Κυριακή 9 Μαρτίου 2014

Password Security

I. A Strawman Proposal

a. Basic password system: file w/ username, password records (colon delimiter)

b. Simple to implement but risky

 - All users compromised if hacker get the password file
 - Done in Java: MiniPasswordManager

c. MiniPasswordManager

Public class MiniPasswordManager {
/** dUserMap is a Hashtable keyed by username */
private static Hashtable dUserMap;
/** location of the password file on disk */
private static String dPwdFile;
public static void add (String username, String password) throws Exception {
dUserMap.put(username, password);
}
Public static Boolean checkPassword(String username, String password) {
try { String t = (String) dUserMap.get(username);
return (t == null) ? false: t.equals(password);
} catch (Exception e) {}
return false;
}

}

d. MPM: File Management

public class MiniPasswordManager {

/* Password file management operations follow */
public static void init (String pwdFile) throws Exception {
dUserMap = MiniPasswordFile.load(pwdFile);
dPwdFile = pwdFile;
}
public static void flush() throws Exception {
MiniPasswordFile.store (dPwdFile, dUserMap);
}
… // main()
}

e. MPM: main()

Public static void main(String argv[]) {
String pwdFile = null;
String username = null;
try {
pwdFile = argv[0];
username = argv[1];
init(pwdFile);
System.out.print(“Enter new password for “ + username + “: “);
BufferedReader br = new BufferedReader (new InputStreamReader(System.in));
String password = br.readLine();
add(username, password);
flush();
} catch (Exception e) {
If ((pwdFile != null) && (username != null)) {
System.err.println(“Error: Could not read or write “ + pwdFile);
} else { System.err.println(“Usage: java MinipasswordManager” + “<pwdfile> <username>”); }
}
}

II. Hashing

a. Encrypt passwords, don’t store “in the clear”
 - Could decrypt (e.g DES) to check, key storage
 - Even better: “one-way encryption”, no way to decrypt
 - If file stolen, passwords not compromised
 - Use one-way hash function, h: preimage resistant
 - Ex: SHA-256 hashes stored in file, not plaintext password

b. Hashing Example

c. Hashing MPM Modifications

public static void add (String username, String password) throws Exception {
dUserMap.put(username, computeSHA(password));
}
public static Boolean checkPassword(String username, String password) {
try { String t = (String) dUserMap.get(username);
return (t == null)?false:t.equals(computeSHA(password));
} catch (Exception e) {}
return false;
}

private static String computeSHA (String preimage) throws Exception {
MessageDigest md = MessageDigest.getInstance(“SHA-256”);
md.update(preimage.getBytes(“UTF-8));
byte raw[] = md.digest();
return (new sun.misc.BASE64Encoder().encode(raw));
}

III. Off-line Dictionary Attacks

IV. Salting

a. Salting – include additional info in hash
b. Add third field to file storing random #(salt)
c. Salting Functions

public static int chooseNewSalt() throws NoSuchAlgorithmException {
return getSecureRandom((int)Math.pow(2,12));
}
/* Returns a cryptographically random number in the range [0, max) */
private static int getSecureRandom(int max) throws NoSuchAlgorithmException {
SecureRandom sr = SecureRandom.getInstance(“SHA1PRNG”);
Return Math.abs(sr.nextInt())%max;
}
public static String getSaltedHash (String pwd, int salt) throws Exception {
return computeSHA(pwd + “|” + salt);
}
d. Salting in MPM
/* Chooses a salt for the user, computes the salted hash of the user’s password, and adds a new entry into the userMap hashtable for the user */
public static void add(String username, String password) throws Exception {
int salt = chooseNewSalt();
HashedPasswordTuple ur = new HashedPasswordTuple(getSaltedHash(password, salt), salt);’
dUserMap.put(username, ur);
}
public static Boolean checkPassword(String username, String password) {
try { HashedPasswordTuple t = (HashedPasswordTuple) dUserMap.get(username);
return (t== null)?false: t.getHashedPassword().equals(getSaltedHash(password, t.getSalt()));
} catch (Exception e) {}
return false;
}

e. Salting: Good News

 - Dictionary attack against arbitrary user is harder
 - N-word dictionary, k-bit salts, v distinct salts
 - Off-line Dictionary Attack Foiled


g. Salting: Bad News

 - Ineffective against chosen-victim attack
 - Attacker’s job harder, not impossible

Δεν υπάρχουν σχόλια:

Δημοσίευση σχολίου