Harden-Windows-Security icon indicating copy to clipboard operation
Harden-Windows-Security copied to clipboard
Published 2 weeks ago verified publisher icon HotCakeX

[Suggestion]: Securely sharing passwords plus more

Open thekimpc opened this issue 9 months ago • 4 comments

Are you sure the Security measure is not already implemented?

  • [x] Yes, I have checked and the Security measure I'm suggesting to be implemented is not duplicate. 🫡

Please explain your new Security measure suggestion

Multi-sign App Control policies and securely sharing passwords for App Control policies plus more

Could you add multi-password plus multi-signing App Control policies?

An even better solution is implementing Shamir's secret sharing? The password to the .pfx file could be shared to multiple persons in a high security environment or as a backup if the lead maintainer for some reason cannot provide the .pfx password. By for example sharing the password to three persons with a threshold of two, it would be sufficient with two persons to unlock the .pfx file while the third person stores a backup. "Two-Man Rule as Access Protection / M-of-N Threshold Scheme" is further explained here.

Shamir's secret sharing could also be used to share BitLocker passwords or recovery codes plus regular passwords of local, AD, MSA or Entra ID accounts.

thekimpc avatar Mar 14 '25 21:03 thekimpc

Hi, That's an interesting suggestion, could you please explain more about the scenario where you would use this feature? Because AppControl Manager currently uses Windows built-in security features to tie the created certificate to the user account that is currently logged on, so if this is for a multi-user device, each user will be able to access their own certificate without conflicting with other users.

Alternatively, you could store the password to the PFX file in a secure password manager where you store the rest of your important passwords. There are password managers for team uses that allow for multiple user accounts to access the passwords based on their roles and permissions.

HotCakeX avatar Mar 15 '25 15:03 HotCakeX

Hi, It's meant to reduce a single point of failure. The multi-user scenario, where each user controls their own Windows user account, is outside my suggestion.

If the admin account, the .cer and .pfx files plus the single password to the signed policies are compromised, then a third party may take control of the PC. With multi-pass the third party would need to take further steps to get the other remaining passwords. With "M-of-N Threshold Scheme" it can also serve as a backup if a person lost a password or for other reasons.

Shamir's secret sharing can provide more security than regular multi-pass.

"One benefit of Shamir’s Secret Sharing is that it allows for the distribution of a secret among multiple parties, so that no single party has access to the entire secret."

"Shamir’s Secret Sharing algorithm is flexible. Secret owners can add, edit, or remove shares whenever they’d like without messing with the original secret. You must meet the minimum threshold number of shares when reconstructing secrets—anything less, and the secret cannot be reconstructed. This protects your data from malicious attackers with limitless computational power."

thekimpc avatar Mar 15 '25 20:03 thekimpc

If you have any more questions, please ask them as quickly as possible. I'll be back, probably in a couple of months from today, so meanwhile please keep the suggestion open.

thekimpc avatar Mar 16 '25 11:03 thekimpc

@thekimpc Okay, in the meantime i'll read the articles you linked to and explore the options and possibilities available to implement your suggestions

HotCakeX avatar Mar 16 '25 13:03 HotCakeX