On the Security of Password Manager Database Formats

Password managers are critical pieces of software relied upon by users to securely store valuable and sensitive information, from online banking passwords and login credentials to passport- and social security numbers. Surprisingly, there has been very little academic research on the security these applications provide.

[1]  Joseph Bonneau,et al.  The Password Thicket: Technical and Market Failures in Human Authentication on the Web , 2010, WEIS.

[2]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[3]  Hui Luo,et al.  A common password method for protection of multiple accounts , 2003, 14th IEEE Proceedings on Personal, Indoor and Mobile Radio Communications, 2003. PIMRC 2003..

[4]  Ivan Damgård,et al.  Expanding Pseudorandom Functions; or: From Known-Plaintext Security to Chosen-Plaintext Security , 2002, CRYPTO.

[5]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[6]  Matthew J. B. Robshaw,et al.  New Stream Cipher Designs: The eSTREAM Finalists , 2008 .

[7]  Jonathan Katz,et al.  Unforgeable Encryption and Chosen Ciphertext Secure Modes of Operation , 2000, FSE.

[8]  M. Raghunath,et al.  A Wristwatch-Computer Based Password-Vault , 2005 .

[9]  Burkhard Englert,et al.  On the design and implementation of a secure online password vault , 2009, ICHIT '09.

[10]  Amir Herzberg,et al.  Why Johnny can't surf (safely)? Attacks and defenses for web users , 2009, Comput. Secur..

[11]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[12]  Johan Karlsson Internet Explorer 9 , 2010 .

[13]  Chanathip Namprempre,et al.  Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm , 2000, Journal of Cryptology.

[14]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[15]  Janice Y. Tsai,et al.  Soups 2006 , 2006, IEEE Security & Privacy Magazine.

[16]  Bruce Schneier,et al.  The Twofish encryption algorithm: a 128-bit block cipher , 1999 .

[17]  Martin R. Gibbs,et al.  Mediating intimacy: designing technologies to support strong-tie relationships , 2005, CHI.

[18]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[19]  Daniel J. Bernstein,et al.  The Salsa20 Family of Stream Ciphers , 2008, The eSTREAM Finalists.

[20]  Edward W. Felten,et al.  Password management strategies for online accounts , 2006, SOUPS '06.

[21]  Gabor Blasko,et al.  IBM Research Report A Wristwatch-Computer Based Password-Vault , 2005 .