-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closing: BWN-01-008 – Malicious API server could steal organization encryption keys #392
Comments
Thanks for the suggestion, however, I am not sure I understand how this would fit into the a design to provide public key authentication to the Bitwarden clients
I am coming at this with no experience in using blockchain technologies before, though I do have a basic understanding of how they work. |
I'd hesitate to call this ledger design a blockchain for various reasons. You can have two separate ledgers:
If you decide that only one of the two is necessary, that's fine too. The basic idea is that you can force public keys to be committed to the ledger in order to be trustworthy. In the first case, you're authenticating local users' public keys in a way that is auditable even if the API server is malicious (i.e. hacked). In the second case, you're authenticating the servers themselves. The latter might be less useful. This allows you to verify public keys even in the presence of a malicious API server, and even in the worst case scenario (a collusion between the malicious API server and ledger), you create an irrevocable audit trail of the compromise which allows investigators to narrow down who was affected (n.b. it's really obvious when only one public key is swapped out). This is assuming attacks succeed; if suddenly a public key changes for another user, you could simply block the change unless it's recorded in the ledger and then only accept it based on some policy (e.g. user acknowledgement). It may be helpful to review exactly which issue I'm seeking to address here:
...and...
A lot of the explanation from this section of the report is actually incorrect in general (but correct as Bitwarden is currently implemented). There are ways to address these server trust issues without requiring self-hosting. What I proposed above is a solution that allows an API server to verifiably respect the principle of least authority. |
We use GitHub issues as a place to track bugs and other development related issues. The Bitwarden Community Forums has a section for submitting, voting for, and discussing product feature requests like this one. Please sign up on our forums and search to see if this request already exists. If so, you can vote for it and contribute to any discussions about it. If not, you can re-create the request there so that it can be properly tracked. This issue will now be closed. Thanks! |
Despite what the Cure53 audit report says, this isn't an intractable problem. Solving it isn't drop-dead-simple, but 90% of the work is done already. The problem is related to the problem of secure code delivery although with focus almost exclusively on public keys rather than update files.
All you need to do is maintain an append-only cryptographic ledger of Bitwarden servers and their public keys. Chronicle was specifically designed for these sorts of use-cases.
Then you can simply add a process publish all servers' public keys into this ledger. This allows you to build an independently auditable history of all public-key <-> identity associations. Any attempt to backdoor a Bitwarden user will be irrevocably detectable, since attackers will have to announce their presence to all users in order for any user to accept their malicious public key.
Not only does this provide confidence that nobody has provided a malicious public key, it also serves as a legal deterrence to nation states that cannot compromise computers in their own country (i.e. NSA).
This deterrence is a consequence of the userbase consistency feature: In order to compromise anyone, you have to put everyone at risk. Additionally, you abandon all stealth in doing so.
The text was updated successfully, but these errors were encountered: