I enjoy writing software, and on these pages you will find some free software that I have written to share. I also keep a blog of articles related to password security applications below. You can learn about me and also SamuraiSafe design considerations.
SamuraiSafe is a password manager for iOS and macOS. Almost ten years old now, it is free and supports Touch/Face ID and Password Autofill.
Samurai Search is an iOS app that searches source code, plain text and PDF files on your iOS device or in iCloud. You can then open selected files in your favourite editing/viewing app. Also free.
NOTE: Click the title below to see the complete article.
Password Security News
The psuedo random number generator (PRNG) being used to generate passwords for the Kaspersky Password Manager was very weak, and wasn’t not suitable for crytographic use. It was being seeded by the current time (in seconds), which meant that every instance of the Kaspersky Password Manager in the world would generate the exact same password at a given second. it was therefore very easy to bruteforce. It has subsequently been updated.
This article points out that if your iOS passcode is discovered, your passwords stored in the iOS KeyChain will be exposed. This is correct. The solution is to store your passwords somewhere else. Like SamuraiSafe.
SamuraiSafe resisted adopting password autofill of web pages within the web browser, as the implementations were often vulnerable to compromise. SamuraiSafe now adopts Apple’s AutoFill Credential Provider Extension interface which is built into iOS/iPadOS. It aims to avoid such vulnerabilities.
An analysis of five popular commercial password managers discussing previously disclosed vulnerabilities and exploits for newly discovered vulnerabilities. Many of the previously reported vulnerabilities have been found to persist.
An attack on server API used by a popular password manager. The exploit tricks the password manager server to disclose your encryption key. It arises from an interaction between a trusted extension user interface with web applications.
By analysing password managers in running states on Windows 10, ISE found a fatal flaw in an otherwise good password manager. This type of exploit requires malicous access to the OS, so potentially applies to macOS (or a jailbreaked/compromised iOS).
Diceware is an effective way of generating strong passwords by rolling dice. Ars notes the creator now recommends using six words where five were previously recommended. The SamuraiSafe passphrase feature is modelled on Diceware but uses a larger word list (~21,000 vs 7,776 for Diceware).
Should You Use a Password Manager? discusses the pros and cons of using a password manager. Am I An Idiot for Still Using a Password Manager? questions the risks of managers that store your data server side.