[00:00.000 --> 00:28.120]  I just wanted to say thank you to the FOSDEM for inviting us again this year and maybe
[00:28.120 --> 00:32.000]  we can acknowledge the fact that it's been two years without FOSDEM in real life and
[00:32.000 --> 00:35.760]  it's really nice to see you and thanks a lot for the volunteers and the organizer of the
[00:35.760 --> 00:40.480]  founders of the FOSDEM. Maybe we can give them a quick round of applause because they
[00:40.480 --> 00:48.840]  are doing amazing job. Thank you guys. So this is the original PassBolt team in 2017
[00:48.840 --> 00:54.440]  when we just after the first launch of PassBolt and the team have grown quite a bit since
[00:54.440 --> 01:03.040]  and it's nice to see you all. So who's using a password manager in the room? Wow, amazing.
[01:03.040 --> 01:15.880]  Who's using KeyPass? Quite a bit and Voltwarden, Bitwarden? Ah, nobody's perfect. PassBolt?
[01:15.880 --> 01:23.240]  I'm glad to see the PassBolt developers raising their hands. So you're like, okay wait another
[01:23.240 --> 01:29.040]  password manager or is PassBolt different from, well to assess the difference we will
[01:29.040 --> 01:33.040]  start first with the security. I will tell you a little bit what are the difference in
[01:33.040 --> 01:39.640]  terms of security between PassBolt and other more classic PassBolt managers. So one of
[01:39.640 --> 01:45.560]  the main aspect of PassBolt is it is based on OpenPGP. So it's based on public key cryptography.
[01:45.560 --> 01:51.040]  Who knows a little bit about OpenPGP? Okay, quite a bit. So I don't need to explain so
[01:51.040 --> 02:00.200]  much but traditional password manager use master password, the master key that is generated
[02:00.200 --> 02:07.040]  from the user password and then you have a derivation. They use a key derivation function
[02:07.040 --> 02:13.320]  so Argon2 or something less strong. So for example, KeyPass use Argon2 and last pass
[02:13.320 --> 02:22.120]  use PBKDF2 and I think Bitwarden, Voltwarden are going to support Argon2 very soon. But
[02:22.120 --> 02:28.320]  historically these algorithms they depend on the amount of rounds that you do especially
[02:28.320 --> 02:35.880]  the PBKDF2. They depend on the number of rounds that you do on the user password and if the
[02:35.880 --> 02:41.120]  user password is weak also the encryption strength is affected. So when you use a private
[02:41.120 --> 02:47.520]  key that is truly random like in PassBolt and some other password managers like OnePassword
[02:47.520 --> 02:56.880]  is doing that as well. They pad with a random private key the user password. You have some
[02:56.880 --> 03:02.480]  interesting security property on top. So it's a little bit stronger because it's not depending
[03:02.480 --> 03:10.120]  on the user password strength and you also have thanks to the OpenPGP being interoperable
[03:10.120 --> 03:14.560]  standards you have the ability to choose which algorithm do you want to use. So for example
[03:14.560 --> 03:22.240]  you could choose the size of the RSA key that you are using or you could opt for elliptical
[03:22.240 --> 03:29.920]  curve cryptography, newer algorithm that are part of the almost part of the OpenPGP standard
[03:29.920 --> 03:35.760]  and reduce the size of the messages so you can play a little bit with the algorithm depending
[03:35.760 --> 03:40.760]  on your requirements. So the way it works in PassBolt is we encrypt every secret which
[03:40.760 --> 03:52.680]  is at this baseline JSON component. We encrypt it once per users so it means that for example
[03:52.680 --> 03:59.120]  when you want to revoke the access of somebody for example this person leave the organization
[03:59.120 --> 04:04.640]  and you want to make sure that their access is completely revoked we just have to delete
[04:04.640 --> 04:10.600]  the entry for that particular user. How it works with other password manager and it depends
[04:10.600 --> 04:16.720]  but some of them what they do is that they create what they call a vault or a collection
[04:16.720 --> 04:26.080]  and they encrypt a bit like in OpenPGP a session key with the public key of the users so when
[04:26.080 --> 04:31.960]  the user leave they are not able to actually revoke the access so if the user for example
[04:31.960 --> 04:38.600]  manage to get a copy of the session key they can still access later the archive even though
[04:38.600 --> 04:47.440]  they don't have the logical rights. So having a private key is not that great when it comes
[04:47.440 --> 04:53.360]  to usability because you need to transfer that key to other devices so it makes the interaction
[04:53.360 --> 04:59.560]  with the system a little bit more complicated so for example when you use a mobile phone
[04:59.560 --> 05:03.560]  to transfer from your browser to the mobile phone we will have a succession of QR codes
[05:03.560 --> 05:08.400]  to make sure that we are not sending the key server side and all that so it makes the interactions
[05:08.400 --> 05:15.000]  a little bit more complicated than just the user typing their passwords. The advantage
[05:15.000 --> 05:22.480]  of having public key cryptography available is that we can also change the authentication
[05:22.480 --> 05:29.920]  system so we have a challenge based authentication system where the user needs to encrypt for
[05:29.920 --> 05:37.920]  the server random generated token the server will verify the signature and will send back
[05:37.920 --> 05:45.040]  that token and at the same time encrypt with the user public public key another random
[05:45.040 --> 05:52.680]  token that will be used by the user to authenticate later so it's in practice much stronger than
[05:52.680 --> 05:58.280]  just sending for example the password or hash version of the password because each authentication
[05:58.280 --> 06:05.720]  attempt is unique and you also have the advantages of checking the authority of the server at
[06:05.720 --> 06:12.640]  the same time so it's not prone to credential stuffings so you cannot for example try multiple
[06:12.640 --> 06:17.000]  passwords and try to authenticate with that you need to prove that you have the possession
[06:17.000 --> 06:25.760]  of the private key twice. Another big difference with the other password managers especially
[06:25.760 --> 06:33.480]  the ones that are online is that we force the usage of a browser extension so these
[06:33.480 --> 06:40.120]  have the advantages of if the server is compromised an attacker cannot modify the JavaScript that
[06:40.120 --> 06:45.840]  is running the application they cannot for example write a customization that take the
[06:45.840 --> 06:51.640]  passphrase and set it somewhere else so if the server is compromised they cannot change
[06:51.640 --> 06:57.160]  the code of the application that is run on the client one of the advantage of this is
[06:57.160 --> 07:03.400]  that you can also roll out update automatically so for example if you're using passwords in
[07:03.400 --> 07:10.800]  your organization if there is a flow in the client you will get automatically the updates
[07:10.800 --> 07:17.760]  you don't need to update your server to get a fix on the client so these have the disadvantage
[07:17.760 --> 07:22.520]  that you need to trust us with the update at least you need to trust the web store or
[07:22.520 --> 07:29.800]  you need to basically set up the web store yourself and also it's not specific to pass
[07:29.800 --> 07:36.600]  bolt but when you run a browser extension typically the website can find out if you
[07:36.600 --> 07:42.440]  have this extension installed or not or at least find out if you have an extension installed
[07:42.440 --> 07:47.240]  so one of the advantage of having a browser extension is you can do a form interaction
[07:47.240 --> 07:55.160]  so for example you can suggest things in a form or that sort of things so when you see
[07:55.160 --> 08:00.360]  the application of pass bolt when you visit a website it's actually not the website serving
[08:00.360 --> 08:08.560]  this application everything is in one iframe and the website that is serving you basically
[08:08.560 --> 08:13.960]  just a white page and the browser extension is injecting an iframe and the website cannot
[08:13.960 --> 08:21.800]  enter inside that iframe thanks to browser behaviors how they send box iframes of browser
[08:21.800 --> 08:27.040]  extension from because they consider this from the point of view of being on the different
[08:27.040 --> 08:33.400]  domain we have also anti-fishing mechanism available by default you've seen maybe with
[08:33.400 --> 08:38.800]  one password or between them there are campaigns going on at the moment where they try to trick
[08:38.800 --> 08:44.360]  the users to enter their passphrase in the case of pass bolt we have a mechanism built
[08:44.360 --> 08:54.000]  in by default so as you can see we are very transparent about the risk and the residual
[08:54.000 --> 08:59.800]  risk and the strengths of of pass bolt so we are 100% open source we are audited at
[08:59.800 --> 09:05.720]  least I think it was 10 times in 18 months and we have one audit going on right now and
[09:05.720 --> 09:12.320]  we have another audit at the end of February we work mostly with cure 53 we are based in
[09:12.320 --> 09:17.400]  Germany and they do a lot of auditing for password managers so every time we release
[09:17.400 --> 09:23.960]  a big feature they audit the changes of course you know it doesn't mean that it's perfect
[09:23.960 --> 09:28.400]  we are we are human so it's possible that there are some mistakes in the libraries that
[09:28.400 --> 09:32.760]  we use or you know in in what we are doing but at least we are trying to be transparent
[09:32.760 --> 09:39.520]  about what are the efforts that we make to report this vulnerability if any and fix them
[09:39.520 --> 09:46.360]  in a timely manner so open pgp is not perfect you have like all the algorithm that you don't
[09:46.360 --> 09:53.400]  want to run so we need to also make sure that we are not letting you use bad algorithm it's
[09:53.400 --> 10:01.120]  not quantum resistant we have still a lot of metadata that are not encrypted but we
[10:01.120 --> 10:06.480]  don't offer user key rotations so all these risks are explained to the end user of course
[10:06.480 --> 10:10.280]  not everybody can understand this but if you're an administrator running this then you have
[10:10.280 --> 10:15.840]  access to this information one thing I didn't mention is we are made in Luxembourg so you
[10:15.840 --> 10:20.880]  know if you're into digital the sovereignty might be interesting for you so okay security
[10:20.880 --> 10:28.440]  that was a two-third of the talk sorry but how does it look like so it's mostly a web
[10:28.440 --> 10:34.440]  application you can have it on most of the browsers except Safari we have a desktop app
[10:34.440 --> 10:42.160]  coming soon and Android and iOS native application one of the strengths of password is that you
[10:42.160 --> 10:49.120]  can assign permission in a granular fashion so since the secret is encrypted once per
[10:49.120 --> 10:57.000]  person per entry we are able to do interesting user experience when it comes to share so
[10:57.000 --> 11:02.400]  for example we can share with group we can assign rights to folders and we can instead
[11:02.400 --> 11:06.600]  of having rights at the collection level where you have everybody that have access
[11:06.600 --> 11:09.960]  to the collection that have the same right for all the entry in the connection we are
[11:09.960 --> 11:16.400]  able to do things a little bit more fine grained since you are all developers might interest
[11:16.400 --> 11:21.160]  you as well that if you have curl and GPG on the system you can pretty much interact
[11:21.160 --> 11:26.680]  with password because it doesn't require any fancy technology to be able to retrieve the
[11:26.680 --> 11:34.120]  secret decrypted or even basically push an update so you can do some interesting things
[11:34.120 --> 11:40.440]  for example if you want to inject you know secrets in your pipelines or you know even
[11:40.440 --> 11:47.240]  build something with Ansible you can you can integrate with password quite easily so as
[11:47.240 --> 11:53.720]  I mentioned before we also have the quick access which is interaction in the page that
[11:53.720 --> 12:01.800]  allows you and your user especially the non-advanced user to be prompted to use a password manager
[12:01.800 --> 12:08.000]  we have iOS and Android app there are native apps and you can use biometrics to liberate
[12:08.000 --> 12:12.240]  the passphrase so you don't have to type your passphrase all the time you can host
[12:12.240 --> 12:21.480]  it yourself there is no phoning home basically it works offline if you want and some of organization
[12:21.480 --> 12:26.360]  that are using passports are working in an air gap environment and it works fine we have
[12:26.360 --> 12:31.200]  basically packages for all distributions but you know we are trying to keep up with all
[12:31.200 --> 12:35.080]  the versions it's kind of complicated so we might not have precisely the version that
[12:35.080 --> 12:39.320]  you want but there is a good chance that you will find something that interests you and
[12:39.320 --> 12:44.240]  we have a one click install with AWS AMI and DigitalOcean if you are into that kind of
[12:44.240 --> 12:51.160]  things what's cooking for 2023 so we are doing mobile to mobile key transfer so we
[12:51.160 --> 12:56.000]  have desktop to mobile we want to do mobile to mobile and then mobile to desktop so basically
[12:56.000 --> 13:00.280]  people can start their journey on passports from any device and transfer their key easily
[13:00.280 --> 13:06.640]  but it's not completely there yet we want to allow administrators to enforce MFA even
[13:06.640 --> 13:11.960]  though you know there is the authentication in passports is quite strong still people
[13:11.960 --> 13:18.240]  want to tick that MFA box and we want to give them the tools to do that we will support
[13:18.240 --> 13:25.360]  Pasky's web botan for 2FA as well there is a new help site some more great configuration
[13:25.360 --> 13:31.800]  stuff coming user self registration desktop app and then later on we are going to work
[13:31.800 --> 13:37.360]  on password expiry manifest v3 it's the new format is pushed by Google for browser extension
[13:37.360 --> 13:43.400]  it brings zero value for the end user but you know Google say we have to do it so and
[13:43.400 --> 13:47.920]  then custom fields and more content types and the ability to choose what is encrypted
[13:47.920 --> 13:52.280]  or not so that you know maybe your organization wants to search on certain fields some other
[13:52.280 --> 13:56.960]  organization wants to have it encrypted so we will give you flexibility to create your
[13:56.960 --> 14:03.000]  own custom types and define what is searchable what is not so add a lot of slides on how
[14:03.000 --> 14:07.960]  it's made of obviously a lot of time but if you are interested and you want to have a
[14:07.960 --> 14:17.600]  chat with us on how it's made we will be at the bar behind at 6 o'clock and we will be
[14:17.600 --> 14:22.480]  giving out some swag so we have like a little fortune wheel that you can spin and other
[14:22.480 --> 14:40.960]  that you can even win a car okay that's all for me thanks a lot
[14:40.960 --> 15:06.280]  any questions for Remy we have like 42 seconds
[15:06.280 --> 15:12.800]  asking if it would be possible to have like one one key per device instead of having one
[15:12.800 --> 15:19.200]  key for to rule them all and we've talked about this and it's it's interesting idea but that
[15:19.200 --> 15:23.560]  would mean like a breaking change and so it would yeah but that's an interesting idea
[15:23.560 --> 15:28.640]  and like as I mentioned there is no key revocation at the moment but this is also something that
[15:28.640 --> 15:34.760]  we want to do to allow people to rotate their keys and that sort of things but yeah thank
[15:34.760 --> 15:36.440]  you Remy thank you very much