80,000 Plaintext Passwords: An Open Source Love Story in Three Acts

80,000 Plaintext Passwords @tjschuck

mallory@local$ ′

T.J. Schuck  @tjschuck

HARVEST getHarvest.com

I am not a Security Expert™

mallory@local$ ′

Layers Layers Layers Layers

mallory@local$ perl haxor.pl ′

mallory@local$ perl haxor.pl ! +------+-----------------------+------------+ | id | email |
password | +------+-----------------------+------------+ | 6125 | provos@openbsd.org | honeyd | | 6126 | schneier@schneier.com | blowfish | | 6127 | tj@tjschuck.com | peppercorn | | 6128 | rivest@mit.edu | md1947 | +------+-----------------------+------------+

“But…”

password | +------+-----------------------+------------+ | 6125 | provos@openbsd.org | honeyd | | 6126 | schneier@schneier.com | blowfish | | 6127 | tj@tjschuck.com | peppercorn | | 6128 | rivest@mit.edu | md1947 | +------+-----------------------+------------+

password | +------+-----------------------+------------+ | 6125 | provos@openbsd.org | ubarlq | | 6126 | schneier@schneier.com | oybjsvfu | | 6127 | tj@tjschuck.com | crccrepbea | | 6128 | rivest@mit.edu | zq1947 | +------+-----------------------+------------+

Encryption is reversible

Hashing is irreversible

hash(‘peppercorn’) => 6a58d0ad2619df7d7fabc2603b79063f

hash(‘peppercorn’) => 6a58d0ad2619df7d7fabc2603b79063f hash(‘secret1234’) => bdfc2db0aa599f5919e565c328216a51

hash(‘peppercorn’) => 6a58d0ad2619df7d7fabc2603b79063f hash(‘secret1234’) => bdfc2db0aa599f5919e565c328216a51 => 18ad6448e70b7b0254cad4d77653f2d7

hash(‘peppercorn’) => 6a58d0ad2619df7d7fabc2603b79063f hash(‘secret1234’) => bdfc2db0aa599f5919e565c328216a51 => 18ad6448e70b7b0254cad4d77653f2d7 ?

Hashing is deterministic

hash(‘peppercorn’) => 6a58d0ad2619df7d7fabc2603b79063f hash(‘peppercorn’) => 6a58d0ad2619df7d7fabc2603b79063f

hash(‘peppercorn’) => 6a58d0ad2619df7d7fabc2603b79063f hash(‘peppercorn’) => 6a58d0ad2619df7d7fabc2603b79063f hash(‘peppercorn’) => 6a58d0ad2619df7d7fabc2603b79063f

Hashing is deterministic (but not obvious)

hash(‘peppercorn’) => 6a58d0ad2619df7d7fabc2603b79063f hash(‘peppercorn’) => 6a58d0ad2619df7d7fabc2603b79063f !

hash(‘peppercorn’) => 6a58d0ad2619df7d7fabc2603b79063f hash(‘peppercorn’) => 6a58d0ad2619df7d7fabc2603b79063f ! hash(‘Peppercorn’) => b8bfa4f1b72ee60755a71dbdf0700fe9

=> b8bfa4f1b72ee60755a71dbdf0700fe8

=> b8bfa4f1b72ee60755a71dbdf0700fe8 ?

Hashing is deterministic

hash(‘peppercorn’) => 6a58d0ad2619df7d7fabc2603b79063f hash(‘peppercorn’) => 6a58d0ad2619df7d7fabc2603b79063f hash(‘peppercorn’) => 6a58d0ad2619df7d7fabc2603b79063f

Rainbow Tables

6a58d0ad2619df7d7fabc2603b79063f

Defeating the Rainbow

hash(‘peppercorn-tc5gplQopZ617zRQ8h9pAg’) => c5dde1b5cc0e6d89bda0f5e350bda319

WE DID IT!

(no we didn’t)

Proof of Concept

peppercorn

pepper8 pepper83 pepper88 pepper99 ! pepperdog pepperi1 peppermint peppermint1 pepperoni
pepperpepper peppers peppers4 peppi123 peppone pepsi pepsi1 pepsi123 pepsi2006 pepsi5 pepsi78bottle pepsicat pepsico pepsii pepsimax pepsione pepsis12 pequot per12fect peralta1 peppercorn

un1v3r53 1q2w#E$R fkg7h4f3v6

SALTING

hash(‘peppercorn-tc5gplQopZ617zRQ8h9pAg’) => c5dde1b5cc0e6d89bda0f5e350bda319 hash(‘peppercorn-R1XrmmZVRedKMTE9nlIy9Q’) => fc5ad4a64796506086424af78f57df9d

This is pretty good…

This is pretty good… for 1976.

bcrypt ✓ One-way hash  ✓ Pre-image resistant  ✓ Deterministic ✓
Built-in per-password salts

Eksblowﬁsh

Adaptive Cost

mallory@local$ perl haxor.pl ! +-----------------------+--------------------------------------------------------------+ | email | password |
+-----------------------+--------------------------------------------------------------+ | provos@openbsd.org | $2a$10$1ObnU/cPb3AjVU5iu8ntfe77xO83roRhoJMyBqYhlq5ZMMbHCcELK | | schneier@schneier.com | $2a$10$CelbCnmBjJez5ego4w.mbusfnZGOn/lRhLjrr37R0iUCr1UIC6ZyC | | tj@tjschuck.com | | | rivest@mit.edu | $2a$10$9WLufYmucbh.yaTHKKUuUeihbcA3hBUiI.XiW7ygmaYcYXtl4MBKy | +-----------------------+--------------------------------------------------------------+ $ 2a 10 LrfFlMh6Yc7JWKlpRwVjUuPCOPU5574fXAVrvLZRFT87cT55oLBEe $ $

$ 2a 10 LrfFlMh6Yc7JWKlpRwVjUuPCOPU5574fXAVrvLZRFT87cT55oLBEe $ $

$ 2a 10 LrfFlMh6Yc7JWKlpRwVjUu PCOPU5574fXAVrvLZRFT87cT55oLBEe $ $

$ 2a 10 LrfFlMh6Yc7JWKlpRwVjUu PCOPU5574fXAVrvLZRFT87cT55oLBEe $ $ “Cost”

bcrypt(‘peppercorn’, 10) =>

bcrypt(‘peppercorn’, 10) => $2a$10$41JmpddjOSEGWU099uQx7O7Y1EiQMTRQFZCcFqFMlYWekR5pj9xFi

bcrypt(‘peppercorn’, 10) => $2a$10$41JmpddjOSEGWU099uQx7O7Y1EiQMTRQFZCcFqFMlYWekR5pj9xFi bcrypt(‘peppercorn’, 10) =>

bcrypt(‘peppercorn’, 10) => $2a$10$41JmpddjOSEGWU099uQx7O7Y1EiQMTRQFZCcFqFMlYWekR5pj9xFi bcrypt(‘peppercorn’, 10) => $2a$10$8ONmT2oiKPoPn/KQTrvHq.gWTnqQ5p.T13lw.lCm9d.QoqIZzbHPS

bcrypt(‘peppercorn’, 10) => $2a$10$41JmpddjOSEGWU099uQx7O7Y1EiQMTRQFZCcFqFMlYWekR5pj9xFi bcrypt(‘peppercorn’, 10) => $2a$10$8ONmT2oiKPoPn/KQTrvHq.gWTnqQ5p.T13lw.lCm9d.QoqIZzbHPS bcrypt(‘peppercorn’, 14)
=>

=> $2a$14$4US.NV/qyRkctl.LaYvNzOln70yIaqGfJeMq1deb/bPJMMmtcxOU.

=> $2a$14$4US.NV/qyRkctl.LaYvNzOln70yIaqGfJeMq1deb/bPJMMmtcxOU. 0.0656 seconds

=> $2a$14$4US.NV/qyRkctl.LaYvNzOln70yIaqGfJeMq1deb/bPJMMmtcxOU. 0.0656 seconds 0.0657 seconds

=> $2a$14$4US.NV/qyRkctl.LaYvNzOln70yIaqGfJeMq1deb/bPJMMmtcxOU. 0.0656 seconds 0.0657 seconds 1.0481 seconds

Cost Seconds 9 0.0344 10 0.0656 11 0.1333 12 0.2646
13 0.5236 14 1.0481 15 2.1645 16 4.2801

“Well, actually…”

The Fix

def authenticate(plaintext_password)! if old_hashing_method(plaintext_password) == password_digest! self! end! end

def authenticate(plaintext_password)! if BCrypt::Password.new(password_digest) == plaintext_password! self! end! end

def authenticate(plaintext_password)! return unless convert_old_hash_to_bcrypt(plaintext_password)! ! if BCrypt::Password.new(password_digest) == plaintext_password!
self! end! end

def convert_old_hash_to_bcrypt(plaintext_password)! return true if BCrypt::Password.valid_hash?(password_digest)! ! if old_hashing_method(plaintext_password) ==
password_digest! update_column :password_digest,! BCrypt::Password.create(plaintext_password)! end! end

—Act II—

Fat Binary Gems —Act II— You make the rockin’ world
go ’round

bcrypt-ruby github.com/codahale/bcrypt-ruby

Well shit.

rake-compiler-dev-box with Rubies, GCC, JDK, MinGW…

LOLOLOLOL NO.

rake-compiler#79

Act III

Act III Luis Lavena

• One-Click Ruby  Installer for Windows

• One-Click Ruby  Installer for Windows • Ruby core

• One-Click Ruby  Installer for Windows • Ruby core •
Ruby Hero (2010)

• One-Click Ruby  Installer for Windows • Ruby core •
Ruby Hero (2010) • rake-compiler

rake-compiler-dev-box#2

@luislavena <3 <3 <3

Find your Luis

“Be the Luis you wish to see in the world”

What have we learned?

1. Just use bcrypt

2. Distribute a dev box

3. Release, collaborate, iterate

Thank You @tjschuck getHarvest.com

80,000 Plaintext Passwords: An Open Source Love Story in Three Acts

80,000 Plaintext Passwords: An Open Source Love Story in Three Acts

Other Decks in Programming

Featured

Transcript