Busting Password Managers: Encrypting Passwords on the Client

By Tim MalcomVetter, Paul Wowk ·

This is a continuation of our series on Busting Password Managers. Check out the first post here.

Hypothesis: If passwords are encrypted (e.g. AES) on the client in JavaScript, then browsers will not save passwords.

The Technique: Normally, it is ill advised to implement encryption or other security controls in JavaScript since the source code is completely readable by every client. However, in this case, it’s not so much about keeping users secure as it is about outsmarting the password manager in their browser. We once again built a proof of concept based on the default Visual Studio 2013 ASP.NET MVC C# project. The source code for this test can be downloaded from https://github.com/pvwowkfn/AutoCompleteBlog/tree/AesPassword.

The first step is to add Google’s CryptoJS library to our project. We chose to download the minified JS file into our project rather than reference the version on Google’s servers. Second, we added our own JS file that we called EncryptPassword.js.

Then we referenced these JS files in the Login, Register, _ChangePasswordPartial and _SetPasswordPartial views, connecting each form submit event to our custom EncryptPasswords() JS function.

Next, we added our own AesHelper class with some static methods to abstract that logic away from the controllers.

And finally, in the AccountController.cs controller methods, we linked in the decryption of the passwords out of the models passed into them.

While this technique does not prevent a browser’s password manager from caching a password, it does prevent it from caching a plaintext password. If the keys were randomly generated to be unique for each page request (similar to a nonce), then any cached passwords would be of very little value. In this example, our user “mick” has the encrypted version of his password cached in Chrome, as represented by the yellow username and password text fields. But simply submitting would result in a failed (re-encrypted) login attempt.

Internet Explorer version 11 and Firefox did not even ask to remember the password. The other browsers offered to remember the passwords, but they could only cache the encrypted version, which would be unusable in a replay attack as long as the encryption is implemented properly.

Successfully works on:

Yes

Somewhat *

Yes

Somewhat *

Somewhat *

* Browser caches the unusably encrypted password.

Previous Articles