Presentation is loading. Please wait.

Presentation is loading. Please wait.

I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.

Published byHortense Carson Modified over 9 years ago

Similar presentations

Presentation on theme: "I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014."— Presentation transcript:

1 I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014

2 I NTRODUCTION Why did I choose this project? Design of original project How my project turned into what it is now Two-way Symmetric Encryption Key Generation and Storage Salting How does a hashing algorithm work: SHA-256 Why is SHA-256 widely used Demonstration Conclusion Questions

3 “Hardly a week goes by without a major password breach at one website or another—in one week, nearly 500,000 Yahoo passwords were exposed, Formspring's server hack gave up nearly as many passwords, and Nvidia's developer zone was breached. And that's just some of the hacks we heard about...” Neil J. Rubenking (pcmag)

4 O RIGINAL P ROJECT Password Management Application Desktop Application Use a password to log in (a username was not required) A central place to store all of your usernames and passwords “a place to keep all of your keys” Why was this useful? Emphasis on security caused me to keep forgetting passwords. Tired of resetting password and calling customer service

5 R EQUIREMENTS 100% reliable Should be able to open the program and retrieve information whenever needed. Completely Secure Trust is a reoccurring theme when it comes to password management applications. How does one safely store passwords? Incorrect and Correct Techniques Creating a safe environment for your information

6 W HAT IS CRYPTOGRAPHY ? Secret writing The computerized encoding and decoding of information Symmetric-key cryptography Hashing

7 C OMPROMISED D ATABASES “Hardly a week goes by without a major password breach at one website or another—in one week, nearly 500,000 Yahoo passwords were exposed…” Focal point of my project Everything should be encrypted in the database Which algorithms can encrypt and decrypt information? Information needed to be encrypted, but returned to plaintext

8 A DVANCED E NCRYPTION S TANDARD (AES) Two-way symmetric encryption algorithm.

9 W HAT IS THE KEY USED FOR ? A key is a string that is used to shift each letter by a number of places or something much more complicated. Operations: XOR, bit shifts, etc.

10 K EY D ERIVATION Key must be a certain length 128, 192, 256 bits Bigger the key means more key rounds. 10, 12, 14 Key rounds refer to repetitions of AES operations (shift rows, mix columns, add round key) If you use a password as a key you must take some precautionary steps Passwords tend to be weak Key should be hashed first using sha 256 Ciphered using AES with a randomly generated Key. (Key used should be stored) Ensure “randomness” Hashed again using sha 256. Key size Prevent from Dictionary Attacks

11 K EY D ERIVATION C ONTINUED … Plenty of Libraries for creating secret keys Java’s SecretKeyFactory SecretKey

12 S TORING THE K EY Key must be stored in order to encrypt and decrypt data. Problem that’s been around for years

13 S TORING K EY IN D ATABASE Common Solution Risky

14 S TORING K EY IN S EPARATE F ILE Common Solution Risky Anything done in code can be undone. Humans are predictable Split the key. Change file permissions.

15 S TORE K EY ON E XTERNAL S TORAGE D EVICE Key is stored on USB or External Hard Drive Attack must be executed locally or attacker must try every possible key to see if your database decrypts (brute force) Requires user to provide key at start up. Unreasonable. USB is lost or damaged My favorite solution

16 D O NOT STORE THE KEY AT ALL Most interesting Relies on password strength When the user attempts to log in, take the user’s password, do the hash  cipher  hash steps, see if it decrypts the database

17 H ASHING Irreversible function. Used to mainly store passwords How to log in Hash the password given by the user Check to see if the hash given by the user equals the hash stored in the database. Do they match? Must be cautious when hashing Susceptible to Look-up tables Brute-force and dictionary attacks

18 T YPES OF ATTACKS Look-up table Brute Force and Dictionary Attacks

19 L OOK UP TABLES Pre-computed table for reversing hash functions. Takes the hashes of commonly used passwords and matches them to the hashes stored in the database Hash matching game Used to crack multiple passwords at a time Work because each password is hashed the exact same way. Hash of “dog” will result in the same hash every time. As long as you are using the same algorithm. Hash of “dog” using md5 != hash of “dog” using SHA

20 H OW TO DEFEND YOUR HASH… Look Up tables Salt the Master Password using Cryptographically Secure Pseudo-Random Number Generator hash(“password" + “RxFLuENMsoeD") = 9c22122442a125612s62310219e025218129210 USING SHA-256 Avoids collision This is done N amount of times The salt and hash are stored in the database Works because it takes a lot of time to rework a table.

21 E XAMPLE

22 S ALTING THE C ORRECT W AY do not do this Hash( hash( hash( password+salt ) ) ) Hashing the same value does not increase security Hash( hash( password ) + hash( salt ) ) These are argued by others Access to source code Use a Cryptographically Secure Pseudo Random Number Generator (CSPRNG) A Random Number Generator was not made to be used for cryptography. Use a large enough CSPRNG

23 P IGEON H OLE P RINCIPLE If there are more balls than boxes, then some box must contain more than one wall.

24 S ALT S IZE Do not want to reuse salts Chances of collision become non-negligible at 2^n/2 salts Byte[] salt = new Byte[8] 8 bytes * 8 bits per byte = 64 2^64 possible salts It is better to be safer than sorry Use a 16 byte array 2^128 possible salts.

25 T HERE ARE OTHER METHODS TO HASH COLLISION Concatenating the salt with other variables User name, session id, curser location, etc…

26 B RUTE F ORCE AND D ICTIONARY A TTACKS Brute Force Try every possible combination to a fixed length. Dictionary Attack Can be used to crack individual passwords. List of words (dictionary) or commonly used passwords.

27 S LOWING B RUTE F ORCE A TTACKS SHA-256 is designed to be fast Can’t use wait statements PBKDF2 Has multiple parameters Value that will be hashed Salt Work factor Has tons of algorithms that it can be used with SHA-256 SHA-1 AES BlowFish Etc.

28 N ONE OF THIS REALLY MATTERS IF Law #5: None of this matters if it’s a weak password. Technet.microsoft.com

29 P ASSWORD L ENGTH Suppose there are 95 ASCII characters Lower Case Letters = 26 Upper Case Letters = 26 Digits = 10 Special Characters = 33 TOTAL = 95

30 H OW DOES HASHING WORK ?

31 I NTRODUCTION Review the hash function SHA-256 Goal: understand how SHA-256 computes it’s hash. Why have I decided to focus on Sha-256 algorithms? Battle tested Considered to be some of the “safest” algorithms Bitcoin is based around SHA-256. The way the algorithm is implemented using MessageDigest left a lot of unknowns. Was under the impression that I would need to code the algorithm.

32 M ORE INTRO Named after it’s digest length. Will not focus on SHA-1 because it has been “broken” Would rather focus on today’s standard rather than the past. SHA-384 and SHA-512 because they are essentially the same. Why go over the code? I believe it is necessary to understand the code of an algorithm in order to comprehend how hashing works.

33 W HAT IS A HASH ? Hash function takes a string of any length, and generates fixed-length output data. It is not reversible. Because a lot of data is discarded during the hash process. If you have lost information about the original input, then it is nearly impossible to reverse the hash.

34 W HAT MAKES A GOOD HASH ? Same input will always lead to the same output. Avoids collision attacks What is a collision attack? Find two input strings that produce the same hash. “abc” “aiieagnea;[sagjeiao;iaeohgao;ejagea” Hash functions can have infinite input length, but a fixed output. Sha 256 is more safe from collision attacks than other algorithms. MD5 = 128 byte output, 64 bits of security SHA-1 = 160 byte output, 80 bits of security. SHA 256 = 256 byte output, 128 bits of security

35 H OW DOES IT WORK ? Padding aka Preprocessing Block decomposition Hash Algorithm

36 P REPROCESSING Message (M) is l bits long. Append message with a 1 Followed by n zero bits. N is smallest, non-negative solution to the equation. L + 1 + n = 448 mod 512 This leaves enough room to append what we have so far with a 64-bit block that equals our message represented in binary. Message = “abc” 24 + 1 + N = 448  N = 423 zero bits

37 N OTATION Algorithm uses AND, XOR, OR, Circular Right Shift, and Logical Right Shifts in order to compute the hash.

38 AND J AVA SYMBOL : & pqp AND q 111 100 010 000 Produces 1 if both p and q are 1’s.

39 ORJ AVA SYMBOL : | pqp OR q 111 101 011 000 Produces 1 if p or q are 1

40 XORJ AVA : ^ pqp XOR q 110 101 011 000 Produces 1 if p or q is 1, but not both.

41 C IRCULAR S HIFT R IGHT S H R( VARIABLE, NUMBER ) >> signed right shift

42 L OGICAL R IGHT S HIFT R OT R( VARIABLE, NUMBER ) >>> unsigned right shift

43 E QUATIONS

44 W HERE IT STARTS TO GET COMPLICATED. Generally H 1 – H 8 are set to the first 32 bits of the fractional parts of the square roots of the first eight primes.

45 E XAMPLE Square root of 2 = 1.414213562373095048801 Fractional part = 0.41421356237309504. Hexadecimal = 6A09E667.

46 W HERE DOES OUR PASSWORD COME INTO PLAY ? Or original password was padded to 512 bits. Which is 16, 32 bit components. A 64 component array is created we will refer to as W W 0 – W 15 are initialized to our padded password. The rest (W 16 – W 63 ) are set to a value determined by this function J is just the counter in a for loop.

47 A LGORITHM C OMPUTATION ( EXECUTED 64 TIMES )

48 A – H are initialized with H 1 – H 8

49 L AST S TEP Take your original and H 1 – H 8 add a – h to them.

50 D EMONSTRATION

51 I SSUES WITH R ESEARCH Putting together a puzzle Some things are difficult to find answers to.

52 C ONCLUSION There are a lot of factors when it comes to storing information Encrypt your database Spend some time on creating a random secure key Salt your hashes Slow down your hashing algorithm Nothing matters if you are hashing a weak password Sha-256 is an interesting algorithm

53 QUESTIONS?

54 S OURCES Algorithm http://csrc.nist.gov/groups/STM/cavp/documents/shs/sha256 -384-512.pdf http://csrc.nist.gov/groups/STM/cavp/documents/shs/sha256 -384-512.pdf http://www-ma2.upc.es/~cripto/Q2-06- 07/SHA256english.pdf http://www-ma2.upc.es/~cripto/Q2-06- 07/SHA256english.pdf Actual Implementation http://www.cs.mcgill.ca/~zcao7/mutls/release/llvm-gcc-4.2- 2.9.source/libjava/classpath/gnu/java/security/hash/Sha256. java http://www.cs.mcgill.ca/~zcao7/mutls/release/llvm-gcc-4.2- 2.9.source/libjava/classpath/gnu/java/security/hash/Sha256. java http://www.vipan.com/htdocs/bitwisehelp.html Various Information wikipedia.org/ http://www.makeuseof.com/tag/md5-hash-stuff-means- technology-explained/

55 M ORE S OURCES Various Information http://crypto.stackexchange.com/questions/8636/what-does-message- schedule-mean-in-sha-256 http://crypto.stackexchange.com/questions/8636/what-does-message- schedule-mean-in-sha-256 http://docs.oracle.com/javase/7/docs/api/java/security/MessageDigest.ht ml http://docs.oracle.com/javase/7/docs/api/java/security/MessageDigest.ht ml http://technet.microsoft.com/ Crackstation.net Stackexchange & stackoverflow keepass,.info/help/base/security.html Blog.agilebits.com Converting bytes to a string http://www.mkyong.com/java/how-do-convert-byte-array-to-string-in- java/ http://www.mkyong.com/java/how-do-convert-byte-array-to-string-in- java/ Hash Calculator http://www.xorbin.com/tools/sha256-hash-calculator

Download ppt "I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014."

Similar presentations

By Wild King. Generally speaking, a rainbow table is a lookup table which is used to recover the plain-text password that derives from a hashing or cryptographic.

By Wild King. Generally speaking, a rainbow table is a lookup table which is used to recover the plain-text password that derives from a hashing or cryptographic.
Lecture 5: Cryptographic Hashes

Lecture 5: Cryptographic Hashes
Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.

Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Computer Science 101 Data Encryption And Computer Networks.

Computer Science 101 Data Encryption And Computer Networks.
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
251959084756578934940271832400483985714 292821262040320277771378360436620207075 955562640185258807844069182906412495150 821892985591491761845028084891200728449.

Section 3.8: More Modular Arithmetic and Public-Key Cryptography

Section 3.8: More Modular Arithmetic and Public-Key Cryptography
PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.

PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.

Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.

Similar presentations

Ads by Google