Cooking with Credentials

1

View Slide

2
Hello.
Eric Mann
Director of Engineering, Vacasa

View Slide

3

View Slide

4
What is a password?
Basic authentication ﬂows
Cooking with salt
Cooking with pepper
Socially distant passwords
Further resources and study

View Slide

5
Something you know that is information kept secret from others
but which can be used to authenticate your identity to a system
requiring identity veriﬁcation and security.

View Slide

6
1
First, you identify yourself to the system. This could be by username, email address,
account ID, or some other means agreed-upon with the system.
2
Next, you have to prove you are who you say you are by conﬁrming some pre-shared,
secret detail with the system.
3
If everything lines up, you’re authenticated and logged in!

View Slide

7

View Slide

8
Lorem ipsum dolor sit amet,
consectetur adipiscing elit.
Fusce elit ex, consequat et
tincidunt non, pharetra non.

View Slide

View Slide

10

View Slide

11
To prevent rainbow table lookup attacks, it’s best to add a unique, random salt to each password
during hashing. This dramatically slows brute force attacks and further protects your users.

View Slide

12
$hash = password_hash(/** ... **/, PASSWORD_DEFAULT);
/** ... **/
if (password_verify(/** ... **/, $hash) {
// ...
}

View Slide

13

View Slide

14
Even with salting, you still send the plaintext of a password over the wire to the server. If the
server is misconﬁgured or too chatty in the logs, this plaintext could be inadvertently leaked.
const pepper = new TextEncoder().encode('...');
async function getKeyMaterial(password) {
let encoder = new TextEncoder();
return window.crypto.subtle.importKey(
'raw',
encoder.encode(password),
'PBKDF2',
false,
['deriveBits']
);
}

View Slide

15
async function pepperPassword(password) {
let keyMaterial = await getKeyMaterial(password);
let keyBuffer = await window.crypto.subtle.deriveBits(
{
'name': 'PBKDF2',
'salt': pepper,
'iterations': 100000,
'hash': 'SHA-256'
},
keyMaterial,
256
);
let keyArray = Array.from(new Uint8Array(keyBuffer));
return keyArray.map(b => b.toString(16).padStart(2, '0')).join('');
}

View Slide

16
peppered = await pepperPassword('...');

View Slide

17

View Slide

18

View Slide

19
$salt = random_bytes(SODIUM_CRYPTO_PWHASH_SALTBYTES);
$seed = sodium_crypto_pwhash(/* ... */);
$keypair = sodium_crypto_kx_seed_keypair($seed);
$public_key = sodium_crypto_kx_publickey($keypair);
// POST this data to the server to register
$registration = [
'identifier' => $email,
'salt' => sodium_bin2hex($salt),
'public_key' => sodium_bin2hex($public_key)
];

View Slide

20
$user = get_user_from_database($email);
$keypair = sodium_crypto_kx_keypair();
$public_key = sodium_crypto_kx_publickey($keypair);
$keys = sodium_crypto_kx_server_session_keys($keypair, $user->key);
$client_secret = $keys[1];
$server_secret = $keys[0];
$message = random_bytes(32);
$hash = sodium_crypto_generichash($message, $server_secret);
$proof = sodium_bin2hex($message . $hash);

View Slide

21
$keys = sodium_crypto_kx_server_session_keys($keypair, $server_key);
$server_proof = sodium_hex2bin($server_proof);
$message = substr($server_proof, 0, 32);
$hash = substr($server_proof, 32);
if (!hash_equals(
sodium_crypto_generichash($message, $server_secret), $hash
)) {
exit;
}

View Slide

22
$keys = sodium_crypto_kx_server_session_keys($keypair, $server_key);
/* ... */
$message = random_bytes(32);
$hash = sodium_crypto_generichash($message, $client_secret);
$proof = sodium_bin2hex($message . $hash);

View Slide

23
$client_proof = sodium_hex2bin($proof);
$message = substr($client_proof, 0, 32);
$hash = substr($client_proof, 32);
if (!hash_equals(
sodium_crypto_generichash($message, $client_secret), $hash
)) {
exit;
}
// Store the user's email in a session for subsequent requests
$_SESSION['identifier'] = $email;

View Slide

Cooking with Credentials

Cooking with Credentials

Eric Mann

More Decks by Eric Mann

Other Decks in Technology

Featured

Transcript