auth for encrypted services with server side apt steve “sc00bz” thomas
TRANSCRIPT
Auth for Encrypted Services with Server Side APT
Steve “Sc00bz” Thomas
Who is This Talk For?
Where are the Keys?
• “Brain wallet”• “Key file”• “Key service”
Pre-Authentication
• Run the PW-KDF once
• Generate two keys– Authentication key– Encryption key
• Caveat– PBKDF2
Crypho (Fixed)
• Send 6 digit 2FA
• Receive password encrypted private key
ProtonMail
• Two passwords– Authentication sent to the server as is– Decrypt PGP key
• Most users will use the same password
Mega
• KDF is “Do stupid shit with AES 65536 times”• Auth key is encrypt email 16384 times with
password key
Nigori (Google Sync)
Crypton
PAKE
• Password Authenticated Key Exchange– Diffie-Hellman– Eve and Mallory proof
Client-Server
ClientauthKey || pwKey = PW-KDF(...)sKey = PAKE(authKey)
encMK = decrypt(sKey, packet)MK = decrypt(pwKey, encMK)
Server
sKey = PAKE(serverData)packet = encrypt(sKey, encMK)
authKey Used for authenticationpwKey Decrypts the encrypted master keysKey Session encryption keyencMK The encrypted master keyMK The master key
Server-HSM
Server
encData = DB.find(user)
HSM
encMK, serverData = decrypt(hsmKey, encData)
sKey = PAKE(serverData)
packet = encrypt(sKey, encMK)
hsmKey Encryption key stored on the HSMsKey Session encryption keyencMK The encrypted master key
Server-HSM
Server
encData = DB.find(user)
Encrypt packets with sKey2
HSM
encMK, serverData = decrypt(hsmKey, encData)
sKey = PAKE(serverData)
packet = encrypt(sKey, encMK)
sKey2 = KDF(sKey)
hsmKey Encryption key stored on the HSMsKey Session encryption keysKey2 Server-client session keyencMK The encrypted master key
Change Password
fall2014
winter14
spring15
summer15
New User
I Can Has 2FA?
I Can Has 2FA
• Time based• Challenge response• No counters
U2F
• Tracking• Poor multi token
support• 10 second window• User presents
U2F
• BUT it’s the best we got
TeensyGap
TeensyGap-ed Raspberry Pi
Questions?
• Twitter: @Sc00bzT• GitHub: Sc00bz• Site: tobtu.com