encrypted password storage

November 1st, 2007Internet Vision Technologies

Melbourne, Victoria, AU

Jonathan Oxer <jon@ivt.com.au>

Secure PasswordStorage in SiteBuilder

November 1st, 2007Internet Vision Technologies

Melbourne, Victoria, AU

Jonathan Oxer <jon@ivt.com.au>

18cf7f57ff36142a473acdce6e602b03

“We want to make you aware thatmedia of ours that contained a

backup of a portion of the redditdatabase was stolen recently.

We wanted to alert you to thepossibility that your username,password, and – in some cases– e-mail address may have been

compromised.”

Steve Huffman, reddit.com

Lesson for site owners:

Don't storepasswords in

plain text

Do we really needto know user's

passwords?

No, we need toknow if they

know it!

This is your password:

hammer

This is your password on hash:

d58a27b9f79eb702e1e514b0cdb4e254

A “hashingalgorithm” is

a one-waycalculation

Store the hashedvalue, not the

plaintext

On login: hashthe supplied

value andcompare hashes

User-submitted value:“hammer”

User-submitted value:“hammer”

Hashfunction

User-submitted value:“hammer”

Hashfunction

Calculated hash value:“d58a27b9f7..”

User-submitted value:“hammer”

Hashfunction

Calculated hash value:“d58a27b9f7..”

Pre-stored hash value:“d58a27b9f7..”

Querydatabase

User-submitted value:“hammer”

Hashfunction

Calculated hash value:“d58a27b9f7..”

Pre-stored hash value:“d58a27b9f7..”

Compare

Querydatabase

Dictionary attack:pre-compute hashvalues for every

possible password

echo “hammer” | md5sumalways equals

d58a27b9f79eb702e1e514b0cdb4e254

So the input value for

d58a27b9f79eb702e1e514b0cdb4e254

must have been 'hammer'

Dictionary attackspre-compute a

hash table for everypossible input value

Solution: “salt”the plaintext

with a randomvalue first

Store the saltvalue for later usewhen validating

users

User-submitted value:“hammer”

Hashfunction

Calculated hash value:“d58a27b9f7..”

Pre-stored hash value:“d58a27b9f7..”

Compare

Querydatabase

User-submitted value:“hammer”

Hashfunction

User-submitted value:“hammer”

Hashfunction

Querydatabase

Pre-stored salt value:“nceoter8oa”

User-submitted value:“hammer”

Hashfunction

Calculated hash value:“4aeb7d7b...”

Querydatabase

Pre-stored salt value:“nceoter8oa”

User-submitted value:“hammer”

Hashfunction

Calculated hash value:“4aeb7d7b...”

Pre-stored hash value:“4aeb7d7b...”

Compare

Querydatabase

Pre-stored salt value:“nceoter8oa”

An attacker thenhas to re-compute

their dictionaryfor every attack

SiteBuilder usestwo fields:

`Password` and`PasswordSalt`

On a login requestSB checks for a stored salt value

If salt found thesupplied value

is hashedand comparedwith password

If salt not foundplaintext value is

compared directlywith stored

password value

Then a salt isgenerated, thepassword is

hashed and bothvalues stored

Then a salt isgenerated, thepassword is

hashed and bothvalues stored

Next time the saltwill exist so pw

will be treated asa hashed value

Progressiveencryption of

existingpasswords

Nice side effect:update passwordby simply writing

plaintext anddeleting salt

UPDATE contactsSET `Password` = 'hammer',

`PasswordSalt` = ''WHERE UserId = 123;

On next login itwill be hashedautomatically

Thankyou :-)Questions? Comments? Insults?

Slides: jon.oxer.com.au/talksInsults: >/dev/nullQuestions: Jonathan Oxer jon@ivt.com.au