Can protonmail access my passwords and hence my secrets?

protonmail provides encrypted “zero-access” encryption mailboxes. The way they explain “zero-access” is, at least for me, similar to zero-knowledge encryption. However protonmail has in its servers my private keys. They say that the keys are encrypted as well, but they also have in their servers my password for that encryption. Therefore, it seems to me that protonmail could at any time access my private keys and my mailbox.

Is this correct, or am I missing something? Is this the reason why they do not call it zero-knowledge encryption?

Keeping passwords in plain text in “value” attribute. Addons can use this for password leaking

Either there is a security hole or I’m missing information about something.

While I was testing how Surfingkeys addon works I’ve noticed that it has command yf to copy form content on current web page. I though about testing it on “Sign In” and “Log In” forms on few websites to see if it would be able to retrieve typed passwords in plain text. It was successful if standardized <form> tags were used.

Then I’ve noticed that in most web applications password is kept in <input value=""> attribute in plain text which to me seems like by-standard security hole for whole W3 stack (HTML, CSS, JS, etc.). If this addon was able to get password from DOM then any addon can do that. The only piece missing is sending that data to server of a 3rd party who are owners of such malicious addon – such situation already had place with Stylish.

So attack scenario looks like this:

  1. Company “mal1c1ous” buys popular web addon.

  2. They add to addon generic <form> parser script which retrieves data from <input value="">.

  3. For each known website they make their addon “decorate” submit buttons with script which on click 1st sends request with credentials to their server and then to host of that website. Or they just send requests each time parser script is able to get new data.

  4. After some time they perform an attack using gathered credentials.

I find that scenario possible show me that it can’t happen. Also my question is: given that is Web security flawed by design?

The thing is that no one discourages from using <input value=""> as a password holder it seems that there is no other option by standard. Web developers can only come up with their own ideas to obfuscate where a password is stored before request is made.

Crack hashed passwords using a known password

I’m a dev trying to deploy a new dashboard I’ve written at work, the old one is a mess of hacked together libraries and only about half of the codebase is still even in use (dead code everywhere that just never got deleted, but doesn’t do anything)…

I’m not willing to kill myself over this nonsense one more second, I am trying to get the user notes from accounts where a user (rarely) changed their password from the default. I have the default password’s stored hashed string, what password it translates to, the hashing mechanism used, the encryption method used, and the hashed strings of the other passwords.

There just has to be a simple way to use this information to decrypt the other passwords right??

If this is not possible, can someone explain to me why? I get the one-way nature of hashing, but given how much information I have about the process end to end, I essentially have the entire process known, so I’m not sure that matters in this instance…

To summarize:

Can I use the knowledge of hashing and encryption mechanisms, along with a sample hash string and its plaintext value, to crack other passwords produced by the same code?

PS: If it helps, each default hash is identical regardless of when it was made…

Is this security scheme using passwords, short-lived access JWTs, and long-lived refresh tokens a good way to secure a REST API?

I’m trying to secure a REST API that I’m using as a backend for a single-page application. The API provides access to read/create/modify/delete protected resources, based on a set of permissions managed by an administrator. What I’m thinking is the following:

  • All connections must be over HTTPS; plain HTTP requests will be redirected to HTTPS.
  • Users have a username and password, which they create.
  • A client submits a username/password to a /login route; if it’s a valid password for that user, the server will return a short-lived access token and a long-lived refresh token.
    • The access token will be a signed JWT that identifies the user and has an expiration time.
    • The refresh token will be a GUID corresponding to a row in a database table; this row will store the user ID
  • When accessing protected routes (everything but /login), an access token will be required. The server will verify the signature, and if valid, will check the expiration time. If the token is not expired, the user ID will be made available to server-side code for authorization logic.
  • If the access token is expired, the client will automatically submit the refresh token to a /refresh endpoint for requesting a new access token. The server will check the database; if a corresponding row still exists, a new access token will be returned to the client.

Does this scheme sound secure?

User passwords printed on paperwork at a dental office?

My dental office just printed my password (to their portal) on some checkout paperwork.

I asked on law stackexchange and it doesn’t sound like this is a HIPAA violation, but I am really curious if this violates other regulations or goes against known best practices, as it seems really bad security-wise.

It doesn’t feel right that they can even see my password.

Any thoughts / resources much appreciated.

How to store passwords and be able to reuse them later

Lets assume the following scenario

I am writing an application where you can log in and then provide login details to another system ie your email account, FTP account etc
The application then reuses those login details later when it tries to log into those services to perform a certain task. Those tasks are performed in the background via a cron script and the user does not want to have to log in every time to provide the login details to those services.
This means I need to store the…

How to store passwords and be able to reuse them later

Securely distributing passwords and salts that will be derived by client programs

I am creating a client-server architecture running on top of the KCP protocol in Go. The package for KCP that I’m using is KCP-Go (https://github.com/xtaci/kcp-go). The package supports packet-level encryption and FEC. To use the packet-level encryption feature, I need to generate an AES key. Following the latest OWASP recommendations for securely storing passwords and keys, this is what I’ve done thus far:

  • I have generated a 64-byte password and salt.
  • I pass that to PBKDF2, using (600000 * num_cpus) rounds, and requesting a 32-byte key.

Now I am wondering how to exactly securely distribute this key. At this time, I start up another TCP server and allow clients to connect. When they do, I send them the password, salt, number of iterations, and checksum hashes for those three to ensure they’re not tampered with, and allow the client to perform key derivation. My question is: Is this method of distribution actually secure, or should I find some other way (i.e. using public keys)? If there is a more secure method to allow clients and the server to communicate, what should I do instead? I should note that when clients and servers send messages to one another a hash of the message is included along with the message to allow clients to verify the messages validity (I’m using SHAKE256). The hash funciton used during key derivation is BLAKE2B (though I have thought about using Argon2).