class: center, middle, front #
passcake
browser-based encrypted credentials/notes #### "Grainfields Close-up At Golden Hour" by Daniela Simona Temneanu from NounProject.com ??? Notes go here and will be in the source but not displayed --- ## outline 1. passwords are going to be around for a bit 1. scratching my own itch 1. demonstration 1. architecture 1. potential uses and future work --- ## passwords are going to be around for a bit - most existing well-maintained sites still offer email/password logins. ([airbnb](https://www.airbnb.com/signup_login) offers many authentication options, email and password are still present) - websites without active development teams will offer email/password for the foreseeable future. (small organizations, community sites, ...) - keeping those passwords safe is fraught and difficult across devices ??? --- ## scratching my own itch - i currently use an encrypted text file and copy-paste - i want to do better - minimal dependencies on a third-parties if possible - copy-paste is more insecure than i thought! - browser extensions seem like a ___weak___ link in the chain - could i run this kind of service myself and administer it for use by my family? ??? --- ## demonstration (registration) - register user - save the resulting link for new homepage as a bookmark - copy and save the passcake bookmarklet as a bookmark ---
??? --- ## demonstration (add a credential) - enter password and authenticate to return list of saved credentials - submit a new credential - optional URL for the site to allow opening - optional identifier to be copied to the clipboard ---
??? --- ## demonstration (use a credential) - enter password and authenticate to return list of saved credentials - click on item to open that website, which: - copies identifier to the clipboard - keeps a reference to the newly opened window - removes the window.opener reference - in newly opened window paste identifier from clipboard, progress to password field entry and click bookmarklet, which: - tries to identify the HTML element - registers an event listener - return to ___passcake___ window and click
passcake
button on credential, which - accesses password and sends it to the opened window ---
??? --- ## architecture (Alice is client, Bob is server) An OPAQUE credential file is created for each user in an OPAQUE register flow and stored in KV for general authentication and listing of the credentials saved by that user. ![OPAQUE register](https://user-images.githubusercontent.com/232306/167926556-ba35423e-f094-4f87-8a5d-1504f3a55931.png) ??? --- ## architecture (Alice is client, Bob is server) Each credential stored by a user is another OPAQUE register flow followed by an OPAQUE auth flow during which the user AES encrypts their secret using the stable __export key__ resulting from auth and transmits that blob using the __session key__ that server and client share per auth exchange. By convention, sending a data blob during auth stores that encrypted data and not sending one retrieves the existing encrypted data. ![OPAQUE auth](https://user-images.githubusercontent.com/232306/167886773-838893ec-07ae-4419-9e07-df38f3f9eb73.png) ??? --- ## architecture (data store) Workers KV contains entries like the following: ```json { key: "my@email.com", data: "", metadata: { credential_file: "
", url: "" } } ``` which are used for general authentication (and used when returning a list of KV key prefixes for a user to populate the credential list). An entry is also present
per saved credential
with key ```"
:
:(identifier)"```. These contain the encrypted secret data and may optionally include a ___url___ that can be used for navigating to the site for that credential: ```json { key: "my@email.com:Gmail:gmail_identifier", data: "
", metadata: { credential_file: "
", url: "https://accounts.google.com" } } } ``` ??? --- ## architecture (client behaviour) - the ___passcake___ webpage intends to operate like a list of bookmarks (for those credentials that include a URL) - when a link is clicked the identifier value (for those credentials that include one) is copied to the clipboard before the URL is opened in a new window - to avoid copying sensitive data to the clipboard passwords can be sent using the browser postMessage API from the passcake page to windows that it has opened - a postMessage listener is registed on the receiving window, user returns to the passcake window and then a message with password is sent to the receiver ###
passwords a piece of cake ...pass-the-cake ...OPAQUE ...PAKE ...cake ...mmmm.
--- ## notes - ___passcake___ can only
postMessage
to windows that it has opened - every credential item opens a specific window and saves that reference so that
passcake
can only send the secret to that particular window. --- ## potential uses and future work - bring back the idea of setting a browser "home page" (that is not search!) - add icons for browser health (to indicate things like "are my DNS queries private?") so this information is always visible - allow deletion and editing of credentials - make user interface more attractive - get touch bookmarklet to work right for mobile - improve mouse bookmarklet