[Cialug] Password managers

Matt Stanton matt at itwannabe.com
Mon Sep 15 22:42:24 CDT 2014 

Following the Hackaday Mooltipass status, I found another project featured on hackaday.io (submitted by a hackaday user) that is similar to the Mooltipass, but goes an extra mile (or more) to ensure that your passwords AND session cookies are secure, even if you are using it to log in to a website from a public computer: http://hackaday.io/project/2620

The device acts as an http proxy, intercepts password logins (which you can simply send as a blank password) and inserts the password itself.  When the server responds, it intercepts the website's session cookie and passes a fake cookie to the web browser on the public computer.  Whenever the server asks for a cookie, the password device substitutes the fake cookies with the real ones it has stored.  This means that the web browser never sees your password, and no keyloggers, whether physical or implemented in malware can compromise your login credentials.  It also means the next person to use the public PC can't pull up the website you were using and get logged in automatically via a stored session cookie, should you forget to log out.

My only issue with this device would be that it doesn't work for ssh logins, or if you use key pair authentication, it won't work for sudo/su privilege escalation.  Since I don't log into any websites or attempt to do anything over ssh that requires root privileges on any public computers.  I almost always have my tablet with me, so my password manager would only need to work on machines that I own.  If I have a keylogger/malware on my own computer, I've got bigger problems than needing to change some passwords.

-- Matt (N0BOX)

Sent from my ASUS Transformer

-----Original Message-----
From: Matthew Nuzum <newz at bearfruit.org>
To: Central Iowa Linux Users Group <cialug at cialug.org>
Sent: Mon, 15 Sep 2014 1:38 PM
Subject: Re: [Cialug] Password managers

On Mon, Sep 15, 2014 at 12:49 PM, Matt Stanton <matt at itwannabe.com> wrote:

> Hackaday is working on a project they call "Mooltipass",


That is so awesome. I now want to use it simply for the 5th element
reference. I don't know how much it costs but I'm pretty sure I don't want
to get into any negotiations on the subject.


-- 
Matthew Nuzum
newz2000 on freenode, skype, linkedin and twitter

♫ You're never fully dressed without a smile! ♫
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug

More information about the Cialug mailing list