Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Password Storage JOSHUA SMALL HTTPS://GITHUB.COM/TECHNION/ LHNSKEYHTTPS://GITHUB.COM/TECHNION/ LHNSKEY - ROOT PASSWORD GENERATOR FOR CVE-2013-2352.

Published byLesley Moody Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Password Storage JOSHUA SMALL HTTPS://GITHUB.COM/TECHNION/ LHNSKEYHTTPS://GITHUB.COM/TECHNION/ LHNSKEY - ROOT PASSWORD GENERATOR FOR CVE-2013-2352."— Presentation transcript:

1 Secure Password Storage JOSHUA SMALL HTTPS://GITHUB.COM/TECHNION/ LHNSKEYHTTPS://GITHUB.COM/TECHNION/ LHNSKEY - ROOT PASSWORD GENERATOR FOR CVE-2013-2352. HTTPS://LOLWARE.NET/CW.HTMLHTTPS://LOLWARE.NET/CW.HTML – CONNECTWISE PASSWORD “ENCRYPTION” BROKEN JSMALL@LOLWARE.NET DJB’S CRYPTO SNAKE OIL COMPETITION SUBMISSION: HTTP://SNAKEOIL.CR.YP.TO/SUBMISSIO NS.HTML Raspberry Pi Powered NTP Server

2 Typical Web Sign Up Form

3 The Problem

4 Typical User shinycatz.com Compromise Attacked notices: “secret” is the password for John’s hotmail User: All he can do is read my email! Hotmail inbox: Welcome to mybank.com Mybank.com: Forgot your password? Click here and we’ll email you a new one shinycatz.com Email: john@hotmail.comjohn@hotmail.com Password: secret User: Oh all they can do is produce fake cats in my name! Mybank.com Email: john@hotmail.comjohn@hotmail.com Password: supersecret Unique password – good boy John!

5 Typical Vendor

6 Terrible Solution function encryptpass($password) { $key = “omgakey”; Return base64_encode( mcrypt_encrypt( MCRYPT_RIJNDAEL_256, $key, $password, … Function decryptpass($secret) { $key = “omgakey”; …

7 Comically terrible solution

8 User Solutions  Lastpass and similar apps  Unique passwords everywhere!  Uptake from users: very low

9 Hash Algorithms!  MD5: Officially Broken! Do not want!  SHA1: Published 1995, theoretical attack: 2^61  SHA256: Brute force at 2^128  This would make SHA256 completely secure for our purposes, for completely random input  But passwords are not random

10 Key space  One byte stores eight bit of data  But only 96 ASCII characters are printable  That leaves roughly 6.5 bits of entropy per byte  Average password is 6 characters long  That’s only 39 bits of brute force - feasible

11 Improvements  Stretching: Literally “perform the hash x times”  Salt: incorporate a random string. This prevents “rainbow tables”, ie a big database of precomputed hash values

12 SHA512crypt  Literally applies the principles of “stretching” and “salting” to SHA512  Default in several current Linux distributions for passwords in /etc/shadow

13 Bitcoin  Uses the SHA algorithm  CPU: Core i7 820: 13.8Mhash/s  GPU: GTX295: 120.70Mhash/s  ASIC: Antminer S1: 180,000Mhash/s Source: https://en.bitcoin.it/wiki/Mining_hardware_comparison

14 Scrypt  Developed by Colin Percival, presented May 2009  Designed to offer significantly lower advantages to GPU and ASIC devices  Uses a hard to optimise hash function  Is not only computationally hard- but memory hard  Original paper: http://www.tarsnap.com/scrypt/scrypt.pdf  Used in Dogecoin  Dogecoin ASICS pushing 70KHash/s a big deal!  Increasing difficulty doesn’t just slow things down, it can break those ASICS by exceeding their memory

15 Very short algorithm summary Source: https://tools.ietf.org/html/draft-josefsson-scrypt-kdf-00

16 Problem: Accessibility  Use in applications: Reference app  Implementation function:  Produces a binary string as output

17 Introducing libscrypt  Simpler API:  Produces one string containing salt, difficulty operators and hash altogether  Output is already BASE64 encoded, ready for storage  Simple checking function

18 Accessibility: Platform support  Fedora RPM  Debian (and derivatives) package  FreeBSD ports  OpenBSD ports  Homebrew (OS X)  Tested on ARM (Raspbian)  Tested on IBM s390 for some reason

19 Difficulties  Potential DoS opportunity  Rate limit  Proof of work  Captcha

20 Future Improvements  HSM  Polypasshash  Questions?

Download ppt "Secure Password Storage JOSHUA SMALL HTTPS://GITHUB.COM/TECHNION/ LHNSKEYHTTPS://GITHUB.COM/TECHNION/ LHNSKEY - ROOT PASSWORD GENERATOR FOR CVE-2013-2352."

Similar presentations

Basic Computer Vocabulary

Basic Computer Vocabulary
Password Cracking With Rainbow Tables

Password Cracking With Rainbow Tables
Lecture 5: Cryptographic Hashes

Lecture 5: Cryptographic Hashes
White-Box Cryptography

White-Box Cryptography
Chapter 3.3 - User authorization & safety Maciej Mensfeld Presented by: Maciej Mensfeld User authorization & safety dev.mensfeld.pl.

Chapter User authorization & safety Maciej Mensfeld Presented by: Maciej Mensfeld User authorization & safety dev.mensfeld.pl.
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 15 Implementation Flaws Part 3: Randomness and Timing Issues.

© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 15 Implementation Flaws Part 3: Randomness and Timing Issues.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
1 Analysis of the Linux Random Number Generator Zvi Gutterman, Benny Pinkas, and Tzachy Reinman.

1 Analysis of the Linux Random Number Generator Zvi Gutterman, Benny Pinkas, and Tzachy Reinman.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Host-Based Intrusion Detection software TRIPWIRE & MD5.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Host-Based Intrusion Detection software TRIPWIRE & MD5.
What are Rainbow Tables? Passwords stored in computers are changed from their plain text form to an encrypted value. These values are called hashes, and.

What are Rainbow Tables? Passwords stored in computers are changed from their plain text form to an encrypted value. These values are called hashes, and.
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.

CRYPTOGRAPHY PROGRAMMING ON ANDROID Jinsheng Xu Associate Professor North Carolina A&T State University.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
Passwords Breaches, Storage, Attacks OWASP AppSec USA 2013.

Passwords Breaches, Storage, Attacks OWASP AppSec USA 2013.

Similar presentations

Ads by Google