A simple and secure password manager for Linux

Introduction

passman is a simple and secure password manager for Linux that uses Chacha20 for encryption, PBKDF2 for key generation, SHA3-256 for hashing and HMAC, and a tamper proof blockchain for logging activities. passman is meant as an example of how to design and implement a tool dealing with critical data - such as a password manager - that requires a sound choice of cryptographic primitives and a thorough evaluation of the trust chain. The following documentation covers the reasons and details behind the design and implementation choices.

Database structure

As shown in the first figure below, the database contains a table of entries and a set of parameters used for key generation (iter and salt) and encryption/decryption (nonce), as well as for integrity checks (entries HMAC and HMAC). The entries HMAC contains the SHA3-256-HMAC of the table of entries before encryption, and the HMAC contains the SHA3-256-HMAC of all the fields of the database except the HMAC field (obviously!). The HMAC field is used to perform two operations: i) authentication (only possible with the master password), ii) integrity check of the database. The entries HMAC field is used to check the integrity of the table of entries after decryption.

Fig.1 - Diagram of the database structure

Fig.2 - Diagram of the database structure showing which parameters are used for every HMAC

Detail the content of database entries and how they are handled.

Log structure

The log is structured as shown in the figures below.

Fig.3 - Diagram of the log structure

Fig.4 - Diagram of the log structure showing which parameters are used for every HMAC

Present diagrams and explain the content of the data structure representing the log. Emphasis on the HMAC and cryptographic mechanisms used to ensure data integrity and tamper proofing.

Commands

Present pseudocode of what happens for each command.

init

This command first starts by requesting the user to enter a master password twice. It then verifies whether the entered passwords match and starts by creating the $HOME/.passman directory, the $HOME/.passman/db file, and the $HOME/.passman/log file.

add

Detail what add does!

del

Detail what del does!

get

Detail what get does!

list

Detail what list does!

log

Detail what log does!

Security

Why is passman secure?

System basics: chmod, mkdir, mlockall, no coredumps, ...
The choice of cryptohgraphic primitives: Chacha20, PBKDF2, and SHA3-256.
The choice of a reliable source of cryptographic randomness (Linux getrandom).
The constant-timeness of the critical cryptographic and memory operations primitives. Robust against timing side-channel attacks.
No information related to the master password is stored anywhere. The encryption/decryption keys are generated on the fly using a KDF.
Multiple HMACs are calculated to ensure data integrity and tamper proofing.
The logs are stored in a blockchain that allows a higher robustness against tampering.
Secrets are only decrypted in memory, files remain encrypted on disk.
Secrets have short memory life cycles and are zeroed out as soon as they are no longer necessary.
Nonces are regenerated everytime the database and log files are modified.

Key generation and management

One usage, once key.

Nonce regeneration

One usage, once nonce.

What's lacking for better security?

Better memory protection using Linux Memory Protection Keys (pkeys)!
Stronger cryptographic primitives:
- replace Chacha20 by Chacha20+Poly1305 or XChacha20+Poly1305 for encryption with AEAD (Authenticated Encryption with Additional Data)
- replace PBKDF2 by Argon2 for key generation
- replace SHA3-256 by BLAKE2s for keyed hashing
Add a reversible secret based shuffle that scrambles the database entries in order to render the distribution of the data structure fields (or format) unpredictable. Currently, the data structures are dumped as is into a file making the fields encrypted content accessible.

How to securely backup the passman database?

Simply copy the $HOME/.passman directory in a secure location such as a LUKS encrypted or hardware encrypted flash drive.

References

Linux getrandom

Chacha20

PBKDF

SHA3

HMAC