This document discusses the illusion of protection from encrypting files and transmitting passwords. It argues that large organizations are high-profile targets, and personal and business information is at risk from well-funded enemies and skilled hackers. Password generation is challenging, and rules intended to strengthen passwords may actually reduce security by limiting possibilities. The document advocates random passwords or password generation services as more secure options. It also outlines how passphrase-based encryption of documents works at a high level.
1. The Illusion of protection
(commentary on passing encrypted
data via files)
2. Anywhere in US = high profile target
Large Organizations have a large target profile
Example: With 50,000 users, SOMEONE is going to
have the password: *1Passw0rD*
Access to home machines gives access to work
most of the time
Personal AND business information at risk
3. Well-funded enemies of the state
International Criminal Organizations
State-sponsored enemies
Hackers with almost unlimited free time
Anonymous / Lulz Sec
Logistics for all
Corporate Resourcing for Hire
Cloud Services – AWS, Google Cloud, etc.
Each generation has a knowledgebase upon which to build
Our children have access to more knowledge than ever before in
history
Distribution channels for new attacks
Internet – fastest distribution methodology history has known
4. Generating a random password is harder than it looks
Randomness does not occur naturally in language
(English language entropy [sensible language] – 1.5 bits/character)
Password generation algorithms are patterns
Pick a word/phrase and mix it up
n0tY0urP@ssw0rd - Letme!n123 - P@tri0tsRule!!
Mash the keyboard in a pattern
1234!@#$qwerQWER - 12qw!@QW
Password Complexity Rules just limits the usable algorithms
E.g. cat*town_horse_buddy;itself”computer-
drapes%query_limits^yuletide@notices
Strong passwords don’t always meet complexity rules (no caps, no numbers!)
Rules and patterns severely limit search space
Hackers don’t have to test millions of passwords that don’t meet the
complexity criteria
True randomness doesn’t have rules
Rules give hackers too much information about the password
5. Secure password transmission
Recommendation #1 – Users should transmit passwords over alternate medium
Assumption is that if someone can get the document, they can also get the email.
The level of risk already inherent in the transmission
Passwords should not be written down, even in emails
Key changes should be done with all personnel changes (minimum)
Encoding passwords to be easy to remember
Train users to get random!
Five RANDOM common words (tomboy, skateboard, caterpillar, the, mouse)
Estimated 55 bits of entropy based on a working vocabulary of 2048 words
Add entropy with personal rules of insertion/capitalization and numbers/symbols
Compare to ideal AES-128 key = 128 bits of entropy (2^73 x LESS entropy!)
Compare to AES-256 key = 256 bits of entropy (2^201 x LESS entropy!)
Technical Controls
Ensuring adequate salt (randomness) for AES key
Change salt length to match length of encryption key (32 bytes/256 bits)
Forced password complexity (? – better than nothing – but good enough - ?)
Enforcing simple rules can actually REDUCE available entropy
Improving password complexity rules to force more entropy
6. Assigning passwords (give entropy to users)
Because humans aren’t random – password
generation should be ‘more’ random
Password Generation as a Service
Secure Data Exchange Gateways
Encrypted IM
Encrypted email
7. How encryption is implemented with passphrase-based software
SECRET INFO
Passphrase
Random
Number PBKDF2 AES-128
Generator
Salt AES Key Encrypted
INFO
Compress
& Package
(ZIP)
Encrypted Doc
[and that’s a simplified version of the flow-chart]
8. Almost everyone in IT knows AES!
Encryption algorithm
Current standard (Rijndael)
Advancement from DES/Triple-DES
Securing document is not just encryption
Encryption needs keys
Keys require handling / (Key Management)
Key management requires a chains of trust
Secure generating and trading of random keys is HARD
Few have heard of PBKDF2
Used to ‘passphrase’-protected documents
(pseudo-random keys from simple passphrases)
Creates AES encryption keys from Passphrases
One-way algorithm (like a blender)
Having the output you can’t get the input
Flexible control
# of cycles directly related to time to compute results
Added entropy salted in by user (take the pseudo- out of pseudo-random with
entropy)
9. gr@pe_Pudd1ng SECRET INFO
random
AES
combo
one-way hash
101010101010101101011100
001010111011011010000111
101011010100110101001010
AES – pick-proof, complex
Salt added to recipe ensures
randomness for AES key
Email 2
Email 1
Entropy comes from recipe complexity.
A passphrase is created with a recipe that describes it. Salt and locked safe delivered to recipient
10. Control of this is possible only with
Email 2
ONLINE system controls – not
offline documents and files
29 million tries
per hour
? If attacker has
access to emails
already, trying
every OTHER
Attacker has access to Salt so email in the
random entropy of AES key does mailbox will be
not interfere with trials quick and easy!
Highly-automated Blender ($329)
29,064,960 recipes/hour
(yes, 29 MILLION!)
The complexity of the recipe and number of potential ingredients is the only thing preventing them from
duplicating the secret formula to recreate the AES key. Note the attacker does not directly brute force AES keys!
With online password systems, we can control speed of attacks with login controls such as timeouts and lockout.
11. 100000 Vocabulary 1 100000 100,000 phrases
1 Capital letter 1 1
32 typewriter symbol 1 32
10 number 1 10
4 number/cap/sym position 3 64
Attacker can choose capital speed/cost 32 GPUs @$250 ea $ 10,528.00
Attacker capital resources Total $ 15,328.00
2,048,000,000 2.20 hours
0.09 days
Amazon GPU Cloud* $ 81.03 16 AWS GPU instances
With cloud computing - attacker no longer worries about capital costs!
*Amazon GPUs not this fast (yet) -erring on side of caution
Worksheet simulation to examine how password rules/complexity affect attacker cost
Based on attack against MS Word 2010 PBKDF2 algorithm of 100,000 cycles –
Assumption based on using an ATI Radeon HD 5970 – Online price $329
--- (published attack speed of 20,184 passes/sec with COTS package)