Design weaknesses in major password managers enable vault attacks, researchers say

Can cloud-based password managers that claim “zero-knowledge encryption” keep users’ passwords safe even if their encrypted-vault servers are compromised? Researchers at ETH Zurich and Università della Svizzera italiana set out to answer that question, and the answer is (unfortunately) no. Attack paths against encrypted vaults Cloud-based password managers store users’s passwords in a password vault, which is created and encrypted by the user’s client software by using a cryptographic key derived from the user’s master … More →

The post Design weaknesses in major password managers enable vault attacks, researchers say appeared first on Help Net Security.