Skip to content
This repository has been archived by the owner on Sep 6, 2021. It is now read-only.

Stored passphrases are not deleted when uninstalling #3

Open
tobihagemann opened this issue Dec 14, 2016 · 5 comments
Open

Stored passphrases are not deleted when uninstalling #3

tobihagemann opened this issue Dec 14, 2016 · 5 comments

Comments

@tobihagemann
Copy link
Member

From @RiseT on December 14, 2016 22:4

Basic Info

  • I'm running Cryptomator on: Windows 10, v1607, x64
  • I'm using Cryptomator in version: 1.2.3

Description

I've noticed that stored passphrases are not deleted when uninstalling Cryptomator. So when you reinstall Cryptomator (possibly after months, years, ...), the passphrase field is still filled with the passphrase.

I'd just like to point this out. I'm aware that this comes down rather to a design decision than a bug, but deleting them when uninstalling would be the more secure alternative imho.

Copied from original issue: cryptomator/cryptomator#414
@tobihagemann tobihagemann mentioned this issue Dec 14, 2016
Closed
@tobihagemann
Copy link
Member Author

Hey @RiseT! Just moved this here to the Windows installer repository, because we can't/won't fix this for other operating systems. But we can certainly also delete ~/AppData/Roaming/Cryptomator/ in the uninstaller.

tobihagemann added a commit that referenced this issue Dec 14, 2016
@tobihagemann
oops, of course we shouldn't delete the WHOLE application data folder…
d053052 
…, issue #3
@RiseT
Copy link

RiseT commented Dec 14, 2016

Question: Isn't the passphrase for each vault stored in some OS-maintained key chain? So does the passphrase stay there after uninstalling? And is a new passphrase added to that key chain with each reinstallation (so there are several passphrases entries for a single vault stored in the key chain after a couple of reinstallations)? Or is the old one overwritten?

@tobihagemann
Copy link
Member Author

We're using Windows Data Protection (aka. DPAPI). "Arbitrary data can be encrypted using this API, although storing the encrypted data is up to the developer." [cited from Stack Overflow] That's why we're putting the encrypted data in ~/AppData/Roaming/Cryptomator/keychain.json.

There shouldn't be multiple passphrases stored in the keychain after reinstallation. If you create a new vault or add an existing one to Cryptomator, a randomly-generated ID will be stored in settings.json for the vault. This is also the association for keychain.json. I don't think a reinstallation of Cryptomator will have any effect on both these files, because they don't get deleted in the current uninstaller.

Btw, from the Stack Overflow article I can see that there are other options to store passwords securely on Windows >=8: https://msdn.microsoft.com/en-us/library/windows/apps/xaml/hh465069.aspx

Hmmm... could be something to discuss for a future version...

@overheadhunter overheadhunter mentioned this issue Aug 26, 2019
Closed
overheadhunter added a commit that referenced this issue Sep 19, 2019
@overheadhunter
Reverting 0b2aa7f and d053052, fixes #19, reopens #3
d6b2bac
@overheadhunter
Copy link
Member

#19 is more severe than #3. If we can figure out how to ask the user whether all settings should be deleted, this would be ideal. Otherwise this is a wont-fix issue.

@infeo
Copy link
Member

infeo commented Apr 20, 2021

A more recent approach to store credentials would be using the Credential Manager API: https://docs.microsoft.com/en-us/windows/win32/secauthn/credentials-management

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@overheadhunter @tobihagemann @infeo @RiseT