Slide 1

Slide 1 text

Cracking JWT tokens Cracking JWT tokens a tale of a tale of magic magic, , Node.js Node.js and and parallel computing parallel computing London - 11 JUL 2018 Luciano Mammino ( Luciano Mammino ( ) ) @loige @loige loige.link/jwt-crack-london 1

Slide 2

Slide 2 text

loige.link/jwt-crack-london @loige 2

Slide 3

Slide 3 text

Luciano... who? Luciano... who? Visit my castles: - (@loige) - (lmammino) - - (loige.co) Twitter GitHub Linkedin Blog Solution Architect at with @mariocasciaro with @andreaman87 with @ Podgeypoos79 3

Slide 4

Slide 4 text

Based on prior work Based on prior work Chapters 10 & 11 in (book) 2-parts article on RisingStack: " " Node.js design patterns ZeroMQ & Node.js Tutorial - Cracking JWT Tokens github.com/lmammino/jwt-cracker github.com/lmammino/distributed-jwt-cracker @loige 4

Slide 5

Slide 5 text

Agenda Agenda What's JWT What's JWT How it works How it works Testing JWT tokens Testing JWT tokens Brute-forcing a token! Brute-forcing a token! @loige 5

Slide 6

Slide 6 text

— RFC 7519 — RFC 7519 is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted. JSON Web Token (JWT) JSON Web Token (JWT) @loige 6

Slide 7

Slide 7 text

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZX eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZX NzYWdlIjoiaGVsbG8gcGVvcGxlIn0.II7XQbjvDC NzYWdlIjoiaGVsbG8gcGVvcGxlIn0.II7XQbjvDC Hkt3UOh6weHY6tRcemT0gxRVmA6W6uZ8A Hkt3UOh6weHY6tRcemT0gxRVmA6W6uZ8A @loige 7

Slide 8

Slide 8 text

OK OK Let's try to make it Let's try to make it simpler... simpler... @loige 8

Slide 9

Slide 9 text

JWT is... An URL safe, stateless protocol for transferring claims @loige 9

Slide 10

Slide 10 text

@loige 10

Slide 11

Slide 11 text

URL safe? @loige 10

Slide 12

Slide 12 text

URL safe? stateless? @loige 10

Slide 13

Slide 13 text

URL safe? stateless? claims? @loige 10

Slide 14

Slide 14 text

URL Safe... URL Safe... It's a string that can be safely used as part of a URL It's a string that can be safely used as part of a URL (it doesn't contain URL separators like " (it doesn't contain URL separators like "= =", " ", "/ /", " ", "# #" or " " or "? ?") ") unicorntube.pl/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... @loige 11

Slide 15

Slide 15 text

Stateless? Stateless? Token validity can be verified without having to interrogate a Token validity can be verified without having to interrogate a third-party service third-party service (Sometimes also defined as "self-contained") @loige 12

Slide 16

Slide 16 text

What is a claim? What is a claim? @loige 13

Slide 17

Slide 17 text

some information to transfer some information to transfer identity identity (login session) (login session) authorisation to perform actions authorisation to perform actions (api key) (api key) ownership ownership (a ticket belongs to somebody) (a ticket belongs to somebody) @loige 14

Slide 18

Slide 18 text

also... also... validity constraints validity constraints token time constraints token time constraints (dont' use before/after) (dont' use before/after) audience audience (a ticket only for a specific concert) (a ticket only for a specific concert) issuer identity issuer identity (a ticket issued by a specific reseller) (a ticket issued by a specific reseller) @loige 15

Slide 19

Slide 19 text

also... also... protocol information protocol information Type of token Type of token Algorithm Algorithm @loige 16

Slide 20

Slide 20 text

In general In general All the bits of information transferred with the token All the bits of information transferred with the token @loige 17

Slide 21

Slide 21 text

Slide 22

Slide 22 text

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9. .eyJtZX eyJtZX NzYWdlIjoiaGVsbG8gcGVvcGxlIn0 NzYWdlIjoiaGVsbG8gcGVvcGxlIn0. .II7XQbjvDC II7XQbjvDC Hkt3UOh6weHY6tRcemT0gxRVmA6W6uZ8A Hkt3UOh6weHY6tRcemT0gxRVmA6W6uZ8A 3 parts 3 parts separated by "." separated by "." @loige 19

Slide 23

Slide 23 text

@loige 20

Slide 24

Slide 24 text

HEADER HEADER: : eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp XVCJ9 XVCJ9 @loige 20

Slide 25

Slide 25 text

HEADER HEADER: : eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp XVCJ9 XVCJ9 PAYLOAD PAYLOAD: : eyJtZXNzYWdlIjoiaGVsbG8gcGVvc eyJtZXNzYWdlIjoiaGVsbG8gcGVvc GxlIn0 GxlIn0 @loige 20

Slide 26

Slide 26 text

HEADER HEADER: : eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp XVCJ9 XVCJ9 PAYLOAD PAYLOAD: : eyJtZXNzYWdlIjoiaGVsbG8gcGVvc eyJtZXNzYWdlIjoiaGVsbG8gcGVvc GxlIn0 GxlIn0 SIGNATURE SIGNATURE: : II7XQbjvDCHkt3UOh6weHY6tRcem II7XQbjvDCHkt3UOh6weHY6tRcem T0gxRVmA6W6uZ8A T0gxRVmA6W6uZ8A @loige 20

Slide 27

Slide 27 text

Header Header and and Payload Payload are are encoded encoded let's decode them! let's decode them! Base64Url Base64Url @loige 21

Slide 28

Slide 28 text

@loige 22

Slide 29

Slide 29 text

HEADER HEADER: : @loige 22

Slide 30

Slide 30 text

HEADER HEADER: : eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 @loige 22

Slide 31

Slide 31 text

HEADER HEADER: : {"alg":"HS256","typ":"JWT"} {"alg":"HS256","typ":"JWT"} @loige 22

Slide 32

Slide 32 text

HEADER HEADER: : PAYLOAD PAYLOAD: : {"alg":"HS256","typ":"JWT"} {"alg":"HS256","typ":"JWT"} @loige 22

Slide 33

Slide 33 text

HEADER HEADER: : PAYLOAD PAYLOAD: : {"alg":"HS256","typ":"JWT"} {"alg":"HS256","typ":"JWT"} eyJtZXNzYWdlIjoiaGVsbG8gcGVvc eyJtZXNzYWdlIjoiaGVsbG8gcGVvc GxlIn0 GxlIn0 @loige 22

Slide 34

Slide 34 text

HEADER HEADER: : PAYLOAD PAYLOAD: : {"alg":"HS256","typ":"JWT"} {"alg":"HS256","typ":"JWT"} {"message":"hello people"} {"message":"hello people"} @loige 22

Slide 35

Slide 35 text

HEADER HEADER: : The decoded info is JSON! The decoded info is JSON! PAYLOAD PAYLOAD: : {"alg":"HS256","typ":"JWT"} {"alg":"HS256","typ":"JWT"} {"message":"hello people"} {"message":"hello people"} @loige 22

Slide 36

Slide 36 text

HEADER HEADER: : {"alg":"HS256","typ":"JWT"} {"alg":"HS256","typ":"JWT"} alg: alg: the kind of algorithm used the kind of algorithm used "HS256" "HS256" HMACSHA256 Signature HMACSHA256 Signature (secret based hashing) (secret based hashing) " "RS256 RS256" RSASHA256 Signature " RSASHA256 Signature (public/private key hashing) (public/private key hashing) " "none none" NO SIGNATURE! " NO SIGNATURE! (This is " (This is " ") ") infamous infamous @loige 23

Slide 37

Slide 37 text

PAYLOAD PAYLOAD: : {"message":"hello people"} {"message":"hello people"} Payload can be anything that Payload can be anything that you can express in JSON you can express in JSON @loige 24

Slide 38

Slide 38 text

PAYLOAD PAYLOAD: : "registered" (or standard) claims: "registered" (or standard) claims: iss: issuer ID ("auth0") sub: subject ID ("johndoe@gmail.com") aud: audience ID ("https://someapp.com") exp: expiration time ("1510047437793") nbf: not before ("1510046471284") iat: issue time ("1510045471284") @loige 25

Slide 39

Slide 39 text

PAYLOAD PAYLOAD: : "registered" (or standard) claims: "registered" (or standard) claims: { "iss": "auth0", "sub": "johndoe@gmail.com", "aud": "https://someapp.com", "exp": "1510047437793", "nbf": "1510046471284", "iat": "1510045471284" } @loige 26

Slide 40

Slide 40 text

So far it's just metadata... So far it's just metadata... What makes it safe? What makes it safe? @loige 27

Slide 41

Slide 41 text

SIGNATURE SIGNATURE: : II7XQbjvDCHkt3UOh6weHY6 II7XQbjvDCHkt3UOh6weHY6 tRcemT0gxRVmA6W6uZ8A tRcemT0gxRVmA6W6uZ8A A A Base64URL Base64URL encoded encoded cryptographic cryptographic signature signature of the header and the payload of the header and the payload @loige 28

Slide 42

Slide 42 text

With HS256 With HS256 signature = HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), secret ) header payload secret SIGNATURE + + = @loige 29

Slide 43

Slide 43 text

If a system knows the If a system knows the secret secret It can verify the authenticity It can verify the authenticity of the token of the token With HS256 With HS256 @loige 30

Slide 44

Slide 44 text

Let's create a token from scratch Let's create a token from scratch runkit.com/lmammino/create-jwt-token @loige 31

Slide 45

Slide 45 text

Playground for JWT Playground for JWT JWT.io JWT.io @loige 32

Slide 46

Slide 46 text

An example An example Session token @loige 33

Slide 47

Slide 47 text

Classic implementation Classic implementation cookie/session based cookie/session based @loige 34

Slide 48

Slide 48 text

35 @loige

Slide 49

Slide 49 text

Browser 35 Server Sessions Database @loige

Slide 50

Slide 50 text

Browser 1. POST /login user:"luciano" pass:"mariobros" 35 Server Sessions Database @loige

Slide 51

Slide 51 text

Browser 1. POST /login 2. generate session id:"Y4sHySEPWAjc" user:"luciano" user:"luciano" pass:"mariobros" 35 Server Sessions Database id:"Y4sHySEPWAjc" user:"luciano" @loige

Slide 52

Slide 52 text

Browser 1. POST /login 2. generate session id:"Y4sHySEPWAjc" user:"luciano" user:"luciano" pass:"mariobros" 3. session cookie SID:"Y4sHySEPWAjc" 35 Server Sessions Database id:"Y4sHySEPWAjc" user:"luciano" @loige

Slide 53

Slide 53 text

Browser 1. POST /login 2. generate session id:"Y4sHySEPWAjc" user:"luciano" user:"luciano" pass:"mariobros" 3. session cookie SID:"Y4sHySEPWAjc" 4. GET /profile 35 Server Sessions Database id:"Y4sHySEPWAjc" user:"luciano" SID:"Y4sHySEPWAjc" @loige

Slide 54

Slide 54 text

Browser 1. POST /login 2. generate session id:"Y4sHySEPWAjc" user:"luciano" user:"luciano" pass:"mariobros" 3. session cookie SID:"Y4sHySEPWAjc" 4. GET /profile 5. query id:"Y4sHySEPWAjc" 35 Server Sessions Database id:"Y4sHySEPWAjc" user:"luciano" SID:"Y4sHySEPWAjc" @loige

Slide 55

Slide 55 text

Browser 1. POST /login 2. generate session id:"Y4sHySEPWAjc" user:"luciano" user:"luciano" pass:"mariobros" 3. session cookie SID:"Y4sHySEPWAjc" 4. GET /profile 5. query id:"Y4sHySEPWAjc" 6. record id:"Y4sHySEPWAjc" user:"luciano" 35 Server Sessions Database id:"Y4sHySEPWAjc" user:"luciano" SID:"Y4sHySEPWAjc" @loige

Slide 56

Slide 56 text

Browser 1. POST /login 2. generate session id:"Y4sHySEPWAjc" user:"luciano" user:"luciano" pass:"mariobros" 3. session cookie SID:"Y4sHySEPWAjc" 4. GET /profile 5. query id:"Y4sHySEPWAjc" 6. record id:"Y4sHySEPWAjc" user:"luciano" 7. (page)

hello luciano

35 Server Sessions Database id:"Y4sHySEPWAjc" user:"luciano" SID:"Y4sHySEPWAjc" @loige

Slide 57

Slide 57 text

JWT implementation JWT implementation @loige 36

Slide 58

Slide 58 text

@loige 37

Slide 59

Slide 59 text

Browser Server @loige 37

Slide 60

Slide 60 text

Browser 1. POST /login user:"luciano" pass:"mariobros" Server @loige 37

Slide 61

Slide 61 text

Browser 1. POST /login user:"luciano" pass:"mariobros" Server Create Token for "luciano" Add signature 2. create JWT @loige 37

Slide 62

Slide 62 text

Slide 63

Slide 63 text

Browser 1. POST /login 3. JWT Token {"sub":"luciano"} user:"luciano" pass:"mariobros" Server eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJz dWIiOiJsdWNpYW5vIn0.V92iQaqMrBUhkgEAyRaCY 7pezgHKls85DY8wHnFrk4 4. GET /profile eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJz dWIiOiJsdWNpYW5vIn0.V92iQaqMrBUhkgEAyRaCY 7pezgHKls85DY8wHnFrk4 Create Token for "luciano" Add signature 2. create JWT @loige 37

Slide 64

Slide 64 text

Browser 1. POST /login 3. JWT Token {"sub":"luciano"} user:"luciano" pass:"mariobros" Server eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJz dWIiOiJsdWNpYW5vIn0.V92iQaqMrBUhkgEAyRaCY 7pezgHKls85DY8wHnFrk4 4. GET /profile eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJz dWIiOiJsdWNpYW5vIn0.V92iQaqMrBUhkgEAyRaCY 7pezgHKls85DY8wHnFrk4 Token says this is "luciano" Signature looks OK 5. verify Create Token for "luciano" Add signature 2. create JWT @loige 37

Slide 65

Slide 65 text

Browser 1. POST /login 3. JWT Token {"sub":"luciano"} user:"luciano" pass:"mariobros" 6. (page)

hello luciano

Server eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJz dWIiOiJsdWNpYW5vIn0.V92iQaqMrBUhkgEAyRaCY 7pezgHKls85DY8wHnFrk4 4. GET /profile eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJz dWIiOiJsdWNpYW5vIn0.V92iQaqMrBUhkgEAyRaCY 7pezgHKls85DY8wHnFrk4 Token says this is "luciano" Signature looks OK 5. verify Create Token for "luciano" Add signature 2. create JWT @loige 37

Slide 66

Slide 66 text

Browser 1. POST /login 3. JWT Token {"sub":"luciano"} user:"luciano" pass:"mariobros" 6. (page)

hello luciano

Slide 67

Slide 67 text

Cookie/session Cookie/session Needs a database to store the session data The database is queried for every request to fetch the session A session is identified only by a randomly generated string (session ID) No data attached Sessions can be invalidated at any moment JWT JWT Doesn't need a session database The session data is embedded in the token For every request the token signature is verified Attached metadata is readable Sessions can't be invalidated, but tokens might have an expiry flag VS VS @loige 38

Slide 68

Slide 68 text

Another great JWT use case Another great JWT use case Creating Secure Password Reset Links Creating Secure Password Reset Links loige.link/jwt-pwd-reset @loige 39

Slide 69

Slide 69 text

JWT LOOKS GREAT! JWT LOOKS GREAT! But there are pitfalls... But there are pitfalls... @loige 40

Slide 70

Slide 70 text

Data is public! Data is public! @loige 41

Slide 71

Slide 71 text

Data is public! Data is public! If you have a token, If you have a token, you can easily read the claims! you can easily read the claims! @loige 41

Slide 72

Slide 72 text

Data is public! Data is public! If you have a token, If you have a token, you can easily read the claims! you can easily read the claims! You only have to Base64Url-decode the token header and payload and you have a readable JSON @loige 41

Slide 73

Slide 73 text

There's no token database... There's no token database... ...if I can forge a token ...if I can forge a token nobody will know it's not nobody will know it's not authentic! authentic! @loige 42

Slide 74

Slide 74 text

DEMO DEMO JWT based web app github.com/lmammino/sample-jwt-webapp BUILT WITH @loige 43

Slide 75

Slide 75 text

Given an HS256 signed JWT Given an HS256 signed JWT We can try to " We can try to "guess guess" the " the secret secret! ! @loige 44

Slide 76

Slide 76 text

How difficult can it be? How difficult can it be? @loige 45

Slide 77

Slide 77 text

Let's build a distributed Let's build a distributed JWT token cracker! JWT token cracker! npm.im/distributed-jwt-cracker npm.im/distributed-jwt-cracker @loige 46

Slide 78

Slide 78 text

The idea... The idea... @loige 47

Slide 79

Slide 79 text

The idea... The idea... Take a valid JWT token Take a valid JWT token @loige 47

Slide 80

Slide 80 text

The idea... The idea... try to "guess" the secret and validate the token against it try to "guess" the secret and validate the token against it Take a valid JWT token Take a valid JWT token @loige 47

Slide 81

Slide 81 text

The idea... The idea... if the token is validated, then you found the if the token is validated, then you found the secret secret! ! try to "guess" the secret and validate the token against it try to "guess" the secret and validate the token against it Take a valid JWT token Take a valid JWT token @loige 47

Slide 82

Slide 82 text

The idea... The idea... YOU CAN NOW YOU CAN NOW CREATE AND SIGN CREATE AND SIGN ANY JWT TOKEN ANY JWT TOKEN FOR THIS FOR THIS APPLICATION APPLICATION! ! if the token is validated, then you found the if the token is validated, then you found the secret secret! ! try to "guess" the secret and validate the token against it try to "guess" the secret and validate the token against it Take a valid JWT token Take a valid JWT token @loige 47

Slide 83

Slide 83 text

Magic weapons Magic weapons @loige 48

Slide 84

Slide 84 text

Magic weapons Magic weapons Node.js Node.js @loige 48

Slide 85

Slide 85 text

Magic weapons Magic weapons Node.js Node.js ZeroMQ ZeroMQ @loige 48

Slide 86

Slide 86 text

Magic weapons Magic weapons Node.js Node.js module module jsonwebtoken jsonwebtoken ZeroMQ ZeroMQ @loige 48

Slide 87

Slide 87 text

ZeroMQ ZeroMQ an open source embeddable an open source embeddable networking networking library library and a and a concurrency framework concurrency framework @loige 49

Slide 88

Slide 88 text

The brute force problem The brute force problem "virtually infinite" solutions space "virtually infinite" solutions space all the strings (of any length) that can be generated within a given alphabet (empty string), a, b, c, 1, aa, ab, ac, a1, ba, bb, bc, b1, ca, cb, cc, c1, 1a, 1b, 1c, 11, aaa, aab, aac, aa1, aba, ... @loige 50

Slide 89

Slide 89 text

bijection (int) ⇒ (string) bijection (int) ⇒ (string) if we sort all the possible strings over an alphabet Alphabet = [a,b] 0 ⟶ (empty string) 1 ⟶ a 2 ⟶ b 3 ⟶ aa 4 ⟶ ab 5 ⟶ ba 6 ⟶ bb 7 ⟶ aaa 8 ⟶ aab 9 ⟶ aba 10 ⟶ abb 11 ⟶ baa 12 ⟶ bab 13 ⟶ bba 14 ⟶ bbb 15 ⟶ aaaa 16 ⟶ aaab 17 ⟶ aaba 18 ⟶ aabb ... @loige 51

Slide 90

Slide 90 text

Architecture Architecture Server Server Client Client Initialised with a valid JWT token and an alphabet coordinates the brute force attempts among connected clients knows how to verify a token against a given secret receives ranges of secrets to check @loige 52

Slide 91

Slide 91 text

Networking patterns Networking patterns Router channels: dispatch jobs receive results Pub/Sub channel: termination signal @loige 53

Slide 92

Slide 92 text

Server state Server state the solution space can be sliced into the solution space can be sliced into chunks chunks of fixed length (batch size) of fixed length (batch size) @loige 54

Slide 93

Slide 93 text

Server state Server state the solution space can be sliced into the solution space can be sliced into chunks chunks of fixed length (batch size) of fixed length (batch size) 0 3 6 9 ... @loige 54

Slide 94

Slide 94 text

Server state Server state the solution space can be sliced into the solution space can be sliced into chunks chunks of fixed length (batch size) of fixed length (batch size) 0 batch 1 3 6 9 ... @loige 54

Slide 95

Slide 95 text

Slide 96

Slide 96 text

Slide 97

Slide 97 text

Server state Server state the solution space can be sliced into the solution space can be sliced into chunks chunks of fixed length (batch size) of fixed length (batch size) 0 ... batch 1 batch 2 batch 3 3 6 9 ... @loige 54

Slide 98

Slide 98 text

Initial server state Initial server state { "cursor": 0, "clients": {} } @loige 55

Slide 99

Slide 99 text

The first client connects The first client connects { "cursor": 3, "clients": { "client1": [0,2] } } [0,2] @loige 56

Slide 100

Slide 100 text

{ "cursor": 9, "clients": { "client1": [0,2], "client2": [3,5], "client3": [6,8] } } Other clients connect Other clients connect [0,2] [3,5] [6,8] @loige 57

Slide 101

Slide 101 text

Client 2 finishes its job Client 2 finishes its job { "cursor": 12, "clients": { "client1": [0,2], "client2": [9,11], "client3": [6,8] } } [0,2] [9,11] [6,8] @loige 58

Slide 102

Slide 102 text

let cursor = 0 const clients = new Map() const assignNextBatch = client => { const from = cursor const to = cursor + batchSize - 1 const batch = [from, to] cursor = cursor + batchSize client.currentBatch = batch client.currentBatchStartedAt = new Date() return batch } const addClient = channel => { const id = channel.toString('hex') const client = {id, channel, joinedAt: new Date()} assignNextBatch(client) clients.set(id, client) return client } Server @loige 59

Slide 103

Slide 103 text

Messages flow Messages flow @loige 60

Slide 104

Slide 104 text

Messages flow Messages flow JWT Cracker Server JWT Cracker Client @loige 60

Slide 105

Slide 105 text

Messages flow Messages flow JWT Cracker Server JWT Cracker Client 1. JOIN @loige 60

Slide 106

Slide 106 text

Messages flow Messages flow JWT Cracker Server JWT Cracker Client 1. JOIN 2. START {token, alphabet, firstBatch} @loige 60

Slide 107

Slide 107 text

Messages flow Messages flow JWT Cracker Server JWT Cracker Client 1. JOIN 2. START {token, alphabet, firstBatch} 3. NEXT @loige 60

Slide 108

Slide 108 text

Messages flow Messages flow JWT Cracker Server JWT Cracker Client 1. JOIN 2. START {token, alphabet, firstBatch} 3. NEXT 4. BATCH {nextBatch} @loige 60

Slide 109

Slide 109 text

Messages flow Messages flow JWT Cracker Server JWT Cracker Client 1. JOIN 2. START {token, alphabet, firstBatch} 3. NEXT 4. BATCH {nextBatch} 5. SUCCESS {secret} @loige 60

Slide 110

Slide 110 text

const router = (channel, rawMessage) => { const msg = JSON.parse(rawMessage.toString()) switch (msg.type) { case 'join': { const client = addClient(channel) const response = { type: 'start', id: client.id, batch: client.currentBatch, alphabet, token } batchSocket.send([channel, JSON.stringify(response)]) break } case 'next': { const batch = assignNextBatch(clients.get(channel.toString('hex'))) batchSocket.send([channel, JSON.stringify({type: 'batch', batch})]) break } case 'success': { const secret = msg.secret // publish exit signal and closes the app signalSocket.send(['exit', JSON.stringify({secret, client: channel.toString('hex')})], 0, () => { batchSocket.close() signalSocket.close() exit(0) }) break } } } Server @loige 61

Slide 111

Slide 111 text

let id, variations, token const dealer = rawMessage => { const msg = JSON.parse(rawMessage.toString()) const start = msg => { id = msg.id variations = generator(msg.alphabet) token = msg.token } const batch = msg => { processBatch(token, variations, msg.batch, (secret, index) => { if (typeof secret === 'undefined') { // request next batch batchSocket.send(JSON.stringify({type: 'next'})) } else { // propagate success batchSocket.send(JSON.stringify({type: 'success', secret, index})) exit(0) } }) } switch (msg.type) { case 'start': start(msg) batch(msg) break case 'batch': batch(msg) break } } Client @loige 62

Slide 112

Slide 112 text

How a chunk is processed How a chunk is processed Given chunk [3,6] over alphabet "ab" [3,6] ⇒ 3 ⟶ aa 4 ⟶ ab 5 ⟶ ba 6 ⟶ bb ⇠ check if one of the strings is the secret that validates the current token @loige 63

Slide 113

Slide 113 text

Slide 114

Slide 114 text

Demo Demo @loige 65

Slide 115

Slide 115 text

Closing off Closing off @loige 66

Slide 116

Slide 116 text

Is JWT safe to use? Is JWT safe to use? @loige 67

Slide 117

Slide 117 text

Definitely Definitely YES! YES! Heavily used by: @loige 68

Slide 118

Slide 118 text

but... but... @loige 69

Slide 119

Slide 119 text

Use a strong (≃long) Use a strong (≃long) secret secret and keep it SAFE! and keep it SAFE! Or, even better Use RS256 (RSA public/private key pair) signature Use RS256 (RSA public/private key pair) signature Use it wisely! Use it wisely! @loige 70

Slide 120

Slide 120 text

But, what if I create But, what if I create only only short lived tokens short lived tokens... ... @loige 71

Slide 121

Slide 121 text

JWT is STATELESS! JWT is STATELESS! the expiry time is contained in the token... if you can edit tokens, you can extend the expiry time as needed! @loige 72

Slide 122

Slide 122 text

Should I be worried about Should I be worried about brute force brute force? ? @loige 73

Slide 123

Slide 123 text

Some benchmarks Some benchmarks Secret length Attempts Time* 5 26^5 = 12 mln 1m55.618s 6 26^6 = 310 mln 1h32m48.378s 7 26^7 = 8 Bln 3d18h22m10.231s 8 26^8 = 210 Bln ⏱ still running... 9 26^9 = 5.5 Tln I didn't even dare to try! * 8 clients on 4 t2.medium AWS machines, [a-z] alphabet ( ) loige.link/jwt-bench @loige 74

Slide 124

Slide 124 text

@loige 75

Slide 125

Slide 125 text

If you use If you use a 64 a 64 chars secret chars secret... ... @loige 75

Slide 126

Slide 126 text

If you use If you use a 64 a 64 chars secret chars secret... ... 26^64 = 3.616.548.304.479.297.085.365.330.736.464.680.499.909.051.89 5.704.748.593.486.634.912.486.670.341.490.423.472.351.870.976 @loige 75

Slide 127

Slide 127 text

Slide 128

Slide 128 text

Slide 129

Slide 129 text

TLDR; TLDR; JWT is a JWT is a cool & stateless™ cool & stateless™ way to way to transfer claims! transfer claims! Choose the right Algorithm With HS256, choose a good secret and keep it safe Don't disclose sensitive information in the payload Don't be too worried about brute force, but understand how it works! @loige 76

Slide 130

Slide 130 text

Thanks! @loige @loige https://loige.co https://loige.co loige.link/jwt-crack-london 77

Slide 131

Slide 131 text

an heartfelt thank you to: "the amazing" Paul Dolan @mariocasciaro @AlleviTommaso @andreaman87 @cirpo @katavic_d @Podgeypoos79 @quasi_modal Credits Credits vector images vector images designed by freepik designed by freepik @loige 78