password (in)security
Post on 26-Aug-2014
5.102 Views
Preview:
DESCRIPTION
TRANSCRIPT
Password (in)securityHow to generate and store passwords
in a secure way
by Enrico “cerin0” Zimuel
About me Enrico “cerin0” Zimuel Developer since Texas Instruments TI99/4A Research programmer, Informatics institute of UvA (Amsterdam) Core team of the open source project Zend Framework Co-author of the books “Segreti, Spie Codici Cifrati”, “Come si fa a
usare la firma digitale”, “PHP Best Practices” Founder of the PHP User Group Torino http://www.zimuel.it
1998
Password
A password is a secret word or string of characters that is used for
authentication.
User perspective:
How to choose a “secure” password?
Developer perspective:
How to store a password in a secure way?
Password security
Basically every security systemis based on password.
When security fails...
linkedin.com
Hack: 6th June 2012 More than 6 million passwords
was compromisedSHA1 password
eharmony.com
Hack: 6th June 2012 More than 1.5 million passwords
was compromisedSHA1 password
last.fm
Hack: 7th June 2012? million passwords was
compromisedMD5 password
yahoo.com
Hack: 12th June 2012 443K passwords was compromised
SQL injection, password in plaintext!
How to choose a “robust” user's password
Some best practices:
● No personal information● A long pass phrase is better than a shorter random jumble of characters● At least 10 characters long● Don't use the same password for everything● Change your password from time to time
http://howsecureismypassword.net/
Developers
Force the user to generate robust password
How to store a password in a secure way?
Developers
Old school (deprecated)
Use hash algorithms likeMD5 or SHA1
New school (deprecated?)
Use hash algorithm + salt(a random string).
Using hash + salt
Prevent dictionary attacks? YES Prevent brute force attacks? NO
Brute forcing attacks
CPU power is growing (multi-core)GPU are rendering password security uselessUse a Cloud system (n-CPU)
Brute forcing with a GPU
Source: www.nvidia.com
GPU and CUDA
CUDA™ is a parallel computing platform and programming model invented by NVIDIA
Extreme GPU Bruteforcerusing NVIDIA GTS250 ~ $100
Source: http://www.insidepro.com/eng/egb.shtml
Algorithm Speed 8 chars 9 chars 10 chars
md5($pass) 426 million p/s 6 days 1 year 62 years
md5($pass.$salt) 170 million p/s 14 days 2 ½ years 156 years
sha1($pass) 85 million p/s 29 days 5 years 313 years
sha1($pass.$salt) 80 million p/s 31 days 5 years 332 years
Password of 62 characters (a-z, A-Z, 0-9)
IGHASHGPUATI HD 5970 ~ $700
Source: http://www.golubev.com/hashgpu.htm
Algorithm Speed 8 chars 9 chars 10 chars
md5($pass) 5600 million p/s 10 hours 27 days 4 ½ years
sha1($pass) 2300 million p/s 26 hours 68 days 11 ½ years
Password of 62 characters (a-z, A-Z, 0-9)
Whitepixel4 Dual HD 5970~ $2800
Source: http://blog.zorinaq.com/?e=42
Algorithm Speed 8 chars 9 chars 10 chars
md5($pass) 33 billion p/s 1 ½ hour 4 ½ days 294 days
Password of 62 characters (a-z, A-Z, 0-9)
Secure algorithms forpassword storing
● Hash + salt + stretching (i.e. PBKDF2)● bcrypt● scrypt
Hash + salt + stretching
● Stretching = iterate (hash + salt) n-times
key = ““for 1 to ntimes do key = hash(key + password + salt)
How to estimate thenumber of iterations?
● The number of iterations depends on the CPU speed, should take around 1 sec to be considered secure
● For instance, this PHP code:<?php
$key='';for ($i=0;$i<NUM_ITERATIONS;$i++) {
$key= hash('sha512',$key.$salt.$password);}
runs in 900 ms with NUM_ITERATIONS= 40'000 using an Intel Core 2 at 2.1Ghz
PBKDF2
● PBKDF2 (Password-Based Key Derivation Function 2) is a key derivation function that is part of RSA Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically PKCS #5 v2.0
● PBKDF2 applies a pseudorandom function, such as a cryptographic hash, cipher, or HMAC to the input password or passphrase along with a salt value and repeats the process many times to produce a derived key, which can then be used as a cryptographic key in subsequent operations
PBKDF2 in PHP
PBKDF2 in PHP (Zend Framework 2.0)
function calc($hash, $password, $salt, $iterations, $length) {$num = ceil($length / Hmac::getOutputSize($hash,
Hmac::OUTPUT_BINARY));$result = '';for ($block = 1; $block <= $num; $block++) {
$hmac = Hmac::compute($password, $hash, $salt . pack('N', $block), Hmac::OUTPUT_BINARY);
$mix = $hmac; for ($i = 1; $i < $iterations; $i++) { $hmac = Hmac::compute($password, $hash, $hmac,
Hmac::OUTPUT_BINARY); $mix ^= $hmac; } $result .= $mix;
}return substr($result, 0, $length);
}
bcrypt
● http://bcrypt.sourceforge.net/
● bcrypt uses Blowfish cipher + iterations to generate secure hash values
● bcrypt is secure against brute force or dictionary attacks because is slow, very slow (that means attacks need huge amount of time to be completed)
bcrypt parameters
● The algorithm needs a salt value and a work factor parameter (cost), which allows you to determine how expensive the bcrypt function will be
● The cost value depends on the CPU speed, check on your system! I suggest to set at least 1 second.
bcrypt in PHP
● bcrypt is implemented in PHP with the crypt() function:
$salt = substr(str_replace('+', '.', base64_encode($salt)), 0, 22); $hash = crypt($password,'$2a$'.$cost.'$'.$salt);
● For instance, $password= 'thisIsTheSecretPassword' and $salt= 'hsjYeg/bxn()%3jdhsGHq0' aHNqWWVnL2J4bigpJTNqZGhzR0hxMA==$a9c810e9c722af719adabcf50db8a0b4cd0d14e07eddbb43e5f47bde620a3c13
Green= salt, Red= encrypted password
scrypt
● http://www.tarsnap.com/scrypt.html
● scrypt is a sequential memory hard algorithm:● memory-hard functions require high memory● cannot be parallelized efficiently
● scrypt uses PBKDF2, HMAC-SHA256, Salsa 20/8 core
scrypt security
“From a test executed on modern (2009) hardware, if 5 seconds are spent computing a derived key, the cost of a hardware brute-force attack against scrypt is roughly 4000 times greater than the cost of a similar attack against bcrypt (to find the same password), and 20000 times greater than a similar attack against Pbkdf2." Colin Percival (the author of scrypt algorithm)
Conclusion
● As user:
Use only “robust” password (e.g. long pass phrase is better than a shorter random jumble of characters)Don't use the same password for different services
● As developer:
Don't use hash or hash+salt to store a password!Use hash+salt+stretching (PBKDF2), bcrypt or scrypt to store your passwords
References
● Colin Percival, Stronger Key Derivation via Sequential Memory-Hard Functions, presented at BSDCan'09, May 2009
● Morris, Robert, Thompson, Ken, Password Security: A Case History, Bell Laboratories, 2011
● Coda Hale, How to safely store a password, 2010http://codahale.com/how-to-safely-store-a-password/
● J. Kelsey, B. Schneier, C. Hall, and D. Wagner, Secure Applications of Low-Entropy Keys, nformation Security Workshop (ISW'97), 1997
● Marc Bevand, Whitepixel breaks 28.6 billion password/sechttp://blog.zorinaq.com/?e=42
● Andrew Zonenberg, Distributed Hash Cracker: A Cross-Platform GPU-Accelerated Password Recovery System, 2009
top related