Master of nuggets, chicken bones and all other kinky food!

Security Engineering

Password Management Protocols

Password Management Protocols

Different applications use different type of Password Management Protocols. Mozilla Firefox web browser offers it’s users password saving option which allows users store different passwords for different websites. “It is quite handy that having a tool which remembers users’ passwords for different websites as it is common to have different passwords for different websites” (Weekes B, 2010)

Earlier versions of Firefox, stored user passwords in signons.txt file which was located in Mozilla profile directory. (Mozillazine, ‘nd’) Even though for long time this file is encrypted, it is not 100% hack proof. Having an option like “password manager tool” could also make users vulnerable against cross site scripting. Basically if there was a malicious link on one of the websites that user visits, clicking on to it may redirect user onto a phishing website and could cause security problems.

Signons.txt file now has changed to encrypted signons.sqllite (Sql Lite file) with new versions of Firefox. I haven’t tired to decrypt data from the file, but having login credentials in a file like this onto local hard drive doesn’t seem to be a good idea to me. Meanwhile Firefox offers its users sync option, which allows Firefox users to sync their browser data with Firefox’s servers. If this become more popular soon we may not have this complicated password management tools, instead we could use cloud.

Apple is another company who has its own Password Management Protocol, called Keychain. It also has slight issues like it uses computer’s default password as password. It also doesn’t log user out even after user switches computer off. (Beyondsecurity, 2011)

 

Byzantine Aggrement

Byzantine Aggreement

If we assume that one of the nodes is faulty, we could make nodes also talk to each other and make sure they are getting same messages.

For v1, If V0 is equal to V2 or V3, V1 can say that the message is correct and listen to V0

For v2, if V0 is equal to V1 or V3, v2 can listen to V0

For v3, if V0 is equal to V1 or V2, v1 can make sure it received correct information.

If any of the nodes receive a different message from 1 node, they can compare messages with other nodes and can find out which node is faulty.

 

References

‘Password Manager’, (nd), Mozillazine, [Online] available from http://kb.mozillazine.org/Password_Manager viewed 20 June 2012

‘Password Management Protocol’ (2011) ‘Beyondsecurity’ [Online] available from http://beyondsecurity.wordpress.com/2011/05/30/password-management-protocol/ viewed 20 June 2012

‘Weekes, B’ (2010) ‘Password Management Protocol In Mozilla Firefox’, ‘ISSA’, [Online] available from http://barbados.issa.org/articles/Password Management Protocol in Firefox.pdf viewed 20 June 2012

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>