Gregory's Server@juliank As far as I know, clipboard can be accessed by any application, especially in Windows. Encouraging to use it instead of more secure alternatives might not be the way to promote any "secure defaults". Speaking of password managers in general, as a Bitwarden user, do you think their browser extension and Vaultwarden is more secure than KeePassXC's browser integration that works only locally? Or are you using only clipboard with Bitwarden too?
|
8 comments
 @varjolintu The clipboard thing is a bit annoying, as far as I understand it's privileged in Wayland to some extent, and the autotype doesn't work there. But having one password in there for 15s, that a malicious software would need to correlate with what you are doing to find out what it's for is very much a better choice than exposing APIs to query any password IMO. @juliank There's an API but it isn't exposed in a way that anyone could query something from it without user knowing about it. Plus it only works locally and is not exposed to outside world. Is these one of the features that are insecure in your opinion? @varjolintu I understand there are some access controls, but they can be buggy. A bug in the browser extension IPC access control could reveal your entire database to your browser. If you don't have the means to query the database from other processes the entire attack vector goes away. i.e. keepassxc-light or whatnot could only ever have critical CVEs if it messed up the database encryption. @varjolintu Optimally I'd go a step further: - make keepassxc open files using portals (it might already, I don't know) Then you can select databases, key files, and work with them and rest assured that even if keepassxc core is compromised (whether that's a new malicious maintainer sneaking in, or a gcc backdoor 😄) it can't talk anywhere else. @juliank There are already a few PR's waiting for 2.8.0 that will reduce the possibility of such attacks. One is storing access related settings directly to a database instead of a config file. Another one allows restricting processes that can access the database. Revealing the entire database without user knowing it would be very difficult even now. Are you concerned about the possible attack vectors on Bitwarden? With multiple dependencies, and as an Electron application it has its downsides.  @juliank @varjolintu In theory access to the clipboard on Wayland is limited to the focused window, though in practice this isn't really secure (on most compositors), since compositors tend to give focus to windows when they are created. Something like wl-copy/wl-paste exploits this with a small temporary window. @juliank Are there some memory issues with keeping KeePass database open we are not aware of? It should be much more protected than a browser's memory. |
@varjolintu No I do not think Bitwarden is more secure. I only trust it with 2nd tier passwords, most web accounts.
It is more secure in the context that I don't need to keep my high security KeePass database open. But then one could have two databases.
But I wouldn't trust my backup encryption keys, to it, or my Google account 2 factor code.