Hacker News new | ask | show | jobs
by mehrdadn 2428 days ago
What kinds of issues are you expecting? Short of actively writing malicious code, I feel like it's hard to get things terribly wrong in an offline password manager when adding a new feature? There are various mitigations you can put in against some potential attacks, but they're generally secondary lines of defense that require other breaches to occur first.
1 comments
ta0987 2428 days ago
I don't know, that's why I'm asking the question.

I've seen enough security bugs that I don't want to trust the gut feelings of a non-expert, such as myself. One example I can think of is another password manager that used random numbers incorrectly putting a bias in the random passwords it was generating.

link
mehrdadn 2428 days ago
Well something like that is core to the password manager, and already introduced into the product since the beginning. If the maintainer has been competent enough to use (say) a secure RNG until now, he's not going to suddenly mess it up when adding a new feature.

Which is not to say it's a bad idea to get expert vetting for something like this (it's obviously an ultra-safe approach), but it helps to try to put things in context yourself, so that you don't have to find an expert every time you need to make a security decision. In the context of a desktop password manager, there isn't a terrible lot that can go wrong by accident and suddenly result in password exposure once the core product is formed and secure. If it happens, it'd be almost certainly due to a new maintainer coming along and somehow checking in unsafe code, rather than the current maintainers (say) suddenly forgetting they shouldn't call rand() or accidentally saving plaintext passwords on a disk.

link
panpanna 2427 days ago
> If the maintainer has been competent enough to use ...

In security you are considered incompetent until proven otherwise.

I don't want some random dude to protect my passwords just to realize a year later that he did a "little mistake"

link
mehrdadn 2427 days ago
>> If the maintainer has been competent enough to use ...

> In security you are considered incompetent until proven otherwise.

And didn't my quote literally say "if the maintainer has been competent enough"?

link