Modern Ways to Store Passwords and Security Measures
Discover modern techniques and tools for storing passwords securely, along with insights into hashing principles, GPU performance in password cracking, and the importance of salt keys. Learn from the Kaspersky fail incident and explore the use of NVIDIA V100 Tesla GPUs for hashing algorithms. Dive into the world of Amazon P3 instances for high-performance computing.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Modern ways to store passwords Modern ways to store passwords Igor Sobinov 2019 Igor Sobinov 2019 01.09.2019
Agenda Shadow Hammer & Kaspersky example GPU performance and hash cracking Hashing passwords principles Salt Key Deviation Functions 2
Kaspersky fail The ShadowHammer virus attack was targeted to computers with specially predefined set of MAC addresses. Kaspersky lab decoded the list of MAC addresses but didn t publish it. Instead, they created offline utility to check if the current computer s MAC address in the list. This means that the utility had the whole list inside it. It was very unfriendly and researchers decrypted the list of MAC addresses and publish it. How do researches so easy decrypted the MAC list? 3
Kaspersky fail After a short investigation researchers found out that Kaspersky utility used periodic sha256 hash with four-byte sault. sha_func( sha_func(sha_func(sha_func(mac+salt)+salt)+salt) ) It was a bad idea because using special utility to crack hashes HashCat all hashed were cracked in less than an hour. 4
NVIDIA V100 Tesla A cluster with AWS p3.16x large was used. Eight of NVIDIA s V100 Tesla 16GB GPUs. (12 nm, FP32 5120, FP64 2560) 5
Amazon p3.16xlarge P3 instances use customized Intel Xeon E5-2686v4 processors running at up to 2.7 GHz. NVIDIA Tesla V100 GPUs Network Bandwidt h EBS GPU Memory NVIDIA NVLink Main Memory Model vCPUs Bandwidt h p3.2xlarge Up to 10 Gbps 1 16 GiB n/a 8 61 GiB 1.5 Gbps p3.8xlarge 4 64 GiB 200 GBps 32 244 GiB 10 Gbps 7 Gbps p3.16xlarge 8 128 GiB 300 GBps 64 488 GiB 25 Gbps 14 Gbps 6
Amazon p3.16xlarge Prices Instance Storage (GB) Linux/UNIX Usage Configuration vCPU ECU Memory (GiB) $3.06 per Hour p3.2xlarge 8 26 61 GiB EBS Only $12.24 per Hour p3.8xlarge 32 94 244 GiB EBS Only $24.48 per Hour p3.16xlarge 64 188 488 GiB EBS Only 7
Amazon p3.16xlarge Performance Algorithm Performance PBKDF2-HMAC-SHA256 2650 kH/S SHA-256 7500 MH/s ChaCha20 8200 MH/s 8
TESLA V100 Performance Results of hashcat utility performance on different Amazon clusters p2.x16large: https://gist.github.com/iam1980/d0d129e1fc4303b1b474de17859fe073 p3.16xlarge: https://gist.github.com/iam1980/808f696a14b0c42b26621a01f91a8b18 9
Password hashing The main point is to protect users hashes from been brute forced to reveal passwords. Only cryptographic functions should be used: SHA256, SHA512, RipeMD, and WHIRLPOOL The target for password hashing is to slow down password enumeration, especially on H/W that used for password cracking: GPU (most dangerous) FPGA ASIC 11
Dictionary attack Dictionary attack: uses a file containing words, phrases, common passwords, and other strings that are likely to be used as a password. Each word in the file is hashed, and its hash is compared to the password hash. If they match, that word is the password Trying apple : failed Trying blueberry : failed Trying justinbeiber : failed ... Trying letmein Trying s3cr3t : success! : failed 12
Brute-force Brute-force attack: Tries every possible combination of characters up to a given length. 20: [A-Z a-z 1-9 ~-?] Trying aaaa : failed Trying aaab : failed Trying aaac : failed ... Trying acdb : failed Trying acdc : success! 13
Password Hashing Functions Password Hashing Functions Especially designed slow Could slow-down backend: large RAM usage, many iterations Low-entropy passwords are still vulnerable 14
Password hashing Applications uses CPU for password hashing. CPU properties: Multiple cores (but less than GPU) Multi-level cache (L1, L2, L3) The idea is to use create hashing algorithm that is optimized for CPU but not for GPU etc. 15
Password hashing CPU-optimized algorithms approaches: 1. Large amount of RAM usage 2. R/W of small amount of data with random addresses in small memory region that fits to L1 cache 3. MUL operation usage. On CPU MUL executes in the same as shifting or ADD but it is slow on FPGA & ASIC 4. Instruction-level parallelism: usage of instructions like SSE2, SSSE3, AVX2 etc. Argon2 uses 1, 3, 4 Yescrypt uses 1, 2, 3, 4 but only in special mode 16
Salt 17
Salt Salt is needed to make difficult dictionary attack and rainbow-tables attack. Salt isn t a secret and must be random and unique. Don t use user name as a salt. Use a salt that is the same size as the output of the hash function. Output of SHA256 is 256 bits. Minimum Password length must be 10 bytes More info at: https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Password_Storage _Cheat_Sheet.md 18
Salt For salt creation Cryptographically Secure Pseudo-Random Number Generator (CSPRNG) should be used. Platform CSPRNG PHP mcrypt_create_iv, openssl_random_pseudo_bytes Java java.security.SecureRandom Dot NET (C#, VB) System.Security.Cryptography.RNGCryptoServiceProvider Ruby SecureRandom Python os.urandom Perl Math::Random::Secure C/C++ (Windows API) CryptGenRandom Any language on GNU/Linux or Unix Read from /dev/random or /dev/urandom 19
Key Deviation Functions The best way to slow down the brut force is a Key Deviation Functions: bcrypt (1999): one parameter Scrypt (2009): massive memory requirements PBKDF2 Agron2 (2015): Three parameters (winner of the Password Hashing Competition) 20
Agron2 21
Argon2 implementations Original C implementation: https://github.com/p-h-c/phc-winner-argon2 Libsodium (NaCl) supports Argon2 and has bindings to more that 10 programming languages. Java Spring supports Argon2: https://docs.spring.io/spring- security/site/docs/current/reference/htmlsingle/#core-services-password-encoding Python supports Argon2 and other modern hash functions via Passlib library: https://passlib.readthedocs.io/en/stable/lib/passlib.hash.argon2.html php support: PHP 5 >= 5.5.0, PHP 7 supports Argon2 via password_hash function if PHP has been compiled with Argon2 support. .net supports Argon2 via Konscious.Security.Cryptography library 22
Summary Password length should be minimum 10 characters long, allowed special symbols, Unicode, Emoji but not mandatory Check passwords for dictionary, previous passwords list. NIST 2016 Password guidelines. Use existing and well-known passwords libraries: libsodium Use cryptographic hash functions like Argon2 with strong parameters 23
Summary Create random, unique salt for every password hash. (/dev/urandom). Salt length should be not less than hash. Keep tracking for the latest password-related industry standards, technologies, algorithms Consider using only industry standard authentication solutions for your programming stack and system configuration 24
