SlideShare une entreprise Scribd logo
1  sur  38
Télécharger pour lire hors ligne
Password (in)security
How to generate and store passwords
          in a secure way

        by Enrico “cerin0” Zimuel
About me
                                                                 1998
 Enrico “cerin0” Zimuel
 Developer since Texas Instruments TI99/4A
 Research programmer, Informatics institute of UvA (Amsterdam)
 Core team of the open source project Zend Framework
 Co-author of the books “Segreti, Spie Codici Cifrati”, “Come si fa a
usare la firma digitale”, “PHP Best Practices”
 Founder of the PHP User Group Torino
 http://www.zimuel.it
Password



   A password is a secret word or
string of characters that is used for
           authentication.
User perspective:

  How to choose a “secure” password?


   Developer perspective:
How to store a password in a secure way?
Password security



Basically every security system
    is based on password.
When security fails...
linkedin.com


    Hack: 6th June 2012
More than 6 million passwords
     was compromised
      SHA1 password
eharmony.com


     Hack: 6th June 2012
More than 1.5 million passwords
      was compromised
       SHA1 password
last.fm


  Hack: 7th June 2012
? million passwords was
      compromised
     MD5 password
yahoo.com



        Hack: 12th June 2012
 443K passwords was compromised
SQL injection, password in plaintext!
How to choose a “robust”
    user's password
Some best practices:

●
  No personal information
●
  A long pass phrase is better than a shorter
random jumble of characters
●
  At least 10 characters long
●
  Don't use the same password for everything
●
  Change your password from time to time
http://howsecureismypassword.net/
Developers



Force the user to generate
    robust password
Developers


How to store a password in a
       secure way?
Old school (deprecated)



 Use hash algorithms like
      MD5 or SHA1
New school (deprecated?)



 Use hash algorithm + salt
    (a random string).
Using hash + salt



Prevent dictionary attacks? YES
Prevent brute force attacks? NO
Brute forcing attacks


CPU power is growing (multi-core)
GPU are rendering password security
useless
Use a Cloud system (n-CPU)
Brute forcing with a GPU




             Source: www.nvidia.com
GPU and CUDA


CUDA™ is a parallel computing
platform and programming model
invented by NVIDIA
Extreme GPU Bruteforcer
    using NVIDIA GTS250 ~ $100

Algorithm           Speed              8 chars      9 chars     10 chars
md5($pass)          426 million p/s    6 days       1 year      62 years
md5($pass.$salt)    170 million p/s    14 days      2 ½ years   156 years
sha1($pass)         85 million p/s     29 days      5 years     313 years
sha1($pass.$salt)   80 million p/s     31 days      5 years     332 years


       Password of 62 characters (a-z, A-Z, 0-9)


              Source: http://www.insidepro.com/eng/egb.shtml
IGHASHGPU
              ATI HD 5970 ~ $700

Algorithm      Speed                 8 chars      9 chars   10 chars
md5($pass)     5600 million p/s      10 hours     27 days   4 ½ years
sha1($pass)    2300 million p/s      26 hours     68 days   11 ½ years




       Password of 62 characters (a-z, A-Z, 0-9)


               Source: http://www.golubev.com/hashgpu.htm
Whitepixel
4 Dual HD 5970
~ $2800



Algorithm     Speed                 8 chars      9 chars  10 chars
md5($pass)    33 billion p/s        1 ½ hour     4 ½ days 294 days




       Password of 62 characters (a-z, A-Z, 0-9)
                Source: http://blog.zorinaq.com/?e=42
Secure algorithms for
         password storing


●Hash + salt + stretching (i.e. PBKDF2)
● bcrypt
● scrypt
Hash + salt + stretching


●   Stretching = iterate (hash + salt) n-times

key = ““
for 1 to n­times do
  key = hash(key + password + salt)
How to estimate the
           number of iterations?
●The number of iterations depends on the CPU
speed, should take around 1 sec to be considered
secure

●   For instance, this PHP code:
   <?php
   $key='';
   for ($i=0;$i<NUM_ITERATIONS;$i++) {
    $key= hash('sha512',$key.$salt.$password);
   }

runs in 900 ms with NUM_ITERATIONS= 40'000 using
an Intel Core 2 at 2.1Ghz
PBKDF2

● PBKDF2 (Password-Based Key Derivation Function 2)
is a key derivation function that is part of RSA
Laboratories' Public-Key Cryptography Standards
(PKCS) series, specifically PKCS #5 v2.0
● PBKDF2 applies a pseudorandom function, such as a
cryptographic hash, cipher, or HMAC to the input password
or passphrase along with a salt value and repeats the
process many times to produce a derived key, which can
then be used as a cryptographic key in subsequent
operations
PBKDF2 in PHP
PBKDF2 in PHP (Zend Framework 2.0)
function calc($hash, $password, $salt, $iterations, $length) {
    $num = ceil($length / Hmac::getOutputSize($hash, 
                                             Hmac::OUTPUT_BINARY));
    $result = '';
    for ($block = 1; $block <= $num; $block++) {
       $hmac = Hmac::compute($password, $hash, $salt . pack('N', 
                  $block), Hmac::OUTPUT_BINARY);
       $mix = $hmac;
       for ($i = 1; $i < $iterations; $i++) {
           $hmac = Hmac::compute($password, $hash, $hmac, 
                                 Hmac::OUTPUT_BINARY);
           $mix ^= $hmac;
       }
       $result .= $mix;
    }
    return substr($result, 0, $length);
}
bcrypt

●   http://bcrypt.sourceforge.net/

●   bcrypt uses Blowfish cipher + iterations to generate
secure hash values

● bcrypt is secure against brute force or dictionary
attacks because is slow, very slow (that means attacks
need huge amount of time to be completed)
bcrypt parameters
●The algorithm needs a salt value and a work factor
parameter (cost), which allows you to determine
how expensive the bcrypt function will be

●The cost value depends on the CPU speed, check
on your system! I suggest to set at least 1 second.
bcrypt in PHP
●
    bcrypt is implemented in PHP with the crypt()
    function:
 $salt = substr(str_replace('+', '.',
                base64_encode($salt)), 0, 22);
 $hash = crypt($password,'$2a$'.$cost.'$'.$salt);

●
    For instance, $password= 'thisIsTheSecretPassword' and
    $salt= 'hsjYeg/bxn()%3jdhsGHq0'
     
    aHNqWWVnL2J4bigpJTNqZGhzR0hxMA==$a9c810e9c722af719adabcf50d
    b8a0b4cd0d14e07eddbb43e5f47bde620a3c13

    Green= salt, Red= encrypted password
scrypt
●
    http://www.tarsnap.com/scrypt.html

●
    scrypt is a sequential memory hard algorithm:
     ●
       memory-hard functions require high memory
     ●
       cannot be parallelized efficiently

●
    scrypt uses PBKDF2, HMAC-SHA256, Salsa 20/8 core
scrypt security
“From a test executed on modern (2009) hardware,
if 5 seconds are spent computing a derived key, the
cost of a hardware brute-force attack against scrypt
is roughly 4000 times greater than the cost of a
similar attack against bcrypt (to find the same
password), and 20000 times greater than a similar
attack against Pbkdf2."
                                    Colin Percival
                      (the author of scrypt algorithm)
Conclusion
●
    As user:

Use only “robust” password (e.g. long pass phrase is
better than a shorter random jumble of characters)
Don't use the same password for different services

●
    As developer:

Don't use hash or hash+salt to store a password!
Use hash+salt+stretching (PBKDF2), bcrypt or scrypt
to store your passwords
References
●
    Colin Percival, Stronger Key Derivation via Sequential
    Memory-Hard Functions, presented at BSDCan'09, May 2009
●
    Morris, Robert, Thompson, Ken, Password Security: A Case
    History, Bell Laboratories, 2011
●
    Coda Hale, How to safely store a password, 2010
    http://codahale.com/how-to-safely-store-a-password/
●
    J. Kelsey, B. Schneier, C. Hall, and D. Wagner, Secure
    Applications of Low-Entropy Keys, nformation Security
    Workshop (ISW'97), 1997
●
    Marc Bevand, Whitepixel breaks 28.6 billion password/sec
    http://blog.zorinaq.com/?e=42
●
    Andrew Zonenberg, Distributed Hash Cracker: A Cross-
    Platform GPU-Accelerated Password Recovery System, 2009
Thanks!

  Contacts:
enrico@zimuel.it
   @ezimuel

Contenu connexe

Tendances

Tendances (20)

Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
Passwords presentation
Passwords presentationPasswords presentation
Passwords presentation
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Cyber Security in Society
Cyber Security in SocietyCyber Security in Society
Cyber Security in Society
 
Cyber Security & Hygine
Cyber Security & HygineCyber Security & Hygine
Cyber Security & Hygine
 
cyber security
cyber securitycyber security
cyber security
 
Cyber security
Cyber securityCyber security
Cyber security
 
HACKING
HACKINGHACKING
HACKING
 
Types of Hacker
 Types of Hacker Types of Hacker
Types of Hacker
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentation
 
Social engineering
Social engineering Social engineering
Social engineering
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For Mankind
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
Network security
Network securityNetwork security
Network security
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 

En vedette

Presentatie: "Strategische Informatiebeveiliging"
Presentatie: "Strategische Informatiebeveiliging"Presentatie: "Strategische Informatiebeveiliging"
Presentatie: "Strategische Informatiebeveiliging"
cpi_news
 
Leveranciersbijeenkomst informatievoorziening sociaaldomein
Leveranciersbijeenkomst informatievoorziening sociaaldomeinLeveranciersbijeenkomst informatievoorziening sociaaldomein
Leveranciersbijeenkomst informatievoorziening sociaaldomein
KING
 
Leveranciersbijeenkomst programma van eisen
Leveranciersbijeenkomst programma van eisenLeveranciersbijeenkomst programma van eisen
Leveranciersbijeenkomst programma van eisen
KING
 
Workinprogress - Informatieveiligheid voor uw gemeente
Workinprogress - Informatieveiligheid voor uw gemeenteWorkinprogress - Informatieveiligheid voor uw gemeente
Workinprogress - Informatieveiligheid voor uw gemeente
KING
 
Workin progress2015 gemeentebrede_informatiebeveiliging
Workin progress2015 gemeentebrede_informatiebeveiligingWorkin progress2015 gemeentebrede_informatiebeveiliging
Workin progress2015 gemeentebrede_informatiebeveiliging
KING
 

En vedette (10)

Presentatie: "Strategische Informatiebeveiliging"
Presentatie: "Strategische Informatiebeveiliging"Presentatie: "Strategische Informatiebeveiliging"
Presentatie: "Strategische Informatiebeveiliging"
 
Presentaties seminar sleutel tot succes
Presentaties   seminar sleutel tot succesPresentaties   seminar sleutel tot succes
Presentaties seminar sleutel tot succes
 
Leveranciersbijeenkomst informatievoorziening sociaaldomein
Leveranciersbijeenkomst informatievoorziening sociaaldomeinLeveranciersbijeenkomst informatievoorziening sociaaldomein
Leveranciersbijeenkomst informatievoorziening sociaaldomein
 
LRQA Congres 2014: 15 mei 15:45 - 16:10 Praktijkcase: informatiebeveiliging i...
LRQA Congres 2014: 15 mei 15:45 - 16:10 Praktijkcase: informatiebeveiliging i...LRQA Congres 2014: 15 mei 15:45 - 16:10 Praktijkcase: informatiebeveiliging i...
LRQA Congres 2014: 15 mei 15:45 - 16:10 Praktijkcase: informatiebeveiliging i...
 
Photography
PhotographyPhotography
Photography
 
Leveranciersbijeenkomst programma van eisen
Leveranciersbijeenkomst programma van eisenLeveranciersbijeenkomst programma van eisen
Leveranciersbijeenkomst programma van eisen
 
Workinprogress - Informatieveiligheid voor uw gemeente
Workinprogress - Informatieveiligheid voor uw gemeenteWorkinprogress - Informatieveiligheid voor uw gemeente
Workinprogress - Informatieveiligheid voor uw gemeente
 
Persoonlijke Leeromgevingen
Persoonlijke LeeromgevingenPersoonlijke Leeromgevingen
Persoonlijke Leeromgevingen
 
CLP workshop 2 - Controleren van leveranciers
CLP workshop 2 - Controleren van leveranciersCLP workshop 2 - Controleren van leveranciers
CLP workshop 2 - Controleren van leveranciers
 
Workin progress2015 gemeentebrede_informatiebeveiliging
Workin progress2015 gemeentebrede_informatiebeveiligingWorkin progress2015 gemeentebrede_informatiebeveiliging
Workin progress2015 gemeentebrede_informatiebeveiliging
 

Similaire à Password (in)security

Passwords good badugly181212-2
Passwords good badugly181212-2Passwords good badugly181212-2
Passwords good badugly181212-2
Iftach Ian Amit
 
Techniques for password hashing and cracking
Techniques for password hashing and crackingTechniques for password hashing and cracking
Techniques for password hashing and cracking
Nipun Joshi
 
Eight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsEight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programs
Aleksandr Yampolskiy
 
Reutov, yunusov, nagibin random numbers take ii
Reutov, yunusov, nagibin   random numbers take iiReutov, yunusov, nagibin   random numbers take ii
Reutov, yunusov, nagibin random numbers take ii
DefconRussia
 

Similaire à Password (in)security (20)

Cryptography with Zend Framework
Cryptography with Zend FrameworkCryptography with Zend Framework
Cryptography with Zend Framework
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
 
Django cryptography
Django cryptographyDjango cryptography
Django cryptography
 
Cryptography in PHP: Some Use Cases
Cryptography in PHP: Some Use CasesCryptography in PHP: Some Use Cases
Cryptography in PHP: Some Use Cases
 
Strong cryptography in PHP
Strong cryptography in PHPStrong cryptography in PHP
Strong cryptography in PHP
 
Passwords good badugly181212-2
Passwords good badugly181212-2Passwords good badugly181212-2
Passwords good badugly181212-2
 
Password Storage and Attacking in PHP
Password Storage and Attacking in PHPPassword Storage and Attacking in PHP
Password Storage and Attacking in PHP
 
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
 
Techniques for password hashing and cracking
Techniques for password hashing and crackingTechniques for password hashing and cracking
Techniques for password hashing and cracking
 
Eight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsEight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programs
 
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
 
Using Cryptography Properly in Applications
Using Cryptography Properly in ApplicationsUsing Cryptography Properly in Applications
Using Cryptography Properly in Applications
 
Password Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP ArgentinaPassword Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP Argentina
 
Api Design
Api DesignApi Design
Api Design
 
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...How to Use Cryptography Properly: The Common Mistakes People Make When Using ...
How to Use Cryptography Properly: The Common Mistakes People Make When Using ...
 
Improving password-based authentication
Improving password-based authenticationImproving password-based authentication
Improving password-based authentication
 
How-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords  while drinking your  juice/smoozie in the HoodHow-to crack 43kk passwords  while drinking your  juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the Hood
 
How does cryptography work? by Jeroen Ooms
How does cryptography work?  by Jeroen OomsHow does cryptography work?  by Jeroen Ooms
How does cryptography work? by Jeroen Ooms
 
Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2
 
Reutov, yunusov, nagibin random numbers take ii
Reutov, yunusov, nagibin   random numbers take iiReutov, yunusov, nagibin   random numbers take ii
Reutov, yunusov, nagibin random numbers take ii
 

Plus de Enrico Zimuel

Plus de Enrico Zimuel (20)

Integrare Zend Framework in Wordpress
Integrare Zend Framework in WordpressIntegrare Zend Framework in Wordpress
Integrare Zend Framework in Wordpress
 
Quick start on Zend Framework 2
Quick start on Zend Framework 2Quick start on Zend Framework 2
Quick start on Zend Framework 2
 
Introduzione alla Posta Elettronica Certificata (PEC): le regole tecniche
Introduzione alla Posta Elettronica Certificata (PEC): le regole tecnicheIntroduzione alla Posta Elettronica Certificata (PEC): le regole tecniche
Introduzione alla Posta Elettronica Certificata (PEC): le regole tecniche
 
A quick start on Zend Framework 2
A quick start on Zend Framework 2A quick start on Zend Framework 2
A quick start on Zend Framework 2
 
Zend Framework 2 quick start
Zend Framework 2 quick startZend Framework 2 quick start
Zend Framework 2 quick start
 
PHP goes mobile
PHP goes mobilePHP goes mobile
PHP goes mobile
 
Zend Framework 2
Zend Framework 2Zend Framework 2
Zend Framework 2
 
Cryptography in PHP: use cases
Cryptography in PHP: use casesCryptography in PHP: use cases
Cryptography in PHP: use cases
 
Manage cloud infrastructures in PHP using Zend Framework 2 (and 1)
Manage cloud infrastructures in PHP using Zend Framework 2 (and 1)Manage cloud infrastructures in PHP using Zend Framework 2 (and 1)
Manage cloud infrastructures in PHP using Zend Framework 2 (and 1)
 
Manage cloud infrastructures using Zend Framework 2 (and ZF1)
Manage cloud infrastructures using Zend Framework 2 (and ZF1)Manage cloud infrastructures using Zend Framework 2 (and ZF1)
Manage cloud infrastructures using Zend Framework 2 (and ZF1)
 
Framework software e Zend Framework
Framework software e Zend FrameworkFramework software e Zend Framework
Framework software e Zend Framework
 
How to scale PHP applications
How to scale PHP applicationsHow to scale PHP applications
How to scale PHP applications
 
Velocizzare Joomla! con Zend Server Community Edition
Velocizzare Joomla! con Zend Server Community EditionVelocizzare Joomla! con Zend Server Community Edition
Velocizzare Joomla! con Zend Server Community Edition
 
Zend_Cache: how to improve the performance of PHP applications
Zend_Cache: how to improve the performance of PHP applicationsZend_Cache: how to improve the performance of PHP applications
Zend_Cache: how to improve the performance of PHP applications
 
XCheck a benchmark checker for XML query processors
XCheck a benchmark checker for XML query processorsXCheck a benchmark checker for XML query processors
XCheck a benchmark checker for XML query processors
 
Introduzione alle tabelle hash
Introduzione alle tabelle hashIntroduzione alle tabelle hash
Introduzione alle tabelle hash
 
Crittografia quantistica: fantascienza o realtà?
Crittografia quantistica: fantascienza o realtà?Crittografia quantistica: fantascienza o realtà?
Crittografia quantistica: fantascienza o realtà?
 
Introduzione alla crittografia
Introduzione alla crittografiaIntroduzione alla crittografia
Introduzione alla crittografia
 
Crittografia è sinonimo di sicurezza?
Crittografia è sinonimo di sicurezza?Crittografia è sinonimo di sicurezza?
Crittografia è sinonimo di sicurezza?
 
Sviluppo di applicazioni sicure
Sviluppo di applicazioni sicureSviluppo di applicazioni sicure
Sviluppo di applicazioni sicure
 

Dernier

the Husband rolesBrown Aesthetic Cute Group Project Presentation
the Husband rolesBrown Aesthetic Cute Group Project Presentationthe Husband rolesBrown Aesthetic Cute Group Project Presentation
the Husband rolesBrown Aesthetic Cute Group Project Presentation
brynpueblos04
 
call Now 9811711561 Cash Payment乂 Call Girls in Dwarka Mor
call Now 9811711561 Cash Payment乂 Call Girls in Dwarka Morcall Now 9811711561 Cash Payment乂 Call Girls in Dwarka Mor
call Now 9811711561 Cash Payment乂 Call Girls in Dwarka Mor
vikas rana
 
KLINIK BATA Jual obat penggugur kandungan 087776558899 ABORSI JANIN KEHAMILAN...
KLINIK BATA Jual obat penggugur kandungan 087776558899 ABORSI JANIN KEHAMILAN...KLINIK BATA Jual obat penggugur kandungan 087776558899 ABORSI JANIN KEHAMILAN...
KLINIK BATA Jual obat penggugur kandungan 087776558899 ABORSI JANIN KEHAMILAN...
Cara Menggugurkan Kandungan 087776558899
 

Dernier (14)

2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Palam (Delhi)
 
2k Shots ≽ 9205541914 ≼ Call Girls In Jasola (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Jasola (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Jasola (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Jasola (Delhi)
 
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...
$ Love Spells^ 💎 (310) 882-6330 in West Virginia, WV | Psychic Reading Best B...
 
WOMEN EMPOWERMENT women empowerment.pptx
WOMEN EMPOWERMENT women empowerment.pptxWOMEN EMPOWERMENT women empowerment.pptx
WOMEN EMPOWERMENT women empowerment.pptx
 
2k Shots ≽ 9205541914 ≼ Call Girls In Mukherjee Nagar (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Mukherjee Nagar (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Mukherjee Nagar (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Mukherjee Nagar (Delhi)
 
(Anamika) VIP Call Girls Navi Mumbai Call Now 8250077686 Navi Mumbai Escorts ...
(Anamika) VIP Call Girls Navi Mumbai Call Now 8250077686 Navi Mumbai Escorts ...(Anamika) VIP Call Girls Navi Mumbai Call Now 8250077686 Navi Mumbai Escorts ...
(Anamika) VIP Call Girls Navi Mumbai Call Now 8250077686 Navi Mumbai Escorts ...
 
the Husband rolesBrown Aesthetic Cute Group Project Presentation
the Husband rolesBrown Aesthetic Cute Group Project Presentationthe Husband rolesBrown Aesthetic Cute Group Project Presentation
the Husband rolesBrown Aesthetic Cute Group Project Presentation
 
call Now 9811711561 Cash Payment乂 Call Girls in Dwarka Mor
call Now 9811711561 Cash Payment乂 Call Girls in Dwarka Morcall Now 9811711561 Cash Payment乂 Call Girls in Dwarka Mor
call Now 9811711561 Cash Payment乂 Call Girls in Dwarka Mor
 
Pokemon Go... Unraveling the Conspiracy Theory
Pokemon Go... Unraveling the Conspiracy TheoryPokemon Go... Unraveling the Conspiracy Theory
Pokemon Go... Unraveling the Conspiracy Theory
 
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated  Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated  Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Tingre Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
2k Shots ≽ 9205541914 ≼ Call Girls In Dashrath Puri (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Dashrath Puri (Delhi)2k Shots ≽ 9205541914 ≼ Call Girls In Dashrath Puri (Delhi)
2k Shots ≽ 9205541914 ≼ Call Girls In Dashrath Puri (Delhi)
 
(Aarini) Russian Call Girls Surat Call Now 8250077686 Surat Escorts 24x7
(Aarini) Russian Call Girls Surat Call Now 8250077686 Surat Escorts 24x7(Aarini) Russian Call Girls Surat Call Now 8250077686 Surat Escorts 24x7
(Aarini) Russian Call Girls Surat Call Now 8250077686 Surat Escorts 24x7
 
LC_YouSaidYes_NewBelieverBookletDone.pdf
LC_YouSaidYes_NewBelieverBookletDone.pdfLC_YouSaidYes_NewBelieverBookletDone.pdf
LC_YouSaidYes_NewBelieverBookletDone.pdf
 
KLINIK BATA Jual obat penggugur kandungan 087776558899 ABORSI JANIN KEHAMILAN...
KLINIK BATA Jual obat penggugur kandungan 087776558899 ABORSI JANIN KEHAMILAN...KLINIK BATA Jual obat penggugur kandungan 087776558899 ABORSI JANIN KEHAMILAN...
KLINIK BATA Jual obat penggugur kandungan 087776558899 ABORSI JANIN KEHAMILAN...
 

Password (in)security

  • 1. Password (in)security How to generate and store passwords in a secure way by Enrico “cerin0” Zimuel
  • 2. About me 1998 Enrico “cerin0” Zimuel Developer since Texas Instruments TI99/4A Research programmer, Informatics institute of UvA (Amsterdam) Core team of the open source project Zend Framework Co-author of the books “Segreti, Spie Codici Cifrati”, “Come si fa a usare la firma digitale”, “PHP Best Practices” Founder of the PHP User Group Torino http://www.zimuel.it
  • 3. Password A password is a secret word or string of characters that is used for authentication.
  • 4. User perspective: How to choose a “secure” password? Developer perspective: How to store a password in a secure way?
  • 5. Password security Basically every security system is based on password.
  • 7. linkedin.com Hack: 6th June 2012 More than 6 million passwords was compromised SHA1 password
  • 8. eharmony.com Hack: 6th June 2012 More than 1.5 million passwords was compromised SHA1 password
  • 9. last.fm Hack: 7th June 2012 ? million passwords was compromised MD5 password
  • 10. yahoo.com Hack: 12th June 2012 443K passwords was compromised SQL injection, password in plaintext!
  • 11. How to choose a “robust” user's password
  • 12.
  • 13. Some best practices: ● No personal information ● A long pass phrase is better than a shorter random jumble of characters ● At least 10 characters long ● Don't use the same password for everything ● Change your password from time to time
  • 15. Developers Force the user to generate robust password
  • 16. Developers How to store a password in a secure way?
  • 17. Old school (deprecated) Use hash algorithms like MD5 or SHA1
  • 18. New school (deprecated?) Use hash algorithm + salt (a random string).
  • 19. Using hash + salt Prevent dictionary attacks? YES Prevent brute force attacks? NO
  • 20. Brute forcing attacks CPU power is growing (multi-core) GPU are rendering password security useless Use a Cloud system (n-CPU)
  • 21. Brute forcing with a GPU Source: www.nvidia.com
  • 22. GPU and CUDA CUDA™ is a parallel computing platform and programming model invented by NVIDIA
  • 23. Extreme GPU Bruteforcer using NVIDIA GTS250 ~ $100 Algorithm Speed 8 chars 9 chars 10 chars md5($pass) 426 million p/s 6 days 1 year 62 years md5($pass.$salt) 170 million p/s 14 days 2 ½ years 156 years sha1($pass) 85 million p/s 29 days 5 years 313 years sha1($pass.$salt) 80 million p/s 31 days 5 years 332 years Password of 62 characters (a-z, A-Z, 0-9) Source: http://www.insidepro.com/eng/egb.shtml
  • 24. IGHASHGPU ATI HD 5970 ~ $700 Algorithm Speed 8 chars 9 chars 10 chars md5($pass) 5600 million p/s 10 hours 27 days 4 ½ years sha1($pass) 2300 million p/s 26 hours 68 days 11 ½ years Password of 62 characters (a-z, A-Z, 0-9) Source: http://www.golubev.com/hashgpu.htm
  • 25. Whitepixel 4 Dual HD 5970 ~ $2800 Algorithm Speed 8 chars 9 chars 10 chars md5($pass) 33 billion p/s 1 ½ hour 4 ½ days 294 days Password of 62 characters (a-z, A-Z, 0-9) Source: http://blog.zorinaq.com/?e=42
  • 26. Secure algorithms for password storing ●Hash + salt + stretching (i.e. PBKDF2) ● bcrypt ● scrypt
  • 27. Hash + salt + stretching ● Stretching = iterate (hash + salt) n-times key = ““ for 1 to n­times do   key = hash(key + password + salt)
  • 28. How to estimate the number of iterations? ●The number of iterations depends on the CPU speed, should take around 1 sec to be considered secure ● For instance, this PHP code: <?php $key=''; for ($i=0;$i<NUM_ITERATIONS;$i++) {     $key= hash('sha512',$key.$salt.$password); } runs in 900 ms with NUM_ITERATIONS= 40'000 using an Intel Core 2 at 2.1Ghz
  • 29. PBKDF2 ● PBKDF2 (Password-Based Key Derivation Function 2) is a key derivation function that is part of RSA Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically PKCS #5 v2.0 ● PBKDF2 applies a pseudorandom function, such as a cryptographic hash, cipher, or HMAC to the input password or passphrase along with a salt value and repeats the process many times to produce a derived key, which can then be used as a cryptographic key in subsequent operations
  • 30. PBKDF2 in PHP PBKDF2 in PHP (Zend Framework 2.0) function calc($hash, $password, $salt, $iterations, $length) { $num = ceil($length / Hmac::getOutputSize($hash,  Hmac::OUTPUT_BINARY)); $result = ''; for ($block = 1; $block <= $num; $block++) { $hmac = Hmac::compute($password, $hash, $salt . pack('N',  $block), Hmac::OUTPUT_BINARY);     $mix = $hmac;     for ($i = 1; $i < $iterations; $i++) {     $hmac = Hmac::compute($password, $hash, $hmac,    Hmac::OUTPUT_BINARY);     $mix ^= $hmac;     }     $result .= $mix; } return substr($result, 0, $length); }
  • 31. bcrypt ● http://bcrypt.sourceforge.net/ ● bcrypt uses Blowfish cipher + iterations to generate secure hash values ● bcrypt is secure against brute force or dictionary attacks because is slow, very slow (that means attacks need huge amount of time to be completed)
  • 32. bcrypt parameters ●The algorithm needs a salt value and a work factor parameter (cost), which allows you to determine how expensive the bcrypt function will be ●The cost value depends on the CPU speed, check on your system! I suggest to set at least 1 second.
  • 33. bcrypt in PHP ● bcrypt is implemented in PHP with the crypt() function: $salt = substr(str_replace('+', '.',                 base64_encode($salt)), 0, 22);  $hash = crypt($password,'$2a$'.$cost.'$'.$salt); ● For instance, $password= 'thisIsTheSecretPassword' and $salt= 'hsjYeg/bxn()%3jdhsGHq0'   aHNqWWVnL2J4bigpJTNqZGhzR0hxMA==$a9c810e9c722af719adabcf50d b8a0b4cd0d14e07eddbb43e5f47bde620a3c13 Green= salt, Red= encrypted password
  • 34. scrypt ● http://www.tarsnap.com/scrypt.html ● scrypt is a sequential memory hard algorithm: ● memory-hard functions require high memory ● cannot be parallelized efficiently ● scrypt uses PBKDF2, HMAC-SHA256, Salsa 20/8 core
  • 35. scrypt security “From a test executed on modern (2009) hardware, if 5 seconds are spent computing a derived key, the cost of a hardware brute-force attack against scrypt is roughly 4000 times greater than the cost of a similar attack against bcrypt (to find the same password), and 20000 times greater than a similar attack against Pbkdf2." Colin Percival (the author of scrypt algorithm)
  • 36. Conclusion ● As user: Use only “robust” password (e.g. long pass phrase is better than a shorter random jumble of characters) Don't use the same password for different services ● As developer: Don't use hash or hash+salt to store a password! Use hash+salt+stretching (PBKDF2), bcrypt or scrypt to store your passwords
  • 37. References ● Colin Percival, Stronger Key Derivation via Sequential Memory-Hard Functions, presented at BSDCan'09, May 2009 ● Morris, Robert, Thompson, Ken, Password Security: A Case History, Bell Laboratories, 2011 ● Coda Hale, How to safely store a password, 2010 http://codahale.com/how-to-safely-store-a-password/ ● J. Kelsey, B. Schneier, C. Hall, and D. Wagner, Secure Applications of Low-Entropy Keys, nformation Security Workshop (ISW'97), 1997 ● Marc Bevand, Whitepixel breaks 28.6 billion password/sec http://blog.zorinaq.com/?e=42 ● Andrew Zonenberg, Distributed Hash Cracker: A Cross- Platform GPU-Accelerated Password Recovery System, 2009