1 / 20

Secure Password Storage

Secure Password Storage. Raspberry Pi Powered NTP Server. Joshua Small https://github.com/technion/lhnskey - Root password generator for CVE-2013-2352. https:// lolware.net/cw.html – Connectwise Password “Encryption” Broken jsmall@lolware.net

yan
Télécharger la présentation

Secure Password Storage

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Password Storage Raspberry Pi Powered NTP Server Joshua Small https://github.com/technion/lhnskey - Root password generator for CVE-2013-2352. https://lolware.net/cw.html – Connectwise Password “Encryption” Broken jsmall@lolware.net DJB’s crypto snake oil competition submission: http://snakeoil.cr.yp.to/submissions.html

  2. Typical Web Sign Up Form

  3. The Problem

  4. Typical User shinycatz.com Email: john@hotmail.com Password: secret User: Oh all they can do is produce fake cats in my name! Mybank.com Email: john@hotmail.com Password: supersecret Unique password – good boy John! shinycatz.com Compromise Attacked notices: “secret” is the password for John’s hotmail User: All he can do is read my email! Hotmail inbox: Welcome to mybank.com Mybank.com: Forgot your password? Click here and we’ll email you a new one

  5. Typical Vendor

  6. Terrible Solution function encryptpass($password) { $key = “omgakey”; Return base64_encode( mcrypt_encrypt( MCRYPT_RIJNDAEL_256, $key, $password, … Function decryptpass($secret) { $key = “omgakey”; …

  7. Comically terrible solution

  8. User Solutions • Lastpass and similar apps • Unique passwords everywhere! • Uptake from users: very low

  9. Hash Algorithms! • MD5: Officially Broken! Do not want! • SHA1: Published 1995, theoretical attack: 2^61 • SHA256: Brute force at 2^128 • This would make SHA256 completely secure for our purposes, for completely random input • But passwords are not random

  10. Key space • One byte stores eight bit of data • But only 96 ASCII characters are printable • That leaves roughly 6.5 bits of entropy per byte • Average password is 6 characters long • That’s only 39 bits of brute force - feasible

  11. Improvements • Stretching: Literally “perform the hash x times” • Salt: incorporate a random string. This prevents “rainbow tables”, ie a big database of precomputed hash values

  12. SHA512crypt • Literally applies the principles of “stretching” and “salting” to SHA512 • Default in several current Linux distributions for passwords in /etc/shadow

  13. Bitcoin • Uses the SHA algorithm • CPU: Core i7 820: 13.8Mhash/s • GPU: GTX295: 120.70Mhash/s • ASIC: Antminer S1: 180,000Mhash/s Source: https://en.bitcoin.it/wiki/Mining_hardware_comparison

  14. Scrypt • Developed by Colin Percival, presented May 2009 • Designed to offer significantly lower advantages to GPU and ASIC devices • Uses a hard to optimise hash function • Is not only computationally hard- but memory hard • Original paper: http://www.tarsnap.com/scrypt/scrypt.pdf • Used in Dogecoin • Dogecoin ASICS pushing 70KHash/s a big deal! • Increasing difficulty doesn’t just slow things down, it can break those ASICS by exceeding their memory

  15. Very short algorithm summary Source: https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-00

  16. Problem: Accessibility • Use in applications: Reference app • Implementation function: • Produces a binary string as output

  17. Introducing libscrypt • Simpler API: • Produces one string containing salt, difficulty operators and hash altogether • Output is already BASE64 encoded, ready for storage • Simple checking function

  18. Accessibility: Platform support • Fedora RPM • Debian (and derivatives) package • FreeBSD ports • OpenBSD ports • Homebrew (OS X) • Tested on ARM (Raspbian) • Tested on IBM s390 for some reason

  19. Difficulties • Potential DoS opportunity • Rate limit • Proof of work • Captcha

  20. Future Improvements • HSM • Polypasshash • Questions?

More Related