|
ThreatModel
What situations are (not) protected against.
Docs-Technical All scenarios are from the perspective of what an attacker has managed to do or is trying to do. Only worst-case scenarios are considered below; it is assumed the attacker knows you use Oplop and what nicknames you use.
Overall, the attacker ...... knows one of your account passwords and its nicknameThe attacker has no easy way to find out your master password short of a brute-force attack to find out your master password, but even that is not very easy if you chose a strong master password! Oplop only uses 8 out of 24 digits of a base64 number. That means there are 64^16 (7.9E27) other possible values that have the same first 8 digits. Without another nickname and account password to help validate some things, brute forcing all reasonable master password character lengths to find a match to one account password does not necessarily provide you with the information to guarantee you found the proper master password. This also requires that someone knows you are using Oplop in the first place. But all bets are off if you do not choose a sufficiently strong master password! Suggestions are outlined in BestPractices. ... knows your master passwordThere is no protection; your master password must be changed and all accounts updated immediately. Attacker of the web app ...... tries to gain access to web serverSince Oplop is hosted on Google App Engine, the security of the files as served by Google are as safe as the Google accounts of all of the developers who have access to the App Engine account. Password selection best practices are followed by all people who have access to the account. ... attempts a Man-In-The-Middle attack between server and browserAll data transferred from Oplop to your browser passes over SSL. ... has physical access to the browserTo prevent very casual attempts to get at your master password, when you create an account password the nickname and master password you entered are cleared. But anyone with basic JavaScript knowledge could easily install a JavaScript-based keylogger if you leave your browser unlocked. The only way to make sure people cannot manipulate your use of Oplop once loaded in the browser is to keep your computer locked when you are not physically at it.password has their master password exposed. Someone attacking the Chrome extension ...... creates a web page knowing you are using the extensionGoogle Chrome's security model for extensions allows Oplop to never expose the nickname or master password to the web page that is being viewed; everything entered into Oplop stays in Oplop. The best an attacker could do is put in extra password fields so as to force you to copy your account password manually. ... has physical access to your browserSee above. |
► Sign in to add a comment