Jun 152011

Using a bookmarklet to store passwords is appealingly simple. Alas, after doing some digging, I couldn’t find any viable options.

The first concern I came across is that it is important to use a hash algorithm that’s slow (e.g. bcrypt or scrypt). Otherwise it’s too easy to brute-force the master password based on a site password. Suppose a site you visit stores your password in plaintext and gets hacked. That breach then compromises your master password, even though only your site-specific password was revealed.

I couldn’t find a JavaScript implementation of scrypt, but I found a JavaScript bcrypt implementation. Better yet, I found a derivative that tidies up the first one, removing dependencies on e.g. ClipperZ, and wraps it in a simple bookmarklet. SuperGenPass provides a much more user-friendly bookmarklet, so I started gearing up to replace it’s MD5 hashing with bcrypt.

But, alas, SuperGenPass (and any other simple bookmarklet) is not secure in the face of a malicious website that contains JavaScript designed to sniff entry of the master password into the bookmarklet. PwdHash is a browser extension based approach from the Stanford Security Lab designed to combat the weaknesses of the bookmarklet based approach. Their paper, Stronger Password Authentication Using Browser Extensions, is interesting reading and explains a variety of ways to compromise a bookmarklet based approach. PwdHash has already spawned a number of ports to other browsers and mobile devices, but alas they’re all based on prototype code that uses the undesirably fast HMAC-MD5 as the hashing algorithm (even though the paper points out PwdHash is a good candidate for a better hashing algorithm).

I was not able to find any PwdHash derivative that used bcrypt. I did find a simple command-line tool based on scrypt, but that’s not great if you don’t have easy access to your own computer.

Solutions like PassPack offer the potential to solve these problems (extension rather than bookmarklet, use of strong encryption rather than weak hashing), but have an Achilles heel of their own: the service provider has the power to decrypt all your passwords. For now I’ll stick with my moinmoin-client-crypt approach.

UPDATE 2012-05-19: PassPack does not store your packing key on their servers afterall. (LastPass does not either, nor does Clipperz.) But you still must trust them, as they are in a position to insert backdoors into either the browser add-ons or web-based access they provide. This is less of an issue with ClipperZ, since you can run the Community Edition on your own hardware. Some brief comparisons here and here. Also there is some interesting discussion in the comments of the previously linked PassPack critique. Gabriel Weinberg has LastPass amongst his list of services used at DuckDuckGo. LastPass did possibly have a data breach, but they handled it well. Some more details on PassPack’s packing keys and master keys.

  2 Responses to “A Fruitless Search for a Password Bookmarklet”

  1. http://michaelmonteleone.net/2010/07/19/supergenfail/ demonstrates how insecure is supergenpass.

  2. Hi, I was looking for bcrypt PwdHash derivative too. Didn’t find one so I tried to make one. It’s located here: http://danielhjort.net/BcryptPwdHash/

    I also made an effort converting one of the available PwdHash Chrome plugins but there was some changes in the plugin API I didn’t have time to sort out. Maybe I’ll get back to it or someone with more web experience can finish that 🙂


Leave a Reply to Daniel Hjort Cancel reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>