Tdesktop: Keep credentials with secure storages

Created on 14 Mar 2020 · 10Comments · Source: telegramdesktop/tdesktop

Telegram Desktop seems unprotected for hardware access

If someone has physical access to computer that person has also control over stored files. It is usual approach. But while credentials stored with filesystem intruder gets not only cached data but full access to Telegram account. Such person able to read new messages and also to pretend to be the legal user.

Possible solution

It is possible to keep security tokens in system security stores such as Credential Manager on Microsoft Windows, Keychain on Apple MacOS and e.g. keyring with libsecret on GNU/Linux systems. Such storags prevent decryption when user's system password have been changed from outside — its will ask for old password to unlock.

Source

bergentroll

👍2

Most helpful comment

@bergentroll I agree with you. I event sent Email to Telegram Security Team on 2019-01-09, but they ignored this issue:

xvitaly on 15 Mar 2020

👍2

All 10 comments

Credential Manager on Microsoft Windows

Google already use this to store DB encryption keys for Chrome Web browser, but every modern malware-stealers know how to retrieve them and then decrypt database.

Illusion of security. Windows has no mechanisms to prevent untrusted applications to read encrypted data.

If you want to encrypt your Telegram Desktop database, just set a strong local storage password in settings.

xvitaly on 14 Mar 2020

At least it increases cost of compromise. Passphrase is good solution, it seems more robust, but less convenient. Keyrings can prevent "casual" leakage as for me.

bergentroll on 14 Mar 2020

At least it increases cost of compromise.

No. Stealers will be updated to extract key from Windows Credential Manager. As I said, illusion of security.

xvitaly on 15 Mar 2020

Microsoft Windows is not the only one system, also untrusted software is a user's choice (or miss). Can storage password secure data while some keylogger is active? I don't think so. Any security is illusion more or less.

Let's say someone steals another's laptop. Passphrase can do the protective trick. And encrypted partition even better! Only one issue is most users ignores such methods due to additional efforts. I believe PGP mailing is not very popular due to the very similar reasons.

bergentroll on 15 Mar 2020

@bergentroll I agree with you. I event sent Email to Telegram Security Team on 2019-01-09, but they ignored this issue:

xvitaly on 15 Mar 2020

👍2

Hey there!

This issue will be automatically closed in 7 days if there would be no activity. We therefore assume that the user has lost interest or resolved the problem on their own.

Don't worry though; if this is an error, let us know with a comment and we'll be happy to reopen the issue.

Thanks!

stale[bot] on 24 Oct 2020

Generally, FDE is used to protect against physical access to the hardware. If you're concearned about someone stealing your laptop and accessing your stuff, you should use that. Actually, there's no reason not to use FDE.

In the case of Windows, some versions do not include this, as, apparently, fixing security holes is a "premium" feature.

Keyrings protect other users or malicious [non-root] processes accessing your secrets:

On GNU/Linux, libsecrets/keyring offers no soft of protection at all. It's merely a convenient centralised storage, that has no access restrictions. There is no plan to fix this, so, honestly, it's not worth any effort.
On macOS, AFAIK, it's pretty solid.
I've no experience of what it's like on windows.

WhyNotHugo on 27 Oct 2020

👍1

May I say FDE usually have a performance strike. libsecret at least keeps keys encrypted with user's password on disk. Also an unprivileged process unable to read memory of other processes, does not it?

bergentroll on 27 Oct 2020