Conference ProceedingsOPEN ACCESS

On the security of password manager database formats

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2012) 7459 LNCS 770-787
DOI: 10.1007/978-3-642-33167-1_44
36Citations
Citations of this article
119Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

Password managers are critical pieces of software relied upon by users to securely store valuable and sensitive information, from online banking passwords and login credentials to passport- and social security numbers. Surprisingly, there has been very little academic research on the security these applications provide. This paper presents the first rigorous analysis of storage formats used by popular password managers. We define two realistic security models, designed to represent the capabilities of real-world adversaries. We then show how specific vulnerabilities in our models allow an adversary to implement practical attacks. Our analysis shows that most password manager database formats are broken even against weak adversaries. © 2012 Springer-Verlag.

Cite

CITATION STYLE

APA

Gasti, P., & Rasmussen, K. B. (2012). On the security of password manager database formats. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7459 LNCS, pp. 770–787). https://doi.org/10.1007/978-3-642-33167-1_44

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free