secure password storage joshua small https://github.com/technion/...

Download Secure Password Storage JOSHUA SMALL HTTPS://GITHUB.COM/TECHNION/ LHNSKEYHTTPS://GITHUB.COM/TECHNION/ LHNSKEY - ROOT PASSWORD GENERATOR FOR CVE-2013-2352

Post on 17-Dec-2015

220 views

Category:

Documents

4 download

Embed Size (px)

TRANSCRIPT

  • Slide 1
  • Secure Password Storage JOSHUA SMALL HTTPS://GITHUB.COM/TECHNION/ LHNSKEYHTTPS://GITHUB.COM/TECHNION/ LHNSKEY - ROOT PASSWORD GENERATOR FOR CVE-2013-2352. HTTPS://LOLWARE.NET/CW.HTMLHTTPS://LOLWARE.NET/CW.HTML CONNECTWISE PASSWORD ENCRYPTION BROKEN JSMALL@LOLWARE.NET DJBS CRYPTO SNAKE OIL COMPETITION SUBMISSION: HTTP://SNAKEOIL.CR.YP.TO/SUBMISSIO NS.HTML Raspberry Pi Powered NTP Server
  • Slide 2
  • Typical Web Sign Up Form
  • Slide 3
  • The Problem
  • Slide 4
  • Typical User shinycatz.com Compromise Attacked notices: secret is the password for Johns hotmail User: All he can do is read my email! Hotmail inbox: Welcome to mybank.com Mybank.com: Forgot your password? Click here and well email you a new one shinycatz.com Email: john@hotmail.comjohn@hotmail.com Password: secret User: Oh all they can do is produce fake cats in my name! Mybank.com Email: john@hotmail.comjohn@hotmail.com Password: supersecret Unique password good boy John!
  • Slide 5
  • Typical Vendor
  • Slide 6
  • Terrible Solution function encryptpass($password) { $key = omgakey; Return base64_encode( mcrypt_encrypt( MCRYPT_RIJNDAEL_256, $key, $password, Function decryptpass($secret) { $key = omgakey;
  • Slide 7
  • Comically terrible solution
  • Slide 8
  • User Solutions Lastpass and similar apps Unique passwords everywhere! Uptake from users: very low
  • Slide 9
  • Hash Algorithms! MD5: Officially Broken! Do not want! SHA1: Published 1995, theoretical attack: 2^61 SHA256: Brute force at 2^128 This would make SHA256 completely secure for our purposes, for completely random input But passwords are not random
  • Slide 10
  • Key space One byte stores eight bit of data But only 96 ASCII characters are printable That leaves roughly 6.5 bits of entropy per byte Average password is 6 characters long Thats only 39 bits of brute force - feasible
  • Slide 11
  • Improvements Stretching: Literally perform the hash x times Salt: incorporate a random string. This prevents rainbow tables, ie a big database of precomputed hash values
  • Slide 12
  • SHA512crypt Literally applies the principles of stretching and salting to SHA512 Default in several current Linux distributions for passwords in /etc/shadow
  • Slide 13
  • Bitcoin Uses the SHA algorithm CPU: Core i7 820: 13.8Mhash/s GPU: GTX295: 120.70Mhash/s ASIC: Antminer S1: 180,000Mhash/s Source: https://en.bitcoin.it/wiki/Mining_hardware_comparison
  • Slide 14
  • Scrypt Developed by Colin Percival, presented May 2009 Designed to offer significantly lower advantages to GPU and ASIC devices Uses a hard to optimise hash function Is not only computationally hard- but memory hard Original paper: http://www.tarsnap.com/scrypt/scrypt.pdf Used in Dogecoin Dogecoin ASICS pushing 70KHash/s a big deal! Increasing difficulty doesnt just slow things down, it can break those ASICS by exceeding their memory
  • Slide 15
  • Very short algorithm summary Source: https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-00
  • Slide 16
  • Problem: Accessibility Use in applications: Reference app Implementation function: Produces a binary string as output
  • Slide 17
  • Introducing libscrypt Simpler API: Produces one string containing salt, difficulty operators and hash altogether Output is already BASE64 encoded, ready for storage Simple checking function
  • Slide 18
  • Accessibility: Platform support Fedora RPM Debian (and derivatives) package FreeBSD ports OpenBSD ports Homebrew (OS X) Tested on ARM (Raspbian) Tested on IBM s390 for some reason
  • Slide 19
  • Difficulties Potential DoS opportunity Rate limit Proof of work Captcha
  • Slide 20
  • Future Improvements HSM Polypasshash Questions?

Recommended

View more >