Is it safe to carry around?Submitted by Mover on December 18, 2007 - 10:58am
Hi, As many of you guys and girls I carry around my usb disk with keepass and a file with some sensitive info on it. However, I was realizing the other day that is not the best thing to do. KP is open source so everybody can compile a new -and adapted- version of KP. They could modify it to store or send passwords. So, imagine this scenario: -I'm at work but dying for some coffee. So, I lock my pc and go to the coffee machine. So, what I want is some advice on how to bypass/solve this issue (granted there is one). regards, ( categories: )
|
Easy - don't leave your USB drive attached
Consider.... if you leave the USB key there, an adversary can replace -ANY- executable file on it with an app of their own, which just calls the app that it replaces, after installing a key logger - it doesn't need to be an open source one, it could be anything that you run from the drive.
If you are truly that worried about security, then the drive should never be out of your hands, and, if it ever is, then it should be considered to be untrusted once you get it back. Think: use a separately stored MD5 summer to check out all the exe's.
Alternatively, use TrueCrypt to encrypt the contents of your drive, that way the adversary can't change anything on it even if (s)he does get hold of it.
Security and convenience are, sadly, often a trade off, one against the other.
yep
i never thought of that.
I just tried it and the menu kept running after i plugged it back in cause it got the same drive letter...
so the only way is to unplug it when you leave :(
"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate
The
way round this would be to get the MD5 value of the exe, and then every time you went to use it, re-MD5 it and compare, if it has changed, then so had the exe. Not very practical though, and any automated version could also be hacked (although thinking about it so could your MD5 program).
'...and do the other things, not because they are easy, but because they are hard...' JFK
Signed executables might help too
Having a signed executable (which John is gradually implementing throughout the suite) will add another level of reliability to that sort of check. Not only does validating a signature check the hash (probably MD5 or SHA, sometimes both), it also checks the certificate. If an altered version of the executable has been put on the drive, it would either not have a signature, or the signature would be invalid, or it would have a signature that differs a lot from John's. (Yes, the MD5 hash would likely change too, but you'd need to have an external, secure copy of the correct MD5 hashes to compare them too. Not a bad idea, actually. Microsoft has a utility called file checksum integrity validitor that can create a list of hashes you can store somewhere safe, and can compare files to those hashes for a check.) If the signature is not valid, the operating system should raise a warning when you try to run it (assuming the OS hasn't been compromised.)
Sysinternals has a program that can go through a drive and list all the executables that don't have valid signatures.
Of course if the machine has been compromised, it could be programmed to show a valid signature from John even if there wasn't one. But that would be fairly difficult, and besides you'd probably be checking it on another machine (e.g. when you got back home).
Of course, if you suspect your drive has been compromised (or, rather, unless you can prove that your drive has not been compromised, which is fairly difficult) it might be better to just reinstall the suite from scratch and restore from a backup.
I don't think the KeePass executable itself has a signature at present, which is unfortunate. KeePassPortable will likely get a signature the next time John releases it.
MC
The laws and Constitution are designed to survive, and remain in force, in extraordinary times. Liberty and security can be reconciled; and in our system they are reconciled within the framework of the law. (Boumediene et al v. Bush)
Good idea ..
..reminded me of this it did :
Integrity Checker (v2.0); includes full source
Integrity Checker is a straightforward application that checks the integrity of your files to ensure they have not been tampered with.
The files you select for protection will have their "known good" size stored together with either a hash or HMAC (user selectable) generated from the contents of each file. By comparing this information with what is actually stored on your drives later, any changes will be flagged up for your attention.
Download it from the site ( have a look at the other tools while your there )
http://www.sdean12.org/
Not just KeePass
There are many programs that someone can download and install in your computer to get your passwords (ie. keyloggers) without having to go through the trouble of re-writing code and re-compiling a program. In fact, sourceforge has an open-source app that can log every key pressed, every mouse click, it can take screenshots every 15 minutes and email all the information to an email of your choice. The creators market it as a way to keep an eye on what your kids are doing, but we all know the real way to use it.
"In three words I can sum up everything I've learned about life: it goes on." -- Robert Frost
"In three words I can sum up everything I've learned about life: baby ain't mine." -- Adam Holguin
.
In fact, sourceforge has an open-source app that can log every key pressed, every mouse click, it can take screenshots every 15 minutes and email all the information to an email of your choice.
-
Can you gimme the program name?
"She is everything to me, the unrequited dream, a song that no one sings..."
Don't remember
To be honest with you, I don't remember the name of it. I know that about a year ago I downloaded it to try it out, but never used it and just got rid of it.
"In three words I can sum up everything I've learned about life: it goes on." -- Robert Frost
"In three words I can sum up everything I've learned about life: baby ain't mine." -- Adam Holguin
.
btw... thanks =]
"She is everything to me, the unrequited dream, a song that no one sings..."
another solution?
A partial solution would be to at least prevent people from accessing the disk when it is not in use (eg in my bag).
For example the U3 platform allows for a password to be set to lock the disk.
This way I would not have to watch it 24/7. It is only at risk when unlocked in a pc.
Does something like this exists for non U3 disks? I heard about TrueCrypt but that requires admin rights on the host pc.
Even nicer would it be to write protect some areas of the disk so that the host pc can not write to them without your knowledge/consent.
This way the security hole is only there when getting coffee and leaving the disk in an UNLOCKED pc (removing it would lock it).
An comments?
U3 doesn't really lock
U3 doesn't really lock anything other than the U3 launchpad, the drive is still accessible. They just put that there to make you think you are secure.
This is Incorrect information
Without getting into the whole encryption vs non-encryption debate, U3 Does Lock Out access to the writeable partition, not "just" the Launchpad. If you eject the drive you cannot get back into the data partition without the password unless you reset the drive.
If you reset the drive and wipe out the information on the writeable partition the question of whether or not the deleted data can be recovered then comes into play.
But your statements above are just incorrect and misleading.
Respectfully,
Tim
"The wheels of John grind Slowly, But they grind Exceedingly Small" ;-)
My bad. I misunderstood
My bad. I misunderstood then. Thanks for enlightening me.
If you don't have admin access, you're even less safe
If you don't have admin access to the machine, then you can't even reliably scan it for keyloggers, trojans, worms, viruses, or any other malware.
Basically, if you can't -trust- the PC you're sitting at, then you take a risk by just plugging your USB drive in.
Equally, you would be taking a risk by even -typing- a password from memory on such a machine - it is all about how big a risk it is, and whether you're prepared to take it.
Personally, I use portableapps between PCs that I control, at work, at home, and at friends / family members, but then, I'm involved in securing and protecting those PCs too, so I know what I'm risking or not.... and I still wouldn't use internet banking anywhere but my -own- PC, unless I thoroughly checked out the machine for myself first.