Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Password (in)security, how to generate and store passwords in a secure way

Password (in)security, how to generate and store passwords in a secure way

Metro Olografix Hacker Camp 2012 talk about password security from a user and a developer perspective. How to apply a brute force attack using the power of GPUs and how is easy to attack passwords stored using MD5/SHA1 with or without a salt value. We introduced the Pbkdf2, bcrypt, and scrypt algorithms that can be used to store a user’s password with a good security level. We showed some examples of usage using the PHP scripting language.

Enrico Zimuel

August 25, 2012

More Decks by Enrico Zimuel

Other Decks in Programming


  1. Password (in)security How to generate and store passwords in a

    secure way by Enrico “cerin0” Zimuel
  2. About me Enrico “cerin0” Zimuel Developer since Texas Instruments TI99/4A

    Research programmer, Informatics institute of UvA (Amsterdam) Core team of the open source project Zend Framework Co-author of the books “Segreti, Spie Codici Cifrati”, “Come si fa a usare la firma digitale”, “PHP Best Practices” Founder of the PHP User Group Torino http://www.zimuel.it 1998
  3. Password A password is a secret word or string of

    characters that is used for authentication.
  4. Some best practices: • No personal information • A long

    pass phrase is better than a shorter random jumble of characters • At least 10 characters long • Don't use the same password for everything • Change your password from time to time
  5. Brute forcing attacks CPU power is growing (multi-core) GPU are

    rendering password security useless Use a Cloud system (n-CPU)
  6. GPU and CUDA CUDA™ is a parallel computing platform and

    programming model invented by NVIDIA
  7. Extreme GPU Bruteforcer using NVIDIA GTS250 ~ $100 Source: http://www.insidepro.com/eng/egb.shtml

    Algorithm Speed 8 chars 9 chars 10 chars md5($pass) 426 million p/s 6 days 1 year 62 years md5($pass.$salt) 170 million p/s 14 days 2 ½ years 156 years sha1($pass) 85 million p/s 29 days 5 years 313 years sha1($pass.$salt) 80 million p/s 31 days 5 years 332 years Password of 62 characters (a-z, A-Z, 0-9)
  8. IGHASHGPU ATI HD 5970 ~ $700 Source: http://www.golubev.com/hashgpu.htm Algorithm Speed

    8 chars 9 chars 10 chars md5($pass) 5600 million p/s 10 hours 27 days 4 ½ years sha1($pass) 2300 million p/s 26 hours 68 days 11 ½ years Password of 62 characters (a-z, A-Z, 0-9)
  9. Whitepixel 4 Dual HD 5970 ~ $2800 Source: http://blog.zorinaq.com/?e=42 Algorithm

    Speed 8 chars 9 chars 10 chars md5($pass) 33 billion p/s 1 ½ hour 4 ½ days 294 days Password of 62 characters (a-z, A-Z, 0-9)
  10. Secure algorithms for password storing • Hash + salt +

    stretching (i.e. PBKDF2) • bcrypt • scrypt
  11. Hash + salt + stretching • Stretching = iterate (hash

    + salt) n-times key = ““ for 1 to n­times do key = hash(key + password + salt)
  12. How to estimate the number of iterations? • The number

    of iterations depends on the CPU speed, should take around 1 sec to be considered secure • For instance, this PHP code: <?php $key=''; for ($i=0;$i<NUM_ITERATIONS;$i++) { $key= hash('sha512',$key.$salt.$password); } runs in 900 ms with NUM_ITERATIONS= 40'000 using an Intel Core 2 at 2.1Ghz
  13. PBKDF2 • PBKDF2 (Password-Based Key Derivation Function 2) is a

    key derivation function that is part of RSA Laboratories' Public-Key Cryptography Standards (PKCS) series, specifically PKCS #5 v2.0 • PBKDF2 applies a pseudorandom function, such as a cryptographic hash, cipher, or HMAC to the input password or passphrase along with a salt value and repeats the process many times to produce a derived key, which can then be used as a cryptographic key in subsequent operations
  14. PBKDF2 in PHP PBKDF2 in PHP (Zend Framework 2.0) function

    calc($hash, $password, $salt, $iterations, $length) { $num = ceil($length / Hmac::getOutputSize($hash, Hmac::OUTPUT_BINARY)); $result = ''; for ($block = 1; $block <= $num; $block++) { $hmac = Hmac::compute($password, $hash, $salt . pack('N', $block), Hmac::OUTPUT_BINARY); $mix = $hmac; for ($i = 1; $i < $iterations; $i++) { $hmac = Hmac::compute($password, $hash, $hmac, Hmac::OUTPUT_BINARY); $mix ^= $hmac; } $result .= $mix; } return substr($result, 0, $length); }
  15. bcrypt • http://bcrypt.sourceforge.net/ • bcrypt uses Blowfish cipher + iterations

    to generate secure hash values • bcrypt is secure against brute force or dictionary attacks because is slow, very slow (that means attacks need huge amount of time to be completed)
  16. bcrypt parameters • The algorithm needs a salt value and

    a work factor parameter (cost), which allows you to determine how expensive the bcrypt function will be • The cost value depends on the CPU speed, check on your system! I suggest to set at least 1 second.
  17. bcrypt in PHP • bcrypt is implemented in PHP with

    the crypt() function: $salt = substr(str_replace('+', '.', base64_encode($salt)), 0, 22); $hash = crypt($password,'$2a$'.$cost.'$'.$salt); • For instance, $password= 'thisIsTheSecretPassword' and $salt= 'hsjYeg/bxn()%3jdhsGHq0' aHNqWWVnL2J4bigpJTNqZGhzR0hxMA==$a9c810e9c722af719adabcf50d b8a0b4cd0d14e07eddbb43e5f47bde620a3c13 Green= salt, Red= encrypted password
  18. scrypt • http://www.tarsnap.com/scrypt.html • scrypt is a sequential memory hard

    algorithm: • memory-hard functions require high memory • cannot be parallelized efficiently • scrypt uses PBKDF2, HMAC-SHA256, Salsa 20/8 core
  19. scrypt security “From a test executed on modern (2009) hardware,

    if 5 seconds are spent computing a derived key, the cost of a hardware brute-force attack against scrypt is roughly 4000 times greater than the cost of a similar attack against bcrypt (to find the same password), and 20000 times greater than a similar attack against Pbkdf2." Colin Percival (the author of scrypt algorithm)
  20. Conclusion • As user: Use only “robust” password (e.g. long

    pass phrase is better than a shorter random jumble of characters) Don't use the same password for different services • As developer: Don't use hash or hash+salt to store a password! Use hash+salt+stretching (PBKDF2), bcrypt or scrypt to store your passwords
  21. References • Colin Percival, Stronger Key Derivation via Sequential Memory-Hard

    Functions, presented at BSDCan'09, May 2009 • Morris, Robert, Thompson, Ken, Password Security: A Case History, Bell Laboratories, 2011 • Coda Hale, How to safely store a password, 2010 http://codahale.com/how-to-safely-store-a-password/ • J. Kelsey, B. Schneier, C. Hall, and D. Wagner, Secure Applications of Low-Entropy Keys, nformation Security Workshop (ISW'97), 1997 • Marc Bevand, Whitepixel breaks 28.6 billion password/sec http://blog.zorinaq.com/?e=42 • Andrew Zonenberg, Distributed Hash Cracker: A Cross- Platform GPU-Accelerated Password Recovery System, 2009