You are not logged in.

#1 2020-05-25 08:25:50

angt
Member
From: Paris
Registered: 2020-05-25
Posts: 10
Website

secret - A simple and tiny tool that will help you keep your secrets

Hello,

I wrote a new tool to manage secrets from the command line, available on AUR: https://aur.archlinux.org/packages/secret.
Sources are on github: https://github.com/angt/secret.

Important features:
  -  Requires only one file ~/.secret that you can share publicly without fear.
  -  No configuration. Get back your file and you're done.
  -  Secret names (usually hostname, mail, login, etc.) are also encrypted.
  -  A secret agent that only trusts subprocesses. Not all the processes of the same user!
  -  Secret names completion is available after calling the secret agent.
  -  Supports unstored secrets. Derived from some simple keys and a passphrase.
  -  Supports multiple passphrases. A confirmation is requested for each new passphrase.
  -  Depends only on the libhydrogen library.
  -  Small, simple and non obfuscated C code. Well, I hope so smile

I wasn't very happy with the current alternatives...
If you're curious about why, I wrote about it here: https://dev.to/angt/how-to-store-your-l … ecrets-l8e.

I hope it helps other unhappy users, too smile

Last edited by angt (2020-05-25 08:30:37)

Offline

#2 2020-05-25 14:44:59

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 17,275

Re: secret - A simple and tiny tool that will help you keep your secrets

Welcome to the forums.  You did not mention what encryption algorithm you are using, or the strength of said encryption.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#3 2020-05-25 15:12:29

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 816
Website

Re: secret - A simple and tiny tool that will help you keep your secrets

The program apparently uses hydro_secretbox_{en,de}crypt() to store the passwords.
However, I could not find any cryptanalysis work on the libhydrogen library and these functions.
Because of that and because it's not one of the industry standard algorithms that I know of, I probably wouldn't use it.

Update:
Apparently these functions use Gimli.
https://github.com/jedisct1/libhydrogen/wiki
https://csrc.nist.gov/CSRC/media/Projec … i-spec.pdf

Last edited by schard (2020-05-25 15:21:03)

Offline

#4 2020-05-25 17:23:59

xerxes_
Member
Registered: 2018-04-29
Posts: 267

Re: secret - A simple and tiny tool that will help you keep your secrets

I have some questions: when I want to create/generate new passphrase with your secrets program from some word(s), can I change passphrase length with some option? If I could, how would be shorter passphrase different from longer passphrase (would it be totally different or just truncated)?

Offline

#5 2020-05-25 21:49:16

angt
Member
From: Paris
Registered: 2020-05-25
Posts: 10
Website

Re: secret - A simple and tiny tool that will help you keep your secrets

ewaller wrote:

Welcome to the forums.  You did not mention what encryption algorithm you are using, or the strength of said encryption.

Thank you smile

You absolutely right, as I use a not so common primitive, I should take the time to explain my choice on the README. Until then, here are a few details:
- I only use one primitive called Gimli (one of its designers is the famous djb), everything else is derived from this permutation (key derivation, encryption, authentication,...). This is an important feature of the modern crypto world.
- I use the impl from the libhydrogen library (https://github.com/jedisct1/libhydrogen) by the creator of libsodium.

This does not prove anything but I also publish my secrets in my dotfiles (https://github.com/angt/dotfiles/blob/master/.secret). At least I believe in my tool smile

Offline

#6 2020-05-25 22:06:21

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 23,727
Website

Re: secret - A simple and tiny tool that will help you keep your secrets

I read through your README, and while valid questions can be posed about the robustness of the encryption method, I'm much more puzzled by how you laid out a very well reasoned argument for your tool which leads to the conclusion - even highlighted as your conclusion:

README wrote:

In conclusion: We have a perfectly safe password to use for our new mail. Nothing has been stored and there's nothing to synchronize! It couldn't be simpler!

The main features you were highlighting throughout the description was that the same password could be generated from scratch on any system.  This is a valuable feature (to me) and it does seem to be what distinguishes your tool from so many others (FWIW, I have my own homemade tool that follows similar logic, it generates hashes from simple inputs).  But then there is the follow-up note that ends up undermining everything you had just laid out:

README wrote:

Note 2: I should point out that in reality you also need the same ~/.secret file to have exactly the same generated secret. But it's a choice to improve the overall security of the tool. Nothing imposes it.

Can you clarify this?  What is ~/.secret?  Doesn't having that in your dotfile demonstrate that there is something stored and something to be sync'ed?  Am I missing something, or did all the seemingly-sound reasoning laid out in the README just become a moot point as your tool is not doing what you just made a good argument it should do.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#7 2020-05-25 22:50:17

angt
Member
From: Paris
Registered: 2020-05-25
Posts: 10
Website

Re: secret - A simple and tiny tool that will help you keep your secrets

xerxes_ wrote:

I have some questions: when I want to create/generate new passphrase with your secrets program from some word(s), can I change passphrase length with some option? If I could, how would be shorter passphrase different from longer passphrase (would it be totally different or just truncated)?

Hi,

If you just want to generate a smaller password of len N, you can use this oneliner:

secret new test | (dd bs=1 count=N | secret reset test)

And a full example:

$ secret new test | (dd bs=1 count=5 | secret reset test)
5+0 records in
5+0 records out
5 bytes copied, 0.000516023 s, 9.7 kB/s
$ secret show test
/FO]N

Otherwise:

If you are talking about randomly generated secrets, I recommend you to start with the default one and if it is not accepted by a site (which is bad!), you can update it with the accepted version (command `reset`).
This is faster than providing options because generally you have to change the password several times before it is valid.

If you're talking about derived (non-stored) secrets there is no option for that. You need to fallback to stored secrets.

Offline

#8 2020-05-25 23:07:19

angt
Member
From: Paris
Registered: 2020-05-25
Posts: 10
Website

Re: secret - A simple and tiny tool that will help you keep your secrets

Trilby wrote:

Can you clarify this?  What is ~/.secret?  Doesn't having that in your dotfile demonstrate that there is something stored and something to be sync'ed?  Am I missing something, or did all the seemingly-sound reasoning laid out in the README just become a moot point as your tool is not doing what you just made a good argument it should do.

Hi, I'm glad to see that people are reading the notes smile

When initializing with the command `secret init`, the ~/.secret file is created with a number of random bytes that are used to add entropy to all operations (like salt for hash) it's only there to make life harder for attackers and is absolutely insensitive.
Often it is hard-coded and the same value is used everywhere (for a specific soft) but it is much more interesting when it is unique for each user.

Offline

#9 2020-05-26 13:22:41

Steef435
Member
Registered: 2013-08-29
Posts: 572
Website

Re: secret - A simple and tiny tool that will help you keep your secrets

If it works that way, the file is definitely sensitive right? True, there may not be any passwords stored in it directly, but if your example is

secret pass me@domain.com

then I think I wouldn't have a tough time getting email passwords from people, given their .secret file.

I like the idea, but in the end if I understand correctly, it still comes down to having to secretly store the .secret file somewhere, in case of the deterministic passwords at least. Then it doesn't differ much from my pass repository.

I am interested by your points on the gpg agent though, I had never really thought about that as an attack vector. But maybe this could be solved by using a specific user for this purpose?

Offline

#10 2020-05-26 13:37:23

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 23,727
Website

Re: secret - A simple and tiny tool that will help you keep your secrets

One could even argue that putting .secret in your dot files advertises the method you use to generate your passwords which feeds into Steef's comment that they could then get this software and have a fair chance at regenerating your password for a give website / service.

Without using .secret, it'd be harder for them to do so as not only would they not have your .secret salt, but they'd not know what tool you use to generate your passwords.

Now I already noted that I use similar logic for many of my passwords.  I have a very small script, that combines a hash function, base64 encoding, and a 'tr' command to convert characters into a spattering of upper, lower, symbol, number to satisfy silly requirements of some websites.  It generates password strings from input in a fully deterministic way.

The result is that the generated passwords are not much more secure than my simple passphrases.  The little benefit there is is in 1) security-through-obscurity, and 2) irreversability of the hash function.  For 1, most people rightly say security through obscurity is no security at all.  I disagree somewhat in this case: as a prospective attacker does not know my method of password generation, the obscurity adds a small hurdle for them.  But you lose this small hurdle by publishing .secret as now a potential attacker knows your password generation method and they need only now guess/get a memorable passphrase as input.

For 2, this protects against a very specific - but also very common - vulnerability.  Most people know they should not use the same password on multiple sites / service.  Yet most people do it anyways - or they use small variations in a base password.  So if an attacker gets your password of  ILuvUnicorns for archlinux.org, they have a headstart in guessing your bank password: ILufUnicorns, IHeartUnicorns, IFartUnicorns ... whatever.  But by using a hash function on a simple passphrase plus a website name you get some "gibberish" from which one could not regenerate the initial simple passphrase.  So this indeed gives a high degree of protection against what I suspect is the most common vulnerability: grabbing a password used for one service and extrapolating the same user's password to other services.

So this is what I like about the logic behind your software.  But as already noted, this same goal can be acheived much much more easily.  I don't see what your software adds above and beyond the concept of hash->munge of an input string.  Certainly the .secret does not add any security, and arguably reduces security ever so slightly as it narrows a naive attackers search space: they know what hash->munge approach you are using.

Last edited by Trilby (2020-05-26 13:42:06)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#11 2020-05-26 14:55:51

angt
Member
From: Paris
Registered: 2020-05-25
Posts: 10
Website

Re: secret - A simple and tiny tool that will help you keep your secrets

Steef435 wrote:

I think I wouldn't have a tough time getting email passwords from people, given their .secret file.

No, you still need to enter a passphrase when using the command `secret pass`. Also a full key derivation is done for each word (and it's not a simple hash).

Steef435 wrote:

I am interested by your points on the gpg agent though, I had never really thought about that as an attack vector. But maybe this could be solved by using a specific user for this purpose?

That's where I come from, there are other solutions too but my life is much easier with `secret` now smile

Offline

#12 2020-05-26 14:59:24

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 23,727
Website

Re: secret - A simple and tiny tool that will help you keep your secrets

angt wrote:

and it's not a simple hash

Define "simple".  It is a hash.  The fact that you might have it do some gymnastics before or after going through a hash function does not make it any more secure than simply using a secure hash function.  Md5 is not a "simple" hash, it is broken and not at all a secure hash.  Sha256 is a secure hash ... is it simple?  It's simple to use.

Last edited by Trilby (2020-05-26 15:00:19)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#13 2020-05-26 15:19:39

angt
Member
From: Paris
Registered: 2020-05-25
Posts: 10
Website

Re: secret - A simple and tiny tool that will help you keep your secrets

Trilby wrote:

One could even argue that putting .secret in your dot files advertises the method you use to generate your passwords which feeds into Steef's comment that they could then get this software and have a fair chance at regenerating your password for a give website / service.

Without using .secret, it'd be harder for them to do so as not only would they not have your .secret salt, but they'd not know what tool you use to generate your passwords.

Obfuscation is not security. Having a specific per-user entropy for key derivation is a real security advantage.
And as I also need to store passwords that I don't control, I need the ~/.secret file anyway.
It would be sad to miss this opportunity to greatly improve the security of derived passwords.

Trilby wrote:

Now I already noted that I use similar logic for many of my passwords.  I have a very small script, that combines a hash function, base64 encoding, and a 'tr' command to convert characters into a spattering of upper, lower, symbol, number to satisfy silly requirements of some websites.  It generates password strings from input in a fully deterministic way.

This is not the same construction, `secret pass` is not about a simple hash function but a robust key derivation scheme.
You'll need, at least, 32 bytes of high entropy and uses 100,000 successive cryptographic hash to have something similar.

Offline

#14 2020-05-26 15:27:11

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 17,275

Re: secret - A simple and tiny tool that will help you keep your secrets

angt wrote:

Obfuscation is not security.

Amen to that.  OTOH, it is not good to advertise either.  It might encourage an attacker (ransomware, for example) to concentrate their efforts.

Interesting, I had not heard of Gimli.  It looks like it is a candidate with NIST for IoT low power solutions.
I really wish IoT manufacturers would get on the ball.  As we all know, the 'S' in "IoT" stands for security.


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#15 2020-05-26 15:28:46

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 23,727
Website

Re: secret - A simple and tiny tool that will help you keep your secrets

angt wrote:

Having a specific per-user entropy for key derivation is a real security advantage.

How?  Please elaborate.

angt wrote:

And as I also need to store passwords that I don't control

You've been saying all along that this doesn't store passwords.  Now it does?

angt wrote:

... is not about a simple hash function but a robust key derivation scheme.

And what do you see as the difference?

angt wrote:

You'll need, at least, 32 bytes of high entropy and uses 100,000 successive cryptographic hash to have something similar.

Reapplying a secure hash multiple times, even hundreds of thousands of times, does not make it more secure.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#16 2020-05-26 15:49:17

angt
Member
From: Paris
Registered: 2020-05-25
Posts: 10
Website

Re: secret - A simple and tiny tool that will help you keep your secrets

Trilby wrote:

How?  Please elaborate.

It's a salt, like for password hashing.
That way you can't target all `secret` users. You can only target a specific `~/.secret` file.
Every secret stored has also been "salted" of course.

Trilby wrote:

You've been saying all along that this doesn't store passwords. Now it does?

Where? It does both! smile
I don't use `pass` & `gpg` anymore. And all my data required to get all my secrets back are stored in a unique file: `~/.secret` smile

Trilby wrote:

Reapplying a secure hash multiple times, even hundreds of thousands of times, does not make it more secure.

Yes, that's why we don't call it a hash, it's a key derivation. And its safety is directly related to the number of hashes computed.

Offline

#17 2020-05-26 15:54:13

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 23,727
Website

Re: secret - A simple and tiny tool that will help you keep your secrets

angt wrote:
Trilby wrote:

You've been saying all along that this doesn't store passwords. Now it does?

Where?

Throughout the README.  It was foundational to the logic you used to pitch your tool - it seemed to be it's very reason for being.  That and not needing to sync anything which was already found not be to true.

As for reapplying a hash a hundred thousand times not being more secure than just using it once, you now agree - but in your previous post you said your method was more secure than a hash and was comparable to applying the hash 100,000 times.  Your claims are self-contradictory.

In any case I'll leave this be.  I really did like some of the logic you laid out in your README.  But I'm getting a sense that your tool is not at all what it says on the tin.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#18 2020-05-26 16:07:58

angt
Member
From: Paris
Registered: 2020-05-25
Posts: 10
Website

Re: secret - A simple and tiny tool that will help you keep your secrets

The README is here: https://github.com/angt/secret and I only talk about key derivation through an example.
But I note your point and I'll try to make it more clear smile

Offline

#19 2020-05-27 13:05:54

sabroad
Member
Registered: 2015-05-24
Posts: 149

Re: secret - A simple and tiny tool that will help you keep your secrets

angt wrote:

This is not the same construction, `secret pass` is not about a simple hash function but a robust key derivation scheme.

Unfortunately, it seems the function to convert derived key to the actual password has modulo bias: most lower-case characters are only 67% as likely as the rest.

buf[i] = '!' + buf[i] % (1U + '~' - '!');

Last edited by sabroad (2020-05-27 13:14:59)


--
saint_abroad

Offline

#20 2020-05-27 13:31:25

angt
Member
From: Paris
Registered: 2020-05-25
Posts: 10
Website

Re: secret - A simple and tiny tool that will help you keep your secrets

sabroad wrote:

Unfortunately, it seems the function to convert derived key to the actual password has modulo bias: most lower-case characters are only 67% as likely as the rest.

buf[i] = '!' + buf[i] % (1U + '~' - '!');

Hmm you right! Look like I was too lazy on that part.. Thanks for noticing it before a 1.0 smile

Offline

Board footer

Powered by FluxBB