SlideShare uma empresa Scribd logo
1 de 37
Baixar para ler offline
CHAPTER 9
 Password Security

Slides adapted from "Foundations of Security: What Every Programmer
Needs To Know" by Neil Daswani, Christoph Kern, and Anita Kesavan
(ISBN 1590597842; http://www.foundationsofsecurity.com). Except as
otherwise noted, the content of this presentation is licensed under the
Creative Commons 3.0 License.
Agenda
   Password systems ubiquitous, vulnerable

   Early password security studies (1979) - Morris,
    Thompson: 86% of passwords can be cracked

   Threats: Online & Offline Dictionary Attacks

   Solutions: Hashing & Salting
9.1. A Strawman Proposal
   Basic password system: file w/ username,
    password records (colon delimiter)

                    john:automobile
                    mary:balloon
                    joe:wepntkas

   Simple to implement, but risky
     All
        users compromised if hacker gets the passwd file
     Done in Java: MiniPasswordManager
9.1. MiniPasswordManager
public class MiniPasswordManager {
    /** dUserMap is a Hashtable keyed by username */
    private static Hashtable dUserMap;
    /** location of the password file on disk */
    private static String dPwdFile;

    public static void add(String username,
                           String password) throws Exception {
        dUserMap.put(username, password);
    }

    public static boolean checkPassword(String username,
                                        String password) {
        try { String t = (String)dUserMap.get(username);
               return (t == null) ? false : t.equals(password);
        } catch (Exception e) {}
        return false;
    }
    ...
}
9.1. MPM: File Management
public class MiniPasswordManager {
    ...
    /* Password file management operations follow */
    public static void init (String pwdFile) throws Exception {
        dUserMap = MiniPasswordFile.load(pwdFile);
        dPwdFile = pwdFile;
    }

    public static void flush() throws Exception {
        MiniPasswordFile.store (dPwdFile, dUserMap);
    }
    ... // main()
}
9.1. MPM: main()
public static void main(String argv[]) {
    String pwdFile = null;
    String userName = null;
    try {
      pwdFile = argv[0];
      userName = argv[1];
      init(pwdFile);
      System.out.print("Enter new password for " + userName + ": ");
      BufferedReader br =
               new BufferedReader (new InputStreamReader(System.in));
      String password = br.readLine();
      add(userName, password);
      flush();
    } catch (Exception e) {
        if ((pwdFile != null) && (userName != null)) {
          System.err.println("Error: Could not read or write " + pwdFile);
        } else { System.err.println("Usage: java MiniPasswordManager" +
                 " <pwdfile> <username>"); }
    }
}
9.1. MPM Analysis
   Two key functions: username, password args
     add()– add entry to dUserMap hashtable
     checkPassword() – lookup in dUserMap


   Read/Write dUserMap from/to disk using
    init()/flush()
   MiniPasswordFile helper class exposes
    store() and load() methods for these tasks

   More to do to make secure…
9.2. Hashing
   Encrypt passwords, don’t store “in the clear”
     Could    decrypt (e.g. DES) to check, key storage?
     Even better: “one-way encryption”, no way to decrypt
     If file stolen, passwords not compromised
     Use one-way hash function, h: preimage resistant
     Ex: SHA-1 hashes stored in file, not plaintext passwd


      john:9Mfsk4EQh+XD2lBcCAvputrIuVbWKqbxPgKla7u67oo=
      mary:AEd62KRDHUXW6tp+XazwhTLSUlADWXrinUPbxQEfnsI=
      joe:J3mhF7Mv4pnfjcnoHZ1ZrUELjSBJFOo1r6D6fx8tfwU=
9.2. Hashing Example

               “What is your username & password?”

                                                                Does
           My name is john. My password is automobile.     h(automobile)
                                                                 =
                                                             9Mfsk4EQ…
                                                                ???



   Hash: “One-way encryption”
     No need to (can’t) decrypt
     Just compare hashes
     Plaintext password not in file, not “in the clear”
9.2. Hashing MPM Modifications
public static void add(String username,
                       String password) throws Exception {
    dUserMap.put(username,computeSHA(password));
}

public static boolean checkPassword(String username,
                                    String password) {
    try { String t = (String)dUserMap.get(username);
          return (t == null) ? false :
                               t.equals(computeSHA(password));
    } catch (Exception e) {}
    return false;
}

private static String computeSHA (String preimage) throws Exception {
    MessageDigest md = MessageDigest.getInstance("SHA-256");
    md.update(preimage.getBytes("UTF-8"));
    byte raw[] = md.digest();
    return (new sun.misc.BASE64Encoder().encode(raw));
}
9.3. Off-line Dictionary Attacks
   Attacker Obtains              Offline: attacker steals file and
   Password File:                 tries combos
   joe     9Mfsk4EQ...           Online: try combos against live
   mary    AEd62KRD...
   john    J3mhF7Mv...            system



               Attacker computes possible password hashes
      mary has         (using words from dictionary)
      password      h(automobile) = 9Mfsk4EQ...
     balloon!       h(aardvark)    = z5wcuJWE...
Attacker            h(balloon)     = AEd62KRD...
                    h(doughnut)    = tvj/d6R4
9.4. Salting
   Salting – include additional info in hash

   Add third field to file storing random # (salt)

   Example Entry: john with password automobile
    john:ScF5GDhWeHr2q5m7mSDuGPVasV2NHz4kuu5n5eyuMbo=:1515

   Hash of password concatenated with salt:
    h(automobile|1515) = ScF5GDhW...
9.4. Salting Functions
public static int chooseNewSalt() throws NoSuchAlgorithmException {
    return getSecureRandom((int)Math.pow(2,12));
}

/* Returns a cryptographically random number in the range [0,max) */
private static int getSecureRandom(int max) throws
                                          NoSuchAlgorithmException {
    SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
    return Math.abs(sr.nextInt()) % max;
}

public static String getSaltedHash(String pwd,
                                   int salt) throws Exception {
    return computeSHA(pwd + "|" + salt);
}
9.4. Salting in MPM (1)
/* Chooses a salt for the user, computes the salted hash of the
user's password, and adds a new entry into the userMap hashtable for
the user. */
public static void add(String username,
                       String password) throws Exception {
    int salt = chooseNewSalt();
    HashedPasswordTuple ur = new
          HashedPasswordTuple(getSaltedHash(password,salt),salt);
    dUserMap.put(username,ur);
}

public static boolean checkPassword(String username,
                                    String password) {
    try { HashedPasswordTuple t =
                       (HashedPasswordTuple)dUserMap.get(username);
          return (t == null) ? false :
                t.getHashedPassword().equals
                (getSaltedHash(password,t.getSalt()));
    } catch (Exception e) {}
    return false;
}
9.4. Salting in MPM (2)
   dUserMap stores HashedPasswordTuple,
    hashed password and salt
   To add(), we chooseNewSalt() to
    getSecureRandom() number in [0, 4096)

   getSaltedHash() to compute h(passwd|salt)
   checkPassword() by comparing hash on file
    w/ salted hash of input password and salt on file
9.4. Salting: Good News
   Dictionary attack against arbitrary user is harder
     Before Salts: hash word & compare with password file
     After Salts: hash combos of word & possible salts



   n-word dictionary, k-bit salts, v distinct salts:
     Attacker must hash n*min(v, 2k) strings vs. n (no salt)
     If many users (>> 2k, all salts used), 2k harder attack!
     Approx. same amount of work for password system
9.4. Off-line Dictionary Attack
Foiled!
            h(automobile2975) = KNVXKOHBDEBKOURX
            h(automobile1487) = ZNBXLPOEWNVDEJOG
            h(automobile2764) = ZMCXOSJNFKOFJHKDF
            h(automobile4012) = DJKOINSLOKDKOLJUS
            h(automobile3912) = CNVIUDONSOUIEPQN
            …Etc…
            h(aardvark2975) = DKOUOXKOUDJWOIQ
            h(aardvark1487) = PODNJUIHDJSHYEJNU
            …Etc…
                                           Too many
 /etc/passwd:                            combinations!!!
 john   LPINSFRABXJYWONF   2975            Attack is
 mary   DOIIDBQBZIDRWNKG   1487             Foiled!
 joe    LDHNSUNELDUALKDY   2764
9.4. Salting: Bad News
   Ineffective against chosen-victim attack
     Attackerwants to compromise particular account
     Just hash dictionary words with victim’s salt



   Attacker’s job harder, not impossible
     Easy for attacker to compute 2kn hashes?
     Then offline dictionary attack still a threat.
9.4. BasicAuthWebServer
(BAWS)
   Adapt (and rename) SimpleWebServer from
    Ch. 2 to use MiniPasswordManager
     Used  to implement HTTP authorization
     Only authenticated clients can access documents
      from our server
   First, create a password file:
$ java MiniPasswordManager pwdfile hector
Warning: Could not load password file. #pwdfile doesn't exist yet
Enter new password for hector: lotsadiserts
$ java com.learnsecurity.MiniPasswordManager pwdfile dan
Enter new password for dan: cryptguru
$ cat pwdfile #now it exists (after hector is added)
dan:O70FKijze89PDJtQHM8muKC+aXbUJIM/j8T4viT62rM=:3831
hector:laX1pk2KoZy1ze64gUD6rc/pqMuAVmWcKbgdQLL0d7w=:1466
9.4. HTTP Authorization
   Client makes request: GET /index.html       HTTP/1.1

   Server requests authentication:
       HTTP/1.0 401 Unauthorized
       WWW-Authenticate: Basic realm="BasicAuthWebServer"
   Client replies with base-64 encoded
    username/password combo:
      GET /index.html HTTP/1.1
      Authorization: Basic aGVjdG9yOmxvdHNhZGlzZXJ0cw==

     Only encoded, not encrypted in basic HTTP auth
     Eavesdropper can sniff: HTTP digest authorization
      and/or SSL can help
9.4. BAWS Explanation
   BAWS = BasicAuthWebServer

   During processRequest(), use
    getAuthorization() to check
    Credentials object (stores username and
    password)

   Then checkPassword() to determine whether
    to serveFile()

   main() method modified to accept password
    filename from command line
9.4. BAWS: processRequest()
public void processRequest(Socket s) throws Exception {
    //... some code excluded...
    if (command.equals("GET")) { // handle GET request
        Credentials c = getAuthorization(br);
        if ((c != null) &&
            (MiniPasswordManager.checkPassword(c.getUsername(),
                                              c.getPassword()))) {
            serveFile(osw, pathname);
        } else { osw.write ("HTTP/1.0 401 Unauthorized");
                 osw.write ("WWW-Authenticate: Basic"+
                             "realm=BasicAuthWebServer");
        }
     } else { //... some code excluded ...}
}
9.4. BAWS: getAuthorization()
private Credentials getAuthorization (BufferedReader br) {
    try { String header = null;
          while (!(header = br.readLine()).equals("")) {
              if (header.startsWith("Authorization:")) {
                  StringTokenizer st =
                          new StringTokenizer(header, " ");
                  st.nextToken(); // skip "Authorization"
                  st.nextToken(); // skip "Basic"
                  return new Credentials(st.nextToken());
              }
          }
    } catch (Exception e) {}
    return null;
}
9.4. BAWS: main()
public static void main (String argv[]) throws Exception {
    if (argv.length == 1) {// Initialize MiniPasswordManager
        MiniPasswordManager.init(argv[0]);
        /* Create a BasicAuthWebServer object, and run it */
        BasicAuthWebServer baws = new BasicAuthWebServer();
        baws.run();
    } else {
        System.err.println ("Usage: java BasicAuthWebServer"+

                            "<pwdfile>");
    }
}
9.5. Online Dictionary Attacks
   Attacker actively tries combos on live system

   Can monitor attacks
     Watch for lots of failed attempts
     Mark or block suspicious IPs


   Avoid server verification: sees password in clear
     Vulnerableto phishing: impersonator steals password
     Password-authenticated key exchange (PAKE), zero-
      knowledge proofs avoid sending password
     PAKE & zero-knowledge not yet efficient, commercial
9.6. Additional Password
Security Techniques
   Several other techniques to help securely
    manage passwords: Mix and match ones that
    make sense for particular app

   Strong Passwords         Limiting Logins
   “Honeypots”              Artificial Delays
   Filtering
                             Last Login
   Aging
                             Image Authentication
                             One-Time Passwords
   Pronounceable
9.6.1. Strong Passwords
   Not concatenation of 1 or more dictionary words
   Long as possible: letters, numbers, special
    chars
   Can create from long phrases:
     Ex: “Nothing is really work unless you would rather be
      doing something else” -> n!rWuUwrbds3
     Use 1st letter of each word, transform some chars into
      visually or phonetically similar ones
   Protect password file, limit access to admin
     UNIX   used to store in /etc/passwd (readable by all)
    
9.6.2. “Honeypot” Passwords
   Simple username/password (guest/guest)
    combos as “honey” to attract attackers
   Bait attackers into trying simple combos

   Alert admin when “booby-trap” triggered
   Could be indication of attack
   ID the IP and track to see what they’re up to
9.6.3. Password Filtering
   Let user choose password
     Within   certain restrictions to guarantee stronger
      password
     Ex: if in the dictionary or easy to guess


   May require mixed case, numbers, special chars
     Can  specify set of secure passwords through regular
      expressions
     Also set a particular min length
9.6.4. Aging Passwords
   Encourage/require users to change passwords
    every so often
     Every time user enters password, potential for
      attacker to eavesdrop
     Changing frequently makes any compromised
      password of limited-time use to attacker
   Could “age” passwords by only accepting it a
    certain number of times

   But if require change too often, then users will
    workaround, more insecure
9.6.5. Pronounceable
Passwords
   Users want to choose dictionary words because
    they’re easy to remember

   Pronounceable Passwords
     Non-dictionary  words, but also easy to recall
     Syllables & vowels connected together
     Gpw package generates examples
     e.g. ahrosios, chireckl, harciefy
9.6.6. Limited Login Attempts
   Allow just 3-4 logins, then disable or lock
    account
     Attacker only gets fixed number of guesses
     Inconvenient to users if they’re forgetful
     Legitimate user would have to ask sys admin to
      unlock or reset their password
     Potential for DoS attacks if usernames compromised
      and attacker guesses randomly for all, locking up
      large percentage of users of system
9.6.7 Artificial Delays
   Artificial delay when user tries login over network
   Wait 2n seconds after nth failure from particular
    IP address
     Only minor inconvenience to users (it should only take
      them a couple of tries, 10 seconds delay at most)
     But makes attacker’s guesses more costly, decreases
      number of guesses they can try in fixed time interval

   HTTP Proxies can be problematic
     One user mistyping password may delay another user
     Need more sophisticated way to delay
9.6.8. Last Login
   Notify user of last login date, time, location each
    time they login
     Educate  them to pay attention
     Tell user to report any inconsistencies


   Discrepancies = indications of attacks

   Catch attacks that may not have been noticed
     Ex: Alice usually logs in monthly from CA
     Last login was 2 weeks ago in Russia
     Alice knows something’s wrong, reports it
9.6.9. Image Authentication
   Combat phishing: images as second-factor
   Ask users to pick image during account creation
     Display at login after username is entered
     Phisher can’t spoof the image
     Educate user to not enter password
      if he doesn’t see the image he picked


   Recently deployed by PassMark, used on
    www.bofa.com and other financial institutions
9.6.10. One-Time Passwords
   Multiple uses of password gives attacker
    multiple opportunities to steal it
   OTP: login in with different password each time

   Devices generate passwords to be used each
    time user logs in
     Device uses seed to generate stream of passwords
     Server knows seed, current time, can verify password


   OTP devices integrated into PDAs, cell-phones
Summary
   Hashing passwords: don’t store in clear
   Dictionary Attacks: try hashes of common words

   Salting: add a random #, then hash
     Dictionaryattack harder against arbitrary user
     But doesn’t help attack against particular victim


   Other Approaches:
     Image Authentication
     One-time Passwords
     ...

Mais conteúdo relacionado

Mais procurados

Password Storage and Attacking in PHP
Password Storage and Attacking in PHPPassword Storage and Attacking in PHP
Password Storage and Attacking in PHPAnthony Ferrara
 
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Svetlin Nakov
 
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...Positive Hack Days
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
 
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Svetlin Nakov
 
Riak at The NYC Cloud Computing Meetup Group
Riak at The NYC Cloud Computing Meetup GroupRiak at The NYC Cloud Computing Meetup Group
Riak at The NYC Cloud Computing Meetup Groupsiculars
 
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Svetlin Nakov
 
X64服务器 lnmp服务器部署标准 new
X64服务器 lnmp服务器部署标准 newX64服务器 lnmp服务器部署标准 new
X64服务器 lnmp服务器部署标准 newYiwei Ma
 
BlockChain implementation by python
BlockChain implementation by pythonBlockChain implementation by python
BlockChain implementation by pythonwonyong hwang
 
Nko workshop - node js crud & deploy
Nko workshop - node js crud & deployNko workshop - node js crud & deploy
Nko workshop - node js crud & deploySimon Su
 
Black Hat Europe 2017. DPAPI and DPAPI-NG: Decryption Toolkit
Black Hat Europe 2017. DPAPI and DPAPI-NG: Decryption ToolkitBlack Hat Europe 2017. DPAPI and DPAPI-NG: Decryption Toolkit
Black Hat Europe 2017. DPAPI and DPAPI-NG: Decryption ToolkitPaula Januszkiewicz
 
CQURE_BHAsia19_Paula_Januszkiewicz_slides
CQURE_BHAsia19_Paula_Januszkiewicz_slidesCQURE_BHAsia19_Paula_Januszkiewicz_slides
CQURE_BHAsia19_Paula_Januszkiewicz_slidesZuzannaKornecka
 
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ..."Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...PROIDEA
 
Logstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtimeLogstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtimeAndrea Cardinale
 
Introduction httpClient on Java11 / Java11時代のHTTPアクセス再入門
Introduction httpClient on Java11 / Java11時代のHTTPアクセス再入門Introduction httpClient on Java11 / Java11時代のHTTPアクセス再入門
Introduction httpClient on Java11 / Java11時代のHTTPアクセス再入門tamtam180
 

Mais procurados (20)

Password Storage and Attacking in PHP
Password Storage and Attacking in PHPPassword Storage and Attacking in PHP
Password Storage and Attacking in PHP
 
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
 
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
 
Django cryptography
Django cryptographyDjango cryptography
Django cryptography
 
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
 
Riak at The NYC Cloud Computing Meetup Group
Riak at The NYC Cloud Computing Meetup GroupRiak at The NYC Cloud Computing Meetup Group
Riak at The NYC Cloud Computing Meetup Group
 
Da APK al Golden Ticket
Da APK al Golden TicketDa APK al Golden Ticket
Da APK al Golden Ticket
 
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
 
X64服务器 lnmp服务器部署标准 new
X64服务器 lnmp服务器部署标准 newX64服务器 lnmp服务器部署标准 new
X64服务器 lnmp服务器部署标准 new
 
BlockChain implementation by python
BlockChain implementation by pythonBlockChain implementation by python
BlockChain implementation by python
 
Nko workshop - node js crud & deploy
Nko workshop - node js crud & deployNko workshop - node js crud & deploy
Nko workshop - node js crud & deploy
 
Python Cryptography & Security
Python Cryptography & SecurityPython Cryptography & Security
Python Cryptography & Security
 
Testing NodeJS Security
Testing NodeJS SecurityTesting NodeJS Security
Testing NodeJS Security
 
Hack ASP.NET website
Hack ASP.NET websiteHack ASP.NET website
Hack ASP.NET website
 
Black Hat Europe 2017. DPAPI and DPAPI-NG: Decryption Toolkit
Black Hat Europe 2017. DPAPI and DPAPI-NG: Decryption ToolkitBlack Hat Europe 2017. DPAPI and DPAPI-NG: Decryption Toolkit
Black Hat Europe 2017. DPAPI and DPAPI-NG: Decryption Toolkit
 
CQURE_BHAsia19_Paula_Januszkiewicz_slides
CQURE_BHAsia19_Paula_Januszkiewicz_slidesCQURE_BHAsia19_Paula_Januszkiewicz_slides
CQURE_BHAsia19_Paula_Januszkiewicz_slides
 
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ..."Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
 
Logstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtimeLogstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtime
 
Introduction httpClient on Java11 / Java11時代のHTTPアクセス再入門
Introduction httpClient on Java11 / Java11時代のHTTPアクセス再入門Introduction httpClient on Java11 / Java11時代のHTTPアクセス再入門
Introduction httpClient on Java11 / Java11時代のHTTPアクセス再入門
 

Destaque

2FA Protocol Presentation
2FA Protocol Presentation2FA Protocol Presentation
2FA Protocol PresentationAkhil Agrawal
 
Secure Session Control in Education Cloud Using One Time Password (OTP)
Secure Session Control in Education Cloud Using One Time Password (OTP)Secure Session Control in Education Cloud Using One Time Password (OTP)
Secure Session Control in Education Cloud Using One Time Password (OTP)Edel Rajakumari
 
The Back to School Smartphone Guide
The Back to School Smartphone GuideThe Back to School Smartphone Guide
The Back to School Smartphone GuideLookout
 
Two Factor Authentication and You
Two Factor Authentication and YouTwo Factor Authentication and You
Two Factor Authentication and YouChris Stone
 
Two factor authentication with Laravel and Google Authenticator
Two factor authentication with Laravel and Google AuthenticatorTwo factor authentication with Laravel and Google Authenticator
Two factor authentication with Laravel and Google AuthenticatorAllan Denot
 
3 Ways to Protect the Data in Your Apple Account
3 Ways to Protect the Data in Your Apple Account3 Ways to Protect the Data in Your Apple Account
3 Ways to Protect the Data in Your Apple AccountLookout
 

Destaque (7)

Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
2FA Protocol Presentation
2FA Protocol Presentation2FA Protocol Presentation
2FA Protocol Presentation
 
Secure Session Control in Education Cloud Using One Time Password (OTP)
Secure Session Control in Education Cloud Using One Time Password (OTP)Secure Session Control in Education Cloud Using One Time Password (OTP)
Secure Session Control in Education Cloud Using One Time Password (OTP)
 
The Back to School Smartphone Guide
The Back to School Smartphone GuideThe Back to School Smartphone Guide
The Back to School Smartphone Guide
 
Two Factor Authentication and You
Two Factor Authentication and YouTwo Factor Authentication and You
Two Factor Authentication and You
 
Two factor authentication with Laravel and Google Authenticator
Two factor authentication with Laravel and Google AuthenticatorTwo factor authentication with Laravel and Google Authenticator
Two factor authentication with Laravel and Google Authenticator
 
3 Ways to Protect the Data in Your Apple Account
3 Ways to Protect the Data in Your Apple Account3 Ways to Protect the Data in Your Apple Account
3 Ways to Protect the Data in Your Apple Account
 

Semelhante a 9 password security

Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...
Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...
Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...Mail.ru Group
 
Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...
Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...
Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...Mail.ru Group
 
Marrow: A Meta-Framework for Python 2.6+ and 3.1+
Marrow: A Meta-Framework for Python 2.6+ and 3.1+Marrow: A Meta-Framework for Python 2.6+ and 3.1+
Marrow: A Meta-Framework for Python 2.6+ and 3.1+ConFoo
 
int ch=chdir(tokensleft[0]); if the change of director.pdf
      int ch=chdir(tokensleft[0]);     if the change of director.pdf      int ch=chdir(tokensleft[0]);     if the change of director.pdf
int ch=chdir(tokensleft[0]); if the change of director.pdfmdualudin007
 
Hack an ASP .NET website? Hard, but possible!
Hack an ASP .NET website? Hard, but possible! Hack an ASP .NET website? Hard, but possible!
Hack an ASP .NET website? Hard, but possible! Vladimir Kochetkov
 
Application-Specific Models and Pointcuts using a Logic Meta Language
Application-Specific Models and Pointcuts using a Logic Meta LanguageApplication-Specific Models and Pointcuts using a Logic Meta Language
Application-Specific Models and Pointcuts using a Logic Meta LanguageESUG
 
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...Vincenzo Iozzo
 
Introduction to Rust language programming
Introduction to Rust language programmingIntroduction to Rust language programming
Introduction to Rust language programmingRodolfo Finochietti
 
PHP Backdoor: The rise of the vuln
PHP Backdoor: The rise of the vulnPHP Backdoor: The rise of the vuln
PHP Backdoor: The rise of the vulnSandro Zaccarini
 
Charla EHU Noviembre 2014 - Desarrollo Web
Charla EHU Noviembre 2014 - Desarrollo WebCharla EHU Noviembre 2014 - Desarrollo Web
Charla EHU Noviembre 2014 - Desarrollo WebMikel Torres Ugarte
 
Cascading Through Hadoop for the Boulder JUG
Cascading Through Hadoop for the Boulder JUGCascading Through Hadoop for the Boulder JUG
Cascading Through Hadoop for the Boulder JUGMatthew McCullough
 
I need to adjust this Huffman code so that it asks for the user to i.pdf
I need to adjust this Huffman code so that it asks for the user to i.pdfI need to adjust this Huffman code so that it asks for the user to i.pdf
I need to adjust this Huffman code so that it asks for the user to i.pdfjibinsh
 
Eight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsEight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsAleksandr Yampolskiy
 
Android audio system(audioflinger)
Android audio system(audioflinger)Android audio system(audioflinger)
Android audio system(audioflinger)fefe7270
 
ikh331-06-distributed-programming
ikh331-06-distributed-programmingikh331-06-distributed-programming
ikh331-06-distributed-programmingAnung Ariwibowo
 
Hopping in clouds - phpuk 17
Hopping in clouds - phpuk 17Hopping in clouds - phpuk 17
Hopping in clouds - phpuk 17Michele Orselli
 
How Secure Are Docker Containers?
How Secure Are Docker Containers?How Secure Are Docker Containers?
How Secure Are Docker Containers?Ben Hall
 
What’s new in C# 6
What’s new in C# 6What’s new in C# 6
What’s new in C# 6Fiyaz Hasan
 

Semelhante a 9 password security (20)

Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...
Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...
Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...
 
Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...
Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...
Security Meetup 22 октября. «PHP Unserialize Exploiting». Павел Топорков. Лаб...
 
Java VS Python
Java VS PythonJava VS Python
Java VS Python
 
Marrow: A Meta-Framework for Python 2.6+ and 3.1+
Marrow: A Meta-Framework for Python 2.6+ and 3.1+Marrow: A Meta-Framework for Python 2.6+ and 3.1+
Marrow: A Meta-Framework for Python 2.6+ and 3.1+
 
Anti patterns
Anti patternsAnti patterns
Anti patterns
 
int ch=chdir(tokensleft[0]); if the change of director.pdf
      int ch=chdir(tokensleft[0]);     if the change of director.pdf      int ch=chdir(tokensleft[0]);     if the change of director.pdf
int ch=chdir(tokensleft[0]); if the change of director.pdf
 
Hack an ASP .NET website? Hard, but possible!
Hack an ASP .NET website? Hard, but possible! Hack an ASP .NET website? Hard, but possible!
Hack an ASP .NET website? Hard, but possible!
 
Application-Specific Models and Pointcuts using a Logic Meta Language
Application-Specific Models and Pointcuts using a Logic Meta LanguageApplication-Specific Models and Pointcuts using a Logic Meta Language
Application-Specific Models and Pointcuts using a Logic Meta Language
 
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
Post Exploitation Bliss: Loading Meterpreter on a Factory iPhone, Black Hat U...
 
Introduction to Rust language programming
Introduction to Rust language programmingIntroduction to Rust language programming
Introduction to Rust language programming
 
PHP Backdoor: The rise of the vuln
PHP Backdoor: The rise of the vulnPHP Backdoor: The rise of the vuln
PHP Backdoor: The rise of the vuln
 
Charla EHU Noviembre 2014 - Desarrollo Web
Charla EHU Noviembre 2014 - Desarrollo WebCharla EHU Noviembre 2014 - Desarrollo Web
Charla EHU Noviembre 2014 - Desarrollo Web
 
Cascading Through Hadoop for the Boulder JUG
Cascading Through Hadoop for the Boulder JUGCascading Through Hadoop for the Boulder JUG
Cascading Through Hadoop for the Boulder JUG
 
I need to adjust this Huffman code so that it asks for the user to i.pdf
I need to adjust this Huffman code so that it asks for the user to i.pdfI need to adjust this Huffman code so that it asks for the user to i.pdf
I need to adjust this Huffman code so that it asks for the user to i.pdf
 
Eight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsEight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programs
 
Android audio system(audioflinger)
Android audio system(audioflinger)Android audio system(audioflinger)
Android audio system(audioflinger)
 
ikh331-06-distributed-programming
ikh331-06-distributed-programmingikh331-06-distributed-programming
ikh331-06-distributed-programming
 
Hopping in clouds - phpuk 17
Hopping in clouds - phpuk 17Hopping in clouds - phpuk 17
Hopping in clouds - phpuk 17
 
How Secure Are Docker Containers?
How Secure Are Docker Containers?How Secure Are Docker Containers?
How Secure Are Docker Containers?
 
What’s new in C# 6
What’s new in C# 6What’s new in C# 6
What’s new in C# 6
 

Mais de drewz lin

Web security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-kearyWeb security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-kearydrewz lin
 
Via forensics appsecusa-nov-2013
Via forensics appsecusa-nov-2013Via forensics appsecusa-nov-2013
Via forensics appsecusa-nov-2013drewz lin
 
Phu appsec13
Phu appsec13Phu appsec13
Phu appsec13drewz lin
 
Owasp2013 johannesullrich
Owasp2013 johannesullrichOwasp2013 johannesullrich
Owasp2013 johannesullrichdrewz lin
 
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2drewz lin
 
I mas appsecusa-nov13-v2
I mas appsecusa-nov13-v2I mas appsecusa-nov13-v2
I mas appsecusa-nov13-v2drewz lin
 
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfDefeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfdrewz lin
 
Csrf not-all-defenses-are-created-equal
Csrf not-all-defenses-are-created-equalCsrf not-all-defenses-are-created-equal
Csrf not-all-defenses-are-created-equaldrewz lin
 
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21drewz lin
 
Appsec usa roberthansen
Appsec usa roberthansenAppsec usa roberthansen
Appsec usa roberthansendrewz lin
 
Appsec usa2013 js_libinsecurity_stefanodipaola
Appsec usa2013 js_libinsecurity_stefanodipaolaAppsec usa2013 js_libinsecurity_stefanodipaola
Appsec usa2013 js_libinsecurity_stefanodipaoladrewz lin
 
Appsec2013 presentation-dickson final-with_all_final_edits
Appsec2013 presentation-dickson final-with_all_final_editsAppsec2013 presentation-dickson final-with_all_final_edits
Appsec2013 presentation-dickson final-with_all_final_editsdrewz lin
 
Appsec2013 presentation
Appsec2013 presentationAppsec2013 presentation
Appsec2013 presentationdrewz lin
 
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitationsAppsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitationsdrewz lin
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martindrewz lin
 
Amol scadaowasp
Amol scadaowaspAmol scadaowasp
Amol scadaowaspdrewz lin
 
Agile sdlc-v1.1-owasp-app sec-usa
Agile sdlc-v1.1-owasp-app sec-usaAgile sdlc-v1.1-owasp-app sec-usa
Agile sdlc-v1.1-owasp-app sec-usadrewz lin
 
Vulnex app secusa2013
Vulnex app secusa2013Vulnex app secusa2013
Vulnex app secusa2013drewz lin
 
基于虚拟化技术的分布式软件测试框架
基于虚拟化技术的分布式软件测试框架基于虚拟化技术的分布式软件测试框架
基于虚拟化技术的分布式软件测试框架drewz lin
 
新浪微博稳定性经验谈
新浪微博稳定性经验谈新浪微博稳定性经验谈
新浪微博稳定性经验谈drewz lin
 

Mais de drewz lin (20)

Web security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-kearyWeb security-–-everything-we-know-is-wrong-eoin-keary
Web security-–-everything-we-know-is-wrong-eoin-keary
 
Via forensics appsecusa-nov-2013
Via forensics appsecusa-nov-2013Via forensics appsecusa-nov-2013
Via forensics appsecusa-nov-2013
 
Phu appsec13
Phu appsec13Phu appsec13
Phu appsec13
 
Owasp2013 johannesullrich
Owasp2013 johannesullrichOwasp2013 johannesullrich
Owasp2013 johannesullrich
 
Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2Owasp advanced mobile-application-code-review-techniques-v0.2
Owasp advanced mobile-application-code-review-techniques-v0.2
 
I mas appsecusa-nov13-v2
I mas appsecusa-nov13-v2I mas appsecusa-nov13-v2
I mas appsecusa-nov13-v2
 
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfDefeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
 
Csrf not-all-defenses-are-created-equal
Csrf not-all-defenses-are-created-equalCsrf not-all-defenses-are-created-equal
Csrf not-all-defenses-are-created-equal
 
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21
Chuck willis-owaspbwa-beyond-1.0-app secusa-2013-11-21
 
Appsec usa roberthansen
Appsec usa roberthansenAppsec usa roberthansen
Appsec usa roberthansen
 
Appsec usa2013 js_libinsecurity_stefanodipaola
Appsec usa2013 js_libinsecurity_stefanodipaolaAppsec usa2013 js_libinsecurity_stefanodipaola
Appsec usa2013 js_libinsecurity_stefanodipaola
 
Appsec2013 presentation-dickson final-with_all_final_edits
Appsec2013 presentation-dickson final-with_all_final_editsAppsec2013 presentation-dickson final-with_all_final_edits
Appsec2013 presentation-dickson final-with_all_final_edits
 
Appsec2013 presentation
Appsec2013 presentationAppsec2013 presentation
Appsec2013 presentation
 
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitationsAppsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
Appsec 2013-krehel-ondrej-forensic-investigations-of-web-exploitations
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martin
 
Amol scadaowasp
Amol scadaowaspAmol scadaowasp
Amol scadaowasp
 
Agile sdlc-v1.1-owasp-app sec-usa
Agile sdlc-v1.1-owasp-app sec-usaAgile sdlc-v1.1-owasp-app sec-usa
Agile sdlc-v1.1-owasp-app sec-usa
 
Vulnex app secusa2013
Vulnex app secusa2013Vulnex app secusa2013
Vulnex app secusa2013
 
基于虚拟化技术的分布式软件测试框架
基于虚拟化技术的分布式软件测试框架基于虚拟化技术的分布式软件测试框架
基于虚拟化技术的分布式软件测试框架
 
新浪微博稳定性经验谈
新浪微博稳定性经验谈新浪微博稳定性经验谈
新浪微博稳定性经验谈
 

9 password security

  • 1. CHAPTER 9 Password Security Slides adapted from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern, and Anita Kesavan (ISBN 1590597842; http://www.foundationsofsecurity.com). Except as otherwise noted, the content of this presentation is licensed under the Creative Commons 3.0 License.
  • 2. Agenda  Password systems ubiquitous, vulnerable  Early password security studies (1979) - Morris, Thompson: 86% of passwords can be cracked  Threats: Online & Offline Dictionary Attacks  Solutions: Hashing & Salting
  • 3. 9.1. A Strawman Proposal  Basic password system: file w/ username, password records (colon delimiter) john:automobile mary:balloon joe:wepntkas  Simple to implement, but risky  All users compromised if hacker gets the passwd file  Done in Java: MiniPasswordManager
  • 4. 9.1. MiniPasswordManager public class MiniPasswordManager { /** dUserMap is a Hashtable keyed by username */ private static Hashtable dUserMap; /** location of the password file on disk */ private static String dPwdFile; public static void add(String username, String password) throws Exception { dUserMap.put(username, password); } public static boolean checkPassword(String username, String password) { try { String t = (String)dUserMap.get(username); return (t == null) ? false : t.equals(password); } catch (Exception e) {} return false; } ... }
  • 5. 9.1. MPM: File Management public class MiniPasswordManager { ... /* Password file management operations follow */ public static void init (String pwdFile) throws Exception { dUserMap = MiniPasswordFile.load(pwdFile); dPwdFile = pwdFile; } public static void flush() throws Exception { MiniPasswordFile.store (dPwdFile, dUserMap); } ... // main() }
  • 6. 9.1. MPM: main() public static void main(String argv[]) { String pwdFile = null; String userName = null; try { pwdFile = argv[0]; userName = argv[1]; init(pwdFile); System.out.print("Enter new password for " + userName + ": "); BufferedReader br = new BufferedReader (new InputStreamReader(System.in)); String password = br.readLine(); add(userName, password); flush(); } catch (Exception e) { if ((pwdFile != null) && (userName != null)) { System.err.println("Error: Could not read or write " + pwdFile); } else { System.err.println("Usage: java MiniPasswordManager" + " <pwdfile> <username>"); } } }
  • 7. 9.1. MPM Analysis  Two key functions: username, password args  add()– add entry to dUserMap hashtable  checkPassword() – lookup in dUserMap  Read/Write dUserMap from/to disk using init()/flush()  MiniPasswordFile helper class exposes store() and load() methods for these tasks  More to do to make secure…
  • 8. 9.2. Hashing  Encrypt passwords, don’t store “in the clear”  Could decrypt (e.g. DES) to check, key storage?  Even better: “one-way encryption”, no way to decrypt  If file stolen, passwords not compromised  Use one-way hash function, h: preimage resistant  Ex: SHA-1 hashes stored in file, not plaintext passwd john:9Mfsk4EQh+XD2lBcCAvputrIuVbWKqbxPgKla7u67oo= mary:AEd62KRDHUXW6tp+XazwhTLSUlADWXrinUPbxQEfnsI= joe:J3mhF7Mv4pnfjcnoHZ1ZrUELjSBJFOo1r6D6fx8tfwU=
  • 9. 9.2. Hashing Example “What is your username & password?” Does My name is john. My password is automobile. h(automobile) = 9Mfsk4EQ… ???  Hash: “One-way encryption”  No need to (can’t) decrypt  Just compare hashes  Plaintext password not in file, not “in the clear”
  • 10. 9.2. Hashing MPM Modifications public static void add(String username, String password) throws Exception { dUserMap.put(username,computeSHA(password)); } public static boolean checkPassword(String username, String password) { try { String t = (String)dUserMap.get(username); return (t == null) ? false : t.equals(computeSHA(password)); } catch (Exception e) {} return false; } private static String computeSHA (String preimage) throws Exception { MessageDigest md = MessageDigest.getInstance("SHA-256"); md.update(preimage.getBytes("UTF-8")); byte raw[] = md.digest(); return (new sun.misc.BASE64Encoder().encode(raw)); }
  • 11. 9.3. Off-line Dictionary Attacks Attacker Obtains  Offline: attacker steals file and Password File: tries combos joe 9Mfsk4EQ...  Online: try combos against live mary AEd62KRD... john J3mhF7Mv... system Attacker computes possible password hashes mary has (using words from dictionary) password h(automobile) = 9Mfsk4EQ... balloon! h(aardvark) = z5wcuJWE... Attacker h(balloon) = AEd62KRD... h(doughnut) = tvj/d6R4
  • 12. 9.4. Salting  Salting – include additional info in hash  Add third field to file storing random # (salt)  Example Entry: john with password automobile john:ScF5GDhWeHr2q5m7mSDuGPVasV2NHz4kuu5n5eyuMbo=:1515  Hash of password concatenated with salt: h(automobile|1515) = ScF5GDhW...
  • 13. 9.4. Salting Functions public static int chooseNewSalt() throws NoSuchAlgorithmException { return getSecureRandom((int)Math.pow(2,12)); } /* Returns a cryptographically random number in the range [0,max) */ private static int getSecureRandom(int max) throws NoSuchAlgorithmException { SecureRandom sr = SecureRandom.getInstance("SHA1PRNG"); return Math.abs(sr.nextInt()) % max; } public static String getSaltedHash(String pwd, int salt) throws Exception { return computeSHA(pwd + "|" + salt); }
  • 14. 9.4. Salting in MPM (1) /* Chooses a salt for the user, computes the salted hash of the user's password, and adds a new entry into the userMap hashtable for the user. */ public static void add(String username, String password) throws Exception { int salt = chooseNewSalt(); HashedPasswordTuple ur = new HashedPasswordTuple(getSaltedHash(password,salt),salt); dUserMap.put(username,ur); } public static boolean checkPassword(String username, String password) { try { HashedPasswordTuple t = (HashedPasswordTuple)dUserMap.get(username); return (t == null) ? false : t.getHashedPassword().equals (getSaltedHash(password,t.getSalt())); } catch (Exception e) {} return false; }
  • 15. 9.4. Salting in MPM (2)  dUserMap stores HashedPasswordTuple, hashed password and salt  To add(), we chooseNewSalt() to getSecureRandom() number in [0, 4096)  getSaltedHash() to compute h(passwd|salt)  checkPassword() by comparing hash on file w/ salted hash of input password and salt on file
  • 16. 9.4. Salting: Good News  Dictionary attack against arbitrary user is harder  Before Salts: hash word & compare with password file  After Salts: hash combos of word & possible salts  n-word dictionary, k-bit salts, v distinct salts:  Attacker must hash n*min(v, 2k) strings vs. n (no salt)  If many users (>> 2k, all salts used), 2k harder attack!  Approx. same amount of work for password system
  • 17. 9.4. Off-line Dictionary Attack Foiled! h(automobile2975) = KNVXKOHBDEBKOURX h(automobile1487) = ZNBXLPOEWNVDEJOG h(automobile2764) = ZMCXOSJNFKOFJHKDF h(automobile4012) = DJKOINSLOKDKOLJUS h(automobile3912) = CNVIUDONSOUIEPQN …Etc… h(aardvark2975) = DKOUOXKOUDJWOIQ h(aardvark1487) = PODNJUIHDJSHYEJNU …Etc… Too many /etc/passwd: combinations!!! john LPINSFRABXJYWONF 2975 Attack is mary DOIIDBQBZIDRWNKG 1487 Foiled! joe LDHNSUNELDUALKDY 2764
  • 18. 9.4. Salting: Bad News  Ineffective against chosen-victim attack  Attackerwants to compromise particular account  Just hash dictionary words with victim’s salt  Attacker’s job harder, not impossible  Easy for attacker to compute 2kn hashes?  Then offline dictionary attack still a threat.
  • 19. 9.4. BasicAuthWebServer (BAWS)  Adapt (and rename) SimpleWebServer from Ch. 2 to use MiniPasswordManager  Used to implement HTTP authorization  Only authenticated clients can access documents from our server  First, create a password file: $ java MiniPasswordManager pwdfile hector Warning: Could not load password file. #pwdfile doesn't exist yet Enter new password for hector: lotsadiserts $ java com.learnsecurity.MiniPasswordManager pwdfile dan Enter new password for dan: cryptguru $ cat pwdfile #now it exists (after hector is added) dan:O70FKijze89PDJtQHM8muKC+aXbUJIM/j8T4viT62rM=:3831 hector:laX1pk2KoZy1ze64gUD6rc/pqMuAVmWcKbgdQLL0d7w=:1466
  • 20. 9.4. HTTP Authorization  Client makes request: GET /index.html HTTP/1.1  Server requests authentication: HTTP/1.0 401 Unauthorized WWW-Authenticate: Basic realm="BasicAuthWebServer"  Client replies with base-64 encoded username/password combo: GET /index.html HTTP/1.1 Authorization: Basic aGVjdG9yOmxvdHNhZGlzZXJ0cw==  Only encoded, not encrypted in basic HTTP auth  Eavesdropper can sniff: HTTP digest authorization and/or SSL can help
  • 21. 9.4. BAWS Explanation  BAWS = BasicAuthWebServer  During processRequest(), use getAuthorization() to check Credentials object (stores username and password)  Then checkPassword() to determine whether to serveFile()  main() method modified to accept password filename from command line
  • 22. 9.4. BAWS: processRequest() public void processRequest(Socket s) throws Exception { //... some code excluded... if (command.equals("GET")) { // handle GET request Credentials c = getAuthorization(br); if ((c != null) && (MiniPasswordManager.checkPassword(c.getUsername(), c.getPassword()))) { serveFile(osw, pathname); } else { osw.write ("HTTP/1.0 401 Unauthorized"); osw.write ("WWW-Authenticate: Basic"+ "realm=BasicAuthWebServer"); } } else { //... some code excluded ...} }
  • 23. 9.4. BAWS: getAuthorization() private Credentials getAuthorization (BufferedReader br) { try { String header = null; while (!(header = br.readLine()).equals("")) { if (header.startsWith("Authorization:")) { StringTokenizer st = new StringTokenizer(header, " "); st.nextToken(); // skip "Authorization" st.nextToken(); // skip "Basic" return new Credentials(st.nextToken()); } } } catch (Exception e) {} return null; }
  • 24. 9.4. BAWS: main() public static void main (String argv[]) throws Exception { if (argv.length == 1) {// Initialize MiniPasswordManager MiniPasswordManager.init(argv[0]); /* Create a BasicAuthWebServer object, and run it */ BasicAuthWebServer baws = new BasicAuthWebServer(); baws.run(); } else { System.err.println ("Usage: java BasicAuthWebServer"+ "<pwdfile>"); } }
  • 25. 9.5. Online Dictionary Attacks  Attacker actively tries combos on live system  Can monitor attacks  Watch for lots of failed attempts  Mark or block suspicious IPs  Avoid server verification: sees password in clear  Vulnerableto phishing: impersonator steals password  Password-authenticated key exchange (PAKE), zero- knowledge proofs avoid sending password  PAKE & zero-knowledge not yet efficient, commercial
  • 26. 9.6. Additional Password Security Techniques  Several other techniques to help securely manage passwords: Mix and match ones that make sense for particular app  Strong Passwords  Limiting Logins  “Honeypots”  Artificial Delays  Filtering  Last Login  Aging  Image Authentication  One-Time Passwords  Pronounceable
  • 27. 9.6.1. Strong Passwords  Not concatenation of 1 or more dictionary words  Long as possible: letters, numbers, special chars  Can create from long phrases:  Ex: “Nothing is really work unless you would rather be doing something else” -> n!rWuUwrbds3  Use 1st letter of each word, transform some chars into visually or phonetically similar ones  Protect password file, limit access to admin  UNIX used to store in /etc/passwd (readable by all) 
  • 28. 9.6.2. “Honeypot” Passwords  Simple username/password (guest/guest) combos as “honey” to attract attackers  Bait attackers into trying simple combos  Alert admin when “booby-trap” triggered  Could be indication of attack  ID the IP and track to see what they’re up to
  • 29. 9.6.3. Password Filtering  Let user choose password  Within certain restrictions to guarantee stronger password  Ex: if in the dictionary or easy to guess  May require mixed case, numbers, special chars  Can specify set of secure passwords through regular expressions  Also set a particular min length
  • 30. 9.6.4. Aging Passwords  Encourage/require users to change passwords every so often  Every time user enters password, potential for attacker to eavesdrop  Changing frequently makes any compromised password of limited-time use to attacker  Could “age” passwords by only accepting it a certain number of times  But if require change too often, then users will workaround, more insecure
  • 31. 9.6.5. Pronounceable Passwords  Users want to choose dictionary words because they’re easy to remember  Pronounceable Passwords  Non-dictionary words, but also easy to recall  Syllables & vowels connected together  Gpw package generates examples  e.g. ahrosios, chireckl, harciefy
  • 32. 9.6.6. Limited Login Attempts  Allow just 3-4 logins, then disable or lock account  Attacker only gets fixed number of guesses  Inconvenient to users if they’re forgetful  Legitimate user would have to ask sys admin to unlock or reset their password  Potential for DoS attacks if usernames compromised and attacker guesses randomly for all, locking up large percentage of users of system
  • 33. 9.6.7 Artificial Delays  Artificial delay when user tries login over network  Wait 2n seconds after nth failure from particular IP address  Only minor inconvenience to users (it should only take them a couple of tries, 10 seconds delay at most)  But makes attacker’s guesses more costly, decreases number of guesses they can try in fixed time interval  HTTP Proxies can be problematic  One user mistyping password may delay another user  Need more sophisticated way to delay
  • 34. 9.6.8. Last Login  Notify user of last login date, time, location each time they login  Educate them to pay attention  Tell user to report any inconsistencies  Discrepancies = indications of attacks  Catch attacks that may not have been noticed  Ex: Alice usually logs in monthly from CA  Last login was 2 weeks ago in Russia  Alice knows something’s wrong, reports it
  • 35. 9.6.9. Image Authentication  Combat phishing: images as second-factor  Ask users to pick image during account creation  Display at login after username is entered  Phisher can’t spoof the image  Educate user to not enter password if he doesn’t see the image he picked  Recently deployed by PassMark, used on www.bofa.com and other financial institutions
  • 36. 9.6.10. One-Time Passwords  Multiple uses of password gives attacker multiple opportunities to steal it  OTP: login in with different password each time  Devices generate passwords to be used each time user logs in  Device uses seed to generate stream of passwords  Server knows seed, current time, can verify password  OTP devices integrated into PDAs, cell-phones
  • 37. Summary  Hashing passwords: don’t store in clear  Dictionary Attacks: try hashes of common words  Salting: add a random #, then hash  Dictionaryattack harder against arbitrary user  But doesn’t help attack against particular victim  Other Approaches:  Image Authentication  One-time Passwords  ...

Notas do Editor

  1. Welcome to SEC103 on Secure Programming Techniques. In this course, I assume that you have some background in computer security, but now you want to put that background to use. For example, in the Computer Security Principles and Introduction To Cryptography courses, we cover topics such concerning trust and encryption. In this course, we put these principles into to practice, and I’ll show you have to write secure code that builds security into your applications from the ground up.
  2. Password Security: A Case History (1979) , Morris
  3. Assume that Joe is a good guy.
  4. But what if Joe is a bad-guy and the password file is readable?
  5. But what if Joe is a bad-guy and the password file is readable? (Note that many attacks are committed by insiders.)
  6. But what if the salt is too small? (It is only 2^12 in Linux/UNIX). http://www.tldp.org/HOWTO/Shadow-Password-HOWTO-2.html The /etc/shadow file is set so that it cannot be read by just anyone. Only root will be able to read and write to the /etc/shadow file. Some programs (like xlock) don&apos;t need to be able to change passwords, they only need to be able to verify them. These programs can either be run suid root or you can set up a group shadow that is allowed read only access to the /etc/shadow file. Then the program can be run sgid shadow . By moving the passwords to the /etc/shadow file, we are effectively keeping the attacker from having access to the encoded passwords with which to perform a dictionary attack . Booby-trap: have an unused (guest/guest) password. When someone logs in with it, notify security personnel. (Problem with the number of hackers these days, too many false positives!)