Passwords.
Do you keep them safe?



Piotr Przybył
piotr@przybyl.org
piotrprz
WrocławJUG, 2017-02-01

It's going to be about

  • DON'Ts
  • HOW-TOs
  • Users
  • And other stuff

Plain text passwords

soap dish prison

Passwords can be

  • hashed (=irreversible)
  • encrypted (=reversible)

In case your data gets stolen or sold:

keep it secret, keep it safe

Hashing, ver. 1


  Column  |  Type  | Modifiers
 ---------+--------+-----------
 password |  int   | not null
						

							class UserDao
						

							void insertUser(String login, String password)
						

							session.createQuery(...);
						

							password.hashCode();
						

Why?

Hashing, ver. 1

hashCode(), because all passwords need to be "hashed"

Y U NO RTFM?

Hashing, ver. 1


/**
 * Returns a hash code value for the object. This method is
 * supported for the benefit of hash tables such as those provided by
 * {@link java.util.HashMap}.
 ...
 */
 public native int hashCode();
						

Hashing, ver. 1


public int hashCode() {
	int h = hash;
	if (h == 0 && value.length > 0) {
		char val[] = value;

		for (int i = 0; i < value.length; i++) {
			h = 31 * h + val[i];
		}
		hash = h;
	}
	return h;
}
						

AbCdEf, BBcEFG, AbCcdf, AbDDdf, BBbcdf, BCCdEf,
BCDDeG, BCDEEf, BCDEFG, AbCdFG, AbDEFG, BCCceG
						

Hashing, ver. 2


UPDATE `admin_user` SET `password` = MD5('anyword')
WHERE `admin_user`.`user_id`= 1;
						

CE version


public function hash($data) {return md5($data);}
							

EE version


public function hash($data, $version = self::HASH_VERSION_LATEST) {
  if (self::HASH_VERSION_MD5 === $version) {
    return md5($data);
  }
  return hash('sha256', $data);
}
							

Hashing, ver. 2

Y U NO RTFM?

DO NOT USE.

Hashing, ver. X

salt shaker

Hashing ver. +salt

Our password hashing has no clothes / Troy Hunt

Hashing ver. +salt

MD5 ~4,7·109/s
SHA1 ~2,2·109/s
6 char alphanum password BF
(~57·109 combinations)
< 60s
Experiment: 45 min 25k/40k (~63%)

~9,25 passwords / s

Hashing ver. +salt

BITCOIN mine

CyberGuerrilla

Hashing ver. +salt

cloud

What is the problem?

And password hashes too!

What is the problem?

Moore's Law in bucks

By Steve Jurvetson

Should I care?

leak leak leak leak leak leak leak

Solution?

Stretching!

(now and in the future)

Solution: stretching

Solution: stretching

asafaweb

By Troy Hunt

How to fix ASAP?

  1. ADD COLUMN passwd_new_hash
  2. ADD COLUMN only_crypt default false
  3. SET passwd_new_hash = hash_pass(passwd_hash)
  4. After each successful login
    • SET passwd_new_hash = hash_pass(plain_passwd)
    • SET only_crypt = true
  5. RENAME COLUMN passwd_hash TO stale_old_passwd_hash
  6. Wait and see if works
  7. DROP COLUMN stale_old_passwd_hash
  8. After all passwords re-hashed
    DROP COLUMN only_crypt

Hashing ver. +stretching -salt

  • $6$$Y8Et6w...qTkl.
  • $<id>[$<param>=<value>(,<param>=<value>)*][$<salt>[$<hash>]]
  • $6$salt_should_be_here$Y8Et6w...qTkl.

By Piotr Przybył for osnet.eu

So... use bcrypt, use bcrypt, use bcrypt, use bcrypt?

Not always. Be smart.

  • Don't implement yourself.
  • Buggy implementations, see PHP: 2a, 2x, 2y, OpenBSD: 2b.
  • Check results between providers/languages.
  • Benchmark for optimal cost.
  • Vary costs (admins, clients).
  • Adapt costs (in the future).
  • Be careful with the default cost.

So... use bcrypt, use bcrypt, use bcrypt, use bcrypt?

  • Consider scrypt, PHC and others.
  • Use unique salt per password.
  • 72 bytes limit for many implementations.
  • Think about external authentication.

The algorithm is not enough

or

PICNIC

Problem in chair, not in computer.

Top Passwords 2016

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. football
  8. 1234
  9. 1234567
  10. baseball
  11. welcome
  12. 1234567890
  13. abc123
  14. 111111
  15. 1qaz2wsx
  1. 123456
  2. 123456789
  3. qwerty
  4. 12345678
  5. 111111
  6. 1234567890
  7. 1234567
  8. password
  9. 123123
  10. 987654321
  11. qwertyuiop
  12. mynoob
  13. 123321
  14. 666666
  15. 18atcskd2w

By Craig Charles / thatsnonsense.com and By Spandas Lui / Lifehacker

Top Passwords 2016

By MagaFeed

Top Passwords 2016

By TRUTHFEED

What did Troy Hunt find?

  • 93% - 6 to 10 chars
  • 45% - only small letters
  • 36% - ordinary dictionary
  • 67% - used in unrelated system (Gawker)
  •  1% - with non-alphanum char

What passwords?

  • With high guessing entropy
  • And unique globally.
  • Maybe stored in password managed
  • And generated?

What else?

  • E-mails (and other insecure channels)
  • Password reset tokens.
  • Logs.
  • String vs. char[]
  • /dev/urandom | javax.crypto.SecureRandom
  • HTTPS
    Cipher suite
  • seed()

Password masks

Can be implemented without:

  • plain text,
  • storing each combination,
  • (symmetric) encryption.

Partial Passwords / Smart architects

Are my passwords safe now?

More reading and sources

http://www.troyhunt.com/2012/06/our-password-hashing-has-no-clothes.html
https://adambard.com/blog/3-wrong-ways-to-store-a-password/
Better Master Passwords: The geek edition
https://password-hashing.net/
https://paragonie.com/blog/2016/02/how-safely-store-password-in-2016
http://gizmodo.com/the-25-most-popular-passwords-of-2015-were-all-such-id-1753591514
http://krzysztofjelonek.net/hasla-maskowane-bledy-implementacyjne-polskiego-banku/
http://www.smartarchitects.co.uk/news/9/15/Partial-Passwords---How.html
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

http://www.theregister.co.uk/2016/02/08/alibaba_taobao_security_process_failure/
http://www.pcworld.com/article/226128/Sony_Makes_it_Official_PlayStation_Network_Hacked.html
http://arstechnica.com/security/2015/08/ashley-madison-hack-is-not-only-real-its-worse-than-we-thought/
http://www.kongsli.net/2010/04/14/atlassian-products-hacked/
http://www.omgubuntu.co.uk/2013/07/ubuntu-forum-hacked-users-advised-to-change-passwords
http://www.zdnet.com/article/6-46-million-linkedin-passwords-leaked-online/
http://allegro.pl/asus-hd-7970-3gb-ddr5-gwar-fv-i4937839839.html
https://www.cyberguerrilla.org/a/2013/?p=13523
https://twitter.com/paweljonca/status/715895678950572032

Passwords. Do you keep them safe?


Thanks a lot.

But keep stretching!!!

Piotr Przybył
piotr@przybyl.org
piotrprz
WrocławJUG, 2017-02-01
http://ow.ly/UV2w308zcvG
qr