password storage and attacking in php

Download Password Storage and Attacking in PHP

Post on 01-Sep-2014

7.798 views

Category:

Documents

0 download

Embed Size (px)

DESCRIPTION

These slides are from a talk that I did at PHP Benelux 2013 ( http://conference.phpbenelux.eu/2013/ ). In this talk, I go over the progression of password storage techniques, and weaknesses of each method. Eventually, we build up to the final secure implementations, and the current methods used to attack them.

TRANSCRIPT

  • Password Storage (And Attacking) In PHP Anthony Ferrara
  • Github URLFollow Along:github.com/ircmaxell/password-bad-web-appA "Bad Web App"- Has Known Vulnerabilities- Only Use For Education!!!- Requires only Apache + PHP- Has Composer Dependencies
  • Lets StartFrom TheBeginning
  • Plain-Text Storage git checkout plaintextStores passwords in Plain-TextWhats wrong with this picture?
  • Plain-Text StorageWhat happens if we have a SQL-InjectionVulnerability?localhost/sqliSimulates:?offset=0+UNION+SELECT+*+FROM+users
  • Plain-Text StorageProblem!Any attack vector results in leakage of ALLcredentials!
  • We Can Do Better
  • MD5 git checkout md5Uses the MD5 Cryptographic Hash function.md5($password)hash(md5, $password)
  • Wait,What Is A Hash?
  • Whats A Cryptographic Hash?Like a fingerprint.One-way.- Easy and efficient to compute- Very inefficient to reverse - (Practically impossible)- Very hard to create collision - (new input with same output)
  • MD5Whats the problem now?SQL-Injection still gives us hashBut the hash is one-way, how can we attack it?
  • Enter:Lookup Tables
  • Lookup TableGoogle is a great exampleMaps hash to password directlyDatabase Table:hash | password--------------+-----------"5f4dcc3b..." | "password""acbd18db..." | "foo"
  • Lookup TableLookups are CPU efficient.Require a LOT of storage space- (Very space inefficient)All passwords