130 comments

[ 4.4 ms ] story [ 206 ms ] thread
We're very excited to make this available to the community and welcome pull requests, bug reports, etc..

Pitch in on Github: https://github.com/mitro-co/mitro

Congratulations on the release guys.

Would you mind talking about your strengths and weaknesses compared to KeepassX?

For starters, maybe we should ask why Mitro is only using 128­bit AES (stated in their PDF design doc)?
AES-256 is not the most secure variant of AES any longer, as it appears that variant with key extension improves certain types of attacks. One of those, called a related key attack, requires only 2^119 time against AES-256, and 2^172 time against AES-192. (Time against AES-128 is approximately 2^128, I'd wager about 2^126-127).

This is a very particular kind of attack, however, and it doesn't necessarily mean other weaknesses will be exposed. Cryptographers, though, are a conservative sort by nature, and many feel more comfortable sticking with AES-128, which was part of the original Rijndael specification and what was designed most rigorously. AES-128 also seems to have had the fewest weaknesses developed against it. The fact that any attack succeeded in reducing AES-256 to below AES-128's security can give crypto folks pause.

I think realistically they are all very safe and AES-128 is unlikely to be broken by anything within the next decade. After that? I wouldn't wager.

I liked the idea of a free and open-source password manager. It seems that Mitro has been around for nearly a year.[1].

It does not seem anywhere near as mature as Lastpass though. There are no additional features such as a credit card or notes store. Also, it seems buggy since I was only able to login once through the Chrome extension.

I guess I will stick with Lastpass for now.

If I can host my own server, this sounds like a very promising solution.
That is absolutely the intention. Currently the docs are lacking, but we will try to add directions about running your own server in the next few days.
You should consider porting it to sandstorm.io - that would be perfect!
Will there be an option to use your own server in the chrome extension and android app? Or will I have to compile both with my custom server address?
The chrome extension already supports this via an option on a hidden preferences page: chrome-extension://EXTENSIONID/html/preferences.html
I've been looking for open-source alternatives to LastPass. I'll give this a whirl -- thanks!
I would suggest Password Gorilla if you don't want your passwords stored in the cloud.
This looks really great, sadly this is the type of product where being an early adopter makes me nervous, but after a few minutes of playing with it I'm impressed with the UI.

I love the functionality of LastPass, I really do, but man their UI is terrible. I trust them from a security front though and in the end that is what matters most to me.

If Mitro builds up that same rep then I'll switch over, but until then waiting it out. (sorry!)

The UI is indeed awesome. I'd love to see a little more development on the features (doesn't support wildcard domains, for example). But it's definitely a great starting point to work on.
Aw, your comment about the UI made my day. Wildcard domains didn't come up at all as a use case—interesting you bring it up. Since it's open source now, I'll upload the rest of the UI design that hasn't been implemented yet which supports a few other features. Anything else you'd like to see?
I'm with you on that - I'm an early adopter for many, many things, but security software is not one of them. I'm happy to play with it a little, but I'm not certainly going to migrate my passwords until it's show to be relatively reliable (and long-lived)!
Aw, thanks for the UI love, nicpottier! I appreciate the support.
Yeah, that's the thing. LP doesn't give any love to their design.
This looks great. I'm a diehard 1Password user, and that probably won't change, but I love having open source options that have great features.
Since the company has been acquired what are the plans for the service? http://labs.mitro.co/ says that "The service will continue to operate as-is for the foreseeable future." but there is a lot of ambiguity in 'forseeable.'

While I really appreciate the value of having the client and server code open sourced I don't want to run my own server nor do I want to sign up for a service that, with the changes that will likely happen after the acquisition, could disappear without a lot of warning.

Can anyone clear this up? from Mitro, EFF?

Congrats and thanks!

I'm in the same boat here... What will happen?
"Mitro has committed to funding continued operations of its servers until at least the end of 2014. If their code proves to be secure and popular with the community, we will be advising them on how to create a sustainable home for that infrastructure.". Erh. Yes, so I'll be staying on KeePass, strategically "cloud" backupped in encrypted form to my email address (also, yes, this does not solve Android integration..etc. so suggestions are welcome!)
I recently started using KeePass2Android [1] instead of KeePassDroid. It has some features I really like, like cloudstorage integration with Google Drive, Dropbox and more.

[1] https://play.google.com/store/apps/details?id=keepass2androi...

I really, really love KeePass2AndroidOffline. The app itself needs no permissions except the ability to read a file from the phone's local storage. Using OwnCloud's app and the "keep a file up to date" feature, I have my KeePass file synced to my various computers and my phone. Plus, KP2A has the "type this password for me" keyboard instead of relying on copy/paste. I didn't realize until I read the docs for another project, the clipboard is an API that can be hooked by other apps to see what's on the clipboard. It makes obvious sense but I never thought about it.
thanks - swear I didn't notice that my first time through
The best thing would be if they would release the server software. That way you could run the software yourself and be totally independent. If that happens, I'm totally on board. Now I'm still on the fence between this and LastPass
The secret sharing across teams works which is good (LastPass's organization features are broken), but saving secrets is very slow right now.
How are LastPass' organization features broken? Over 7,500 companies are using them successfully.

https://enterprise.lastpass.com/enterprise-administration-ba...

I'm sure a lot do, but when we tried to set it up this past Wednesday, we couldn't get it to actually share credentials. Perhaps we were using it wrong, but if we couldn't get it to just work in an hour, there's a fundamental problem with the product.
We use LastPass internally, specifically to share long random passwords among the people that need them.

It's not been a flawless experience, but it works -- what are the problems you've seen?

We were unable to get LastPass to actually share passwords at all. Created a shared folder with some passwords, checked to see if a coworker could see it, and sometimes they could see it, but most of the times the folder wouldn't show up at all. Spent at least an hour just debugging why this was happening, but we kept getting totally inconsistent results.

I say this as a mostly satisfied LastPass (Personal) user.

Ah, right -- we've got some odd behavior there as well; newly-shared folders not showing up in particular.

I suspect there are bugs in how the (locally-cached) LastPass vault stays up to date, possibly coupled with a delay on the server side for updates to be propagated to all vaults.

Just from my experience working with encryption... I'll bet the sharing process is fiddly, and they have some unresolved flow problems. E.g., imagine a new folder share offer is encrypted and queued for the recipient's vault, and can't be merged in until the recipient next signs in... but depending on their browser plugin settings, they may only sign in once every few weeks. So the plugin pings for queued updates and can send up auth keys... but already we're getting into enough complexity that bugs would be likely.

(I don't actually know how their folder sharing functions, but deploying encryption where the server only occasionally has the keys can quickly make simple requirements turn into Rube Goldburg contraptions...).

In our case, the shared folders eventually showed up for everyone (we specifically tried signing out of LastPass and restarting browsers... though I don't think we quite nailed down an "always works" solution), and once the basic shared folders were set up, it was smoother sailing.

I received this by email shortly after installing Mitro:

"Congratulations on adding your first secret to Mitro"

This makes me a little uncomfortable. How do they know? Why should they know?

Edit: I could not find those words in the github repo.

Secrets are stored on Mitro's servers. Presumably -- hopefully -- the passwords themselves are encrypted. Edit: Ah, yes:

    Mitro is distinctive amongst free/open source password managers
    in that it's architected around cloud storage. For security,
    the online password databases are encrypted with client-side
    keys derived from your master password. For availability, they
    are mirrored across three cloud storage providers. With this
    design ... passwords can be synchronized across all of your
    computers and devices with minimal effort.
This I understand very well.

So presumably they sent the email only after I sent them the first "blob of gibberish" telling them I added _at least_ one entry to my password database.

Presumably they don't know if and when or how may entries I have. In this case they only noticed the first time I sent in my encrypted database.

No information or demo on the webpage = Worthless.
Presumably the code is released first, then the documentation is created. It sounds like the product wasn't initially developed with the idea that it would be released to others. That doesn't make it worthless. If Twitter spent the time + money to acquire them and open-source their product, I would assume that they have a vested interest in doing more than just dumping the code on Github and ignoring it.
Currently using KeePassX + Dropbox. What sort of benefits would I get from Mitro?
Currently, this is the best option. Though I recommend KeePass proper as opposed to X since KeePassX's last stable release was over 4 years ago and they've only pushed out alpha builds since then.
Unfortunately, if you want to run on Linux, KeePassX is the best choice. KeePass "proper" does work on Linux under Mono, but the UI is pretty buggy (textfields don't render the cursor in the right place, and the UI just looks awful in general). I really do wish there was a better native Linux client - some new features would be nice.
There are several good reasons to use KeePassX over Keepass, even with the current status of Alpha 6 in the KeePassX 2 series.

* KeePassX has a consistent UI across Windows, OS X, Linux * It's a small, portable binary. I've had good luck running the Windows and Linux binaries off of USD drives. * Alpha 5 and Alpha 6 have been really stable. I started using Alpha 5 and haven't had a need to look back.

I've been recommending KeePassX as the go-to password manager for Windows, OS X, and Linux over Keepass.

I use Keepass2 exclusively now(started using it this past year due to needing windows and cloud sync support) and have had no major issues across linux and windows. I guess YMMV, but it's been a great success for me.
Not keeping sensitive data in Dropbox.
Even if it's encrypted?
The KeePass database is strongly-encrypted before you put it up on Dropbox, so you're not relying on Dropbox's own encryption (I wouldn't either).
I refer you to the techdirt article linked above. If you upload a KeePass file to dropbox now, you may be vulnerable to a way of cracking keepass files available at some future date.
This shouldn't matter here, if you regularly rotate passwords and KeePass itself is regularly updated to fix security vulnerabilities.
Yup; but I'd say you're letting the perfect be the enemy of the pretty damned good.

KeePass' encryption is quite solid -- if it starts to show some cracks in the face of quantum computers or whatnot somewhere in the future, I can always upgrade and change my passwords so the old database isn't valuable any more.

That'd be a PITA, but I don't expect this to happen -- nor for the govt to come up with a huge vulnerability that no one else sees -- so that's the kind of bet I'm comfortable taking.

Is there a "secure" way to get a KeePass file onto an iPhone if Dropbox isn't safe?

I don't need realtime sync, I'm happy to manually copy it across when I make changes, just curious what the proper way to do it is, if not via Dropbox.

I'm in the same boat (KeePassX and Dropbox), but I have been thinking about a peer-to-peer sync option. I don't need it to sync on WAN, just LAN sync is probably good enough for me. If it syncs between my couple of laptops and my phone, that's good enough for me. I have to see if BitTorrent Sync helps me do this.
It would be nice since I don't have to remember any passwords anymore, if Mitro would generate password strings for me.
I wonder if they have any plans for a phone app.
iOS and Android apps are available on the respective app stores now. Note that the Android app might be vulnerable to clipboard hijacking, as described in http://fc13.ifca.ai/proc/4-2.pdf
I imported my LastPass vault into Mitro, but can't get it to auto-fill pages I have stored data for. I have to search for the page and then click "sign in"..

Am I wrong in expecting it to work exactly like Lastpass did?

Strange, if the URL is shown in the 'details' view, the dropdown should show up. If not, please email inbound@mitro.co.
It would be cool if they developed this using something like RemoteStorage so you don't have to tie yourself to their server backend, which they say they're only committed to keeping around until the end of the year.
I'm a 1password user, but I'll definitely be checking this out. Having recently switched to Windows, I'm liking it a lot less. To put it charitably, their Windows version is not quite as nice as the Mac and iOS releases.

It's a sunk cost at this point, but owning 1password on 3 platforms is expensive. $70 for my laptop and desktop, and another $18 for my phone. But I bought into it because the Mac version is great and I was primarily a Mac user at the time. Oh well.

Yeah, I get the feeling they don't care about their Windows users at all. I just try to ignore the Windows desktop app because at least the Chrome extension is fine in Windows.
There's a v4 beta for Windows, which is very similar to the Mac version. Better than the stable v3.

I'm using it on Linux (under Wine) and works well. The Chrome extension is a lot better.

> There's a v4 beta for Windows, which is very similar to the Mac version. Better than the stable v3.

Agreed. The v4 Windows client is much, much better than the old v3 - and finally allows you to use the same Chrome extension. I previously had to run two versions of the extension (and all the frustration that brings) if I wanted to use 1Password on my Windows installs.

Wait, you switched from Mac to Windows? How's that going?
Honestly, it's going great. I've been a Mac user pretty much forever (the first home computer I used was running System 7), but now I'm on a Surface Pro 3 with Windows 8. It's a fantastic computer. The last thing that made me think "Oh shit I'm living in the future" this much was my first iPod Touch.

I'd been dual-booting OS X / Windows on my desktop already because Apple's GPU drivers are garbage, so it wasn't a huge step. Dropping OS X completely was mostly based on being a game dev hobbyist who's doing a lot of 3D work and digital painting. OS X had turned into a web browsing and email platform for me, and I can do that just as well elsewhere.

The experience with 1password is far from unusual though; Windows doesn't have a lot of developers making software of any quality. For every Mac program I try to find a substitute for, Windows has 30 different options that are all equally bad (looking at you, IRC clients that aren't Colloquy). So if you rely on a lot of little 3rd party software, it's not a good ecosystem. But if all you need is Firefox, blender, Unreal Engine, and Substance Designer, it's not a problem.

And that's not even mentioning the price of a Mac with an upgradable GPU. I could do yearly GPU upgrades on my desktop and still be cheaper than a baseline Mac Pro.

If you stay within the Apple ecosystem, 1Password is great. If you stray outside of that bubble, not so great. Their Android app sucks (quit putting an icon in my system bar every time I open the app, for starters), and the Windows version isn't so hot, either.

Yeah, it's pricey, but in the end I think it's worth the aggravation and time it saves me.

I heard that you have to do this in order to not get killed when inactive.
That's the annoying part. I'm not privy to the internal workings, but I just need the app to fire up and stick something on the clipboard. After that, let the OS kill you off because I'll fire you back up again ad hoc.

The notification says it's synchronizing with my chosen cloud provider, maybe it doesn't want to get inadvertently killed during that process. Okay, fair enough. But can't the notification be removed after it's done? (An honest, if rhetorical question; don't know enough about Android to say for sure.) I have enough special snowflake apps sticking their crap in the notification bar, one less would be nice.

I work for AgileBits, the makers of 1Password.

You are not alone in requesting less clutter in the notification drawer. This is a popular request that we have received from a number of our customers.

We pride ourselves in considering all feedback from our customers and I'm happy to say that we've made improvements in this area. In our upcoming 4.1 update, successful sync notifications will be automatically cleared from the notification drawer.

We are planning to release the 4.1 update on August 19th. Feel free to read our blog post for additional details: http://blog.agilebits.com/2014/07/26/1password-4-for-android...

Check out dashlane : https://www.dashlane.com/ I've been using it for a while and Its much nicer that 1Password.

It has desktop app, a browser extension as well as android and iOS apps.

I tried dashlane when it first came out. Pegged my CPU and uninstalled it immediately. I assume it's improved since then, but that was a major turn-off.
There's no method to reset Mitro, so if you're like me and Mitro ran into an error partway through importing your KeePass database, you won't be able to reset Mitro and try importing with a different method.

Do I seriously have to click manage->delete secret thousands of times just to reset Mitro?

Not really, nobody is forcing you to delete everything manually. You can always implement the feature yourself!

(Sorry, didn't meant to be that guy, but seriously don't know why people expect a clearly new piece of open source software to do everything they want.)

(comment deleted)
Apparently, it's just been open sourced but it's not a new project
"Good security practices require us to use different passwords for most or all of the websites .... remembering all of your passwords requires an inhuman display of memory."

It actually is possible to create unique passwords for every website and remember them without inhuman displays of memory. To do so, there are two basic things you need to remember:

1) A unique base password 2) A simple hashing function

The input to the hashing function can be the company's name or website address (an overly simplified example - your hashing function could be the first two characters of the website's domain name). A unique password for any website could then be:

password = hash_function(domain) + base_password

A very simple way to create unique passwords for every website, inhuman memorization skills not required.

Except if your password gets compromised on two sites than hackers could identify the pattern and compromise every account you have.
Yes, but that is also the case if your password manager's password gets compromised.
that's a very very different scenario. your password manager's password is not sent over the wire, and you know it to have very secure hashing. it is stored only on your hardware

not so with external websites — if you use the proposed strategy on two websites with poor security (something which is completely opaque to you), your passwords are compromised.

I used this form for a while but realized that if someone is doing a targeted attack specifically on you and happens to find a single compromised password of yours, all the others are only a few guesses away. It's better than re-using passwords, but still worse than using truly unique ones.
If you're being specifically targeted, the key is accessing your email.
Does the Firefox add-on not work, or is it just me? (It seems like it's trying to load the full-size desktop page in the little drop-down window. Firefox 31 on Win7.)
I'll use this as an opportunity to give a shout out for my new favorite password manager: pass [0]

It uses gpg to encrypt passwords that are then stored locally, but can be synced using Dropbox, rsync, unison, etc. It is a command line program, so it doesn't have things like browser integration, but on a mac, a little Automator magic alleviates most of that pain. Besides, after trying 1password, lastpass, and a few others, the browser integration was usually a source of frustration instead of convenience.

For my setup, I have a keyboard combo mapped to an Automator action that gets the current URL from Safari, passes it to a shell script that strips out the hostname, then uses pass to copy the password to the clipboard for 45 seconds. Then, I use another script to have a notification pop up with my username in case I've forgotten it. So I press "cmd+\", then a second later I have my password in the clipboard and my username showing on a temporary desktop notification.

I'm also using pass to store bank credentials, software keys, and other things. I also have it set up to use a different gpg key to keep a journal. It has turned out to be a very versatile and reliable piece of software.

[0] http://www.passwordstore.org

Very nice, but:

1) one of the reasons I use a password store is to share passwords with my wife. I can't imagine her using this 2) iPhone? Android? 3) 1password's integration with the browser is very helpful: since I've been using a linux box as my day-to-day machine (where 1password doesn't have a native version), I've been using it significantly less, because it adds friction. On Mac OS, I would just auto-gen a horrific 12-16 character random password for any website, and have it automatically saved to my 1password.

As you might guess, I have high hopes for Mitro, especially if they (well, I guess it's now we) can create a compelling don't-use-their-host story (either hosted, or file-based (eg. dropbox)) and pass at least a cursory security smoke test. :-)

I'd love to find a way to securely share passwords with mobile devices. But from what I understand, there's no very secure way to do it on Android. If you store a private key on the device then other applications may have access to it. And with iOS, each app is its own silo, so I'm not sure how you'd get password autocomplete working. An ideal solution would allow selective sharing because there are some secrets you wouldn't want stored on your mobile device.
Applications are separated by Linux permissions on android. Attempting to read or write to other application directories simply won't work. Your fear is not correct for the average case user
>Android

It depends on how you do it. If you use the local app storage, it's protected via the OS. Only the App itself can read/write from it.

If you use "USB Storage" then the data is stored on the sd card or equivalent. Any other app with the USB Storage permission can read or write to that directory and it's very much not secured.

As for interfacing with other apps to "autocomplete" your password, there are permissions and ways to do that too, although I can't speak for them since I've never done it.

You're absolutely right -- my setup comes with a lot of limitations. They are ones that I'm happy living with, but when family and friends ask for advice on passwords I point them to 1Password. Hopefully Mitro will become my new recommendation!
That is limitations I could live with, I'm interested to give it a go. Could you post the scripts on pastie/github by any chance to spare me some dev time? or my mail is in my profile
I'll use this as an opportunity to give a shout out for my own unix password manager that I started writing because I did not like some design choices of pass: pw [1].

From the homepage:

> pw is an alternative to pass, keepassx and other similar programs.

> The main points of pw are:

> * The passwords are stored using a simple line-based text format.

> * Passwords can be protected using public-key encryption or symmetric encryption. Or both.

> * No information about the accounts is stored in clear-text.

> * All the work is done using only GPG and Unix tools.

> * The output is easy to use in pipeline with other tools.

> * Follows the XDG Base Directory specification: no clutter in your home directory.

[1] https://github.com/gioele/pw

That looks neat -- I've been using a somewhat similar little home-baked thing of my own (simple shell script wrapping gpg), largely because I wanted a simple command-line password manager and this 'pass' thing I've been seeing linked in various places strikes me as (a) pretty poorly designed and (b) quite over-sold -- e.g. its author declaring it "standard" when it's clearly nothing of the sort is rather off-putting. There've been patches posted on the xmonad development mailing list recently adding support for it, but I'm really hoping they don't get integrated because I don't view encouraging increased use of it as a good thing.
What was your usage patterns with lastpass? For my use cases it works extremely well.
How does this compare to letting Firefox remember my passwords and sync them via Firefox Sync?
I don't know much about Mitro but most Password software don't store your passwords as plaintext on your computer. They also don't make it easy to generate random password under certain criteria.

Personally, I'd trust Mozilla with at most my bookmarks/settings/tabs. Keep your security safer with people dedicated to just it. Doubt that's an endorsement for Mitro, though. At least for now.

It looks great. UI is really nice to look at.

Looking around, this has a long way to go before it is able to compete feature wise with current commercial managers.

Also, it's going to take a long time, security-wise, to get up to par with the current commercials as well. It sounds like I'm being harsh but there are a lot of possible issues to consider. An HSTS header would be a nice start......