

– W3C wrote WebCryptoAPI

– Browser can do cryptography !

– For now, only Blink (google chrome and chromium engine) support every standards.

● You only have to trust your browser and secret-in.me

● Unfortunately not if you want a pretty UI...

Secret-in.me● Storage

– JSON is easy to transport● Write it on file anywhere (like keepass)● Use a server to save it for you

● Cryptography is done client side

– Compromised server can't read your secrets

– Compromised network can't read your secrets

● Using server can add privileges and logging dimension

– Read only, Read/write, Read/Write/Share

– Who, what, when

Secret-in.me

How it worksCryptographic layer

Key pairRSA-OAEP 4096SHA256

PBKDF2 SHA256256 bits random salt100 000 + (random%255) iterations

Derived Key

Wrapping with AES-CBC-256

IV + Wrapped private key

Insecure server

Derivation parametersSHA256(username)IV + Wrapped private keyPublic key

Registration

Passphrase

Username SHA256

{ "0a041b9462caa4a31bac3567e0b6e6fd9100787db2ab433d96f6d178cabfce90": { "keys": {}, "pass": { "iterations": 100105, "salt": "1e473abdb40125b8f07b6a77959413f2fed862ffa4c81cbcb5db17de7aebcf48" }, "privateKey": { "iv": "ee73cf663438360febc74d5d6f8720f4", "privateKey": "47da2b54a55198[...]9e0d64fda2db9211ad7d6394a9d7" }, "publicKey": { "alg": "RSA-OAEP-256", "e": "AQAB", "ext": true, "key_ops": [ "encrypt", "wrapKey" ], "kty": "RSA", "n": "nGGkuqrDLpqrggBzkmx-[...]hLt9wEFh5tQRbObcFFEZ8" } }}

Server View

PBKDF2 SHA256

Derived Key

Unwrapping with AES-CBC-256

Login

Username SHA256 0a041b946ef12a6...

Passphrase

Derivation parameters+

Public key+

IV + Wrapped private key

Response

Private key

"Authenticated" user

Secret

Encryption with AES-GCM-256

Wrapping with RSA-OAEP

IV + Encrypted secret

Insecure server

Secret IDIV + Encrypted secretWrapped shared key

Secret creation

Random shared key

Title SHA256

Timestamp

Secret ID

Public key

Wrapped shared key

{ "secrets": { "0839fb4655ea32255f60e4e37fe07e207be65774d8a9255bc9344403faeaead7": { "iv": "2e16d955f86c6589d821c7a1", "secret": "873c828e20ef4909cf[...]5640ac4b", }, }, "users": { "0a041b9462caa4a31bac3567e0b6e6fd9100787db2ab433d96f6d178cabfce90": { "keys": { "0839fb4655ea32255f60e4e37fe07e207be65774d8a9255bc9344403faeaead7": { "key": "98fef3afc43e7f3d[...]26b2f833b972b3d54", }, }, "pass": { "iterations": 100024, "salt": "5dd0c60727bc84e49f0fa271bb4e7188d750e10eb0ae868df008d39464541634" }, "privateKey": { "iv": "23ddc5828a2533c1b23ca5ffa7eb4cb0", "privateKey": "6fa526a3c515068537a8e033[...]8e9d8937c21db55b" }, "publicKey": { "alg": "RSA-OAEP-256", "e": "AQAB", "ext": true, "key_ops": [ "encrypt", "wrapKey" ], "kty": "RSA", "n": "vON4sq1SWK9bKEqXWMkG7n[...]drK24TkxJXHJ1vxLDjiIM" } } }}

Secret

Decryption with AES-GCM-256

Secret retrievalGive me my keys

List of IDs + Wrapped shared keys

Give me the secret 80ae13...

IV + Encrypted secret

Private key Wrapped shared key

Unwrapping with RSA-OAEP

Shared key

Secret sharing

Friend public key

Private keyWrapped shared key of secret you want to share

Unwrapping with RSA-OAEP

Shared key

Friend username

SHA256

Wrapping with RSA-OAEP

Wrapped shared key

Wrapped shared key for friendFriend IDSecret ID

Friend ID

Secret-in.me

How it worksLogic layer

PBKDF2 SHA256256 bits random salt100 000 + (random%255) iterations

Derived Key

SHA256 derived key

Insecure server

Registration / Login

Passphrase

Username SHA256

Username: 0a041b946ef12a6...

Hashed derived key0bc12feaa12331c...

SHA256 hashed derived key

Authenticated actions

Username SHA256

Actiondatas

Datas signed withRSA-PSS

Datas + signature

Retrieve public key from claimed hashed username

Verify signature with RSA-PSS

SHA256 derived key

Double authentication (TOTP)Generate 256 bits random seed

XOR seed with hashed derived key

Insecure server

Save it to the user datas

Insecure server

Username: 0a041b946ef12a6...

Hashed derived key0bc12feaa12331c…

TOTP Token187 223

Activation

Login...XOR saved seed with hashed derived key

Verify TOTP token

Insecure server

Derivation parameterSHA256(Device name)Wrapped protection key without IV

Double authentication (Trusted device)

Random protection key PBKDF2 SHA256

256 bits random salt100 000 + (random%255) iterations

Derived Key

ShortpassWrapping with AES-CBC-256

IV + Protected private key Wrapping with AES-CBC-256

Device nameUsername

Wrapped protection key IV

Activation

PBKDF2 SHA256

Derived key

Unwrapping withAES-CBC-256

Double authentication (Trusted device)

Username SHA256 0a041b946ef12a6...

Shortpass

Derivation parameters+

Public key

"Authenticated" user

Login

Device name cd0155eff6ef223...

Hashed derived key

SHA256 SHA256(Hashed derived key)

Wrapped protection key

Wrapped protection key IV

Wrapped private key

Unwrapping with AES-CBC-256

Secret-in.me

● Technologies– Server in nodeJS to stay in JavaScript world

– CouchDB Database● Smart conflict management● Made for easy replication

– Client side library without any dependencies

– Client app using ReactJS

Secret-in.me

DEMO

Secret-in.me

● Problem– How can I save my windows password in it ?

– I need windows access to launch my browser

● Solution

Secret-in.me

● Available on https://secret-in.me

– Server (redis+couchdb+api) bundled by docker-compose● github.com/secretin/secretin-server

– Library shipped in npm● github.com/secretin/secretin-lib

– Client● github.com/secretin/secretin-app

– Windows black magic● github.com/secretin/secretin-windows

Secret-in.me roadmap

– Find a logo !

– Offline mode (in beta)

– React-native app for iOS

– Improve UI:UX● Add loading information● Add error information

– Improve documentation for easy self hosting● How to setup couchdbv2 with master master replication...

– Add application settings (auto close, secret generation options...)

– Obfuscate private key in memory when decrypted