# Horcrux: A Password Manager for Paranoids

**Authors:** Hannah Li, David Evans

arXiv: 1706.05085 · 2017-10-11

## TL;DR

Horcrux is a decentralized, privacy-preserving password manager that minimizes trust and attack surfaces by splitting components, secret-sharing credentials, and using cuckoo hashing to protect against offline attacks, while maintaining usability.

## Contribution

The paper introduces Horcrux, a novel password manager design that decentralizes trust, isolates sensitive code, and employs cuckoo hashing for enhanced privacy and security.

## Key findings

- Compatible with over 98% of tested login forms
- Effectively isolates sensitive components for security
- Uses secret sharing to avoid centralized credential storage

## Abstract

Vulnerabilities in password managers are unremitting because current designs provide large attack surfaces, both at the client and server. We describe and evaluate Horcrux, a password manager that is designed holistically to minimize and decentralize trust, while retaining the usability of a traditional password manager. The prototype Horcrux client, implemented as a Firefox add-on, is split into two components, with code that has access to the user's master's password and any key material isolated into a small auditable component, separate from the complexity of managing the user interface. Instead of exposing actual credentials to the DOM, a dummy username and password are autofilled by the untrusted component. The trusted component intercepts and modifies POST requests before they are encrypted and sent over the network. To avoid trusting a centralized store, stored credentials are secret-shared over multiple servers. To provide domain and username privacy, while maintaining resilience to off-line attacks on a compromised password store, we incorporate cuckoo hashing in a way that ensures an attacker cannot determine if a guessed master password is correct. Our approach only works for websites that do not manipulate entered credentials in the browser client, so we conducted a large-scale experiment that found the technique appears to be compatible with over 98% of tested login forms.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1706.05085/full.md

## Figures

1 figure with captions in the complete paper: https://tomesphere.com/paper/1706.05085/full.md

---
Source: https://tomesphere.com/paper/1706.05085