Direkt zum Hauptbereich

Password Manager Security?

Some months have passed since the german IT news platform golem.de published an article reporting that password managers keep the passwords in memory unencrytped. Today I took the chance to make me my own picture of the problem.

I used Keepass for my little Test. First, I created a new password database and protected it with a password.

Step 1: Create a new encrypted password database
Then I deleted the sample entries and created a new one with a certain password (password: "Hidden information 3214" ... whoops!). The result is, that the password is not shown in the Window.

Step 2: Create an entry with a password
Next, I copied the password over selecting the entry item in Keepass and pressing Ctrl+C and started a hex editor, HxD, to read out the process memory of Keepass (you could also read all processes memory).

Step 3: Reading process memory of KeePass
The last step was to search for a part of the password string (here: "Hidden in"). The result was not surprising. The clear test password appeared near memory offset 0x3A2F770.

Result: My password in clear text
The performed experiment has some restrictions: You need to read the process memory within KeePass' time span it keeps the password in memory (because KeePass also deletes the visible password from memory again).
Labels:

Kommentare

Kommentar veröffentlichen

Beliebte Posts aus diesem Blog

Pi And More 11 - QMC5883 Magnetic Field Sensor Class

A little aside from the analytical topics of this blog, I also was occupied with a little ubiquitous computing project. It was about machine learning with a magnetic field sensor, the QMC5883. In the Arduino module GY-271, usually the chip HMC5883 is equipped. Unfortunately, in cheap modules from china, another chip is used: the QMC5883. And, as a matter of course, the software library used for the HMC5883 does not work with the QMC version, because the I2C adress and the usage is a little bit different. Another problem to me was, that I  didn't find any proper working source codes for that little magnetic field device, and so I had to debug a source code I found for Arduino at Github  (thanks to dthain ). Unfortunately it didn't work properly at this time, and to change it for the Raspberry Pi into Python. Below you can find the "driver" module for the GY-271 with the QMC5883 chip. Sorry for the bad documentation, but at least it will work on a Raspberry Pi 3. ...
1 Kommentar
Mehr anzeigen

Lazarus IDE and TOracleConnection - A How-To

Free programming IDEs are a great benefit for everybody who's interested in Programming and for little but ambitious companies. One of these free IDEs is the Lazarus IDE . It's a "clone" of the Delphi IDE by Embarcadero (originally by Borland). But actually Lazarus is much more than a clone: Using the Free Pascal-Compiler , it was platform-independent and cross-compiling since it was started. I am using Lazarus very often - especially for building GUIs easily because Java is still Stone-Age when a GUI is required (though there is a couple of GUI-building tools - they all are much less performant than Delphi / Lazarus). In defiance of all benefits of Lazarus there still is one Problem. Not all Components are designed for use on a 64 bit systems. Considering that 64 bit CPUs are common in ordinary PCs since at least 2008, this is very anpleasant. One of the components which will not be available on 64 bit installations is the TOracleConnection of Lazarus' SQLDB ...
Kommentar veröffentlichen
Mehr anzeigen

How to use TOracleConnection under Lazarus for Win64

Lazarus Programmers have had no possibility to use TOracleConnection under 64 Bit Windows and Lazarus for years. Even if you tried to use the TOracleConnection with a correctly configured Oracle 11g client, you were not able to connect to the Oracle Database. The error message was always: ORA-12154: TNS:could not resolve the connect identifier specified Today I found a simple workaround to fix this problem. It seems like the OCI.DLL from Oracle Client 11g2 is buggy. All my attempts to find identify the error ended here. I could exclude problems with the TNS systems in Oracle - or the Free Pascal file oracleconnection.pp though the error messages suggestes those problems. After investigating the function calls with Process Monitor (Procmon) I found out, that even the file TNSNAMES.ORA was found and read correctly by the Lazarus Test applictaion. So trouble with files not found or wrong Registry keys could also be eliminated. Finally I installed the Oracle Instant Client 12.1c - aft...
1 Kommentar
Mehr anzeigen