encrypted password storage
DESCRIPTION
IVT Tech Talk by Jonathan Oxer in November 2007. Covers use of hashed passwords in web applications and outlines a method to progressively migrate from plain-text to hashed storage. More information at http://jon.oxer.com.au/talks/id/90TRANSCRIPT
November 1st, 2007Internet Vision Technologies
Melbourne, Victoria, AU
Jonathan Oxer <[email protected]>
Secure PasswordStorage in SiteBuilder
November 1st, 2007Internet Vision Technologies
Melbourne, Victoria, AU
Jonathan Oxer <[email protected]>
18cf7f57ff36142a473acdce6e602b03
“We want to make you aware thatmedia of ours that contained a
backup of a portion of the redditdatabase was stolen recently.
We wanted to alert you to thepossibility that your username,password, and – in some cases– e-mail address may have been
compromised.”
Steve Huffman, reddit.com
Lesson for site owners:
Don't storepasswords in
plain text
Do we really needto know user's
passwords?
No, we need toknow if they
know it!
This is your password:
hammer
This is your password on hash:
d58a27b9f79eb702e1e514b0cdb4e254
A “hashingalgorithm” is
a one-waycalculation
Store the hashedvalue, not the
plaintext
On login: hashthe supplied
value andcompare hashes
User-submitted value:“hammer”
User-submitted value:“hammer”
Hashfunction
User-submitted value:“hammer”
Hashfunction
Calculated hash value:“d58a27b9f7..”
User-submitted value:“hammer”
Hashfunction
Calculated hash value:“d58a27b9f7..”
Pre-stored hash value:“d58a27b9f7..”
Querydatabase
User-submitted value:“hammer”
Hashfunction
Calculated hash value:“d58a27b9f7..”
Pre-stored hash value:“d58a27b9f7..”
Compare
Querydatabase
Dictionary attack:pre-compute hashvalues for every
possible password
echo “hammer” | md5sumalways equals
d58a27b9f79eb702e1e514b0cdb4e254
So the input value for
d58a27b9f79eb702e1e514b0cdb4e254
must have been 'hammer'
Dictionary attackspre-compute a
hash table for everypossible input value
Solution: “salt”the plaintext
with a randomvalue first
Store the saltvalue for later usewhen validating
users
User-submitted value:“hammer”
Hashfunction
Calculated hash value:“d58a27b9f7..”
Pre-stored hash value:“d58a27b9f7..”
Compare
Querydatabase
User-submitted value:“hammer”
Hashfunction
User-submitted value:“hammer”
Hashfunction
Querydatabase
Pre-stored salt value:“nceoter8oa”
User-submitted value:“hammer”
Hashfunction
Calculated hash value:“4aeb7d7b...”
Querydatabase
Pre-stored salt value:“nceoter8oa”
User-submitted value:“hammer”
Hashfunction
Calculated hash value:“4aeb7d7b...”
Pre-stored hash value:“4aeb7d7b...”
Compare
Querydatabase
Pre-stored salt value:“nceoter8oa”
An attacker thenhas to re-compute
their dictionaryfor every attack
SiteBuilder usestwo fields:
`Password` and`PasswordSalt`
On a login requestSB checks for a stored salt value
If salt found thesupplied value
is hashedand comparedwith password
If salt not foundplaintext value is
compared directlywith stored
password value
Then a salt isgenerated, thepassword is
hashed and bothvalues stored
Then a salt isgenerated, thepassword is
hashed and bothvalues stored
Next time the saltwill exist so pw
will be treated asa hashed value
Progressiveencryption of
existingpasswords
Nice side effect:update passwordby simply writing
plaintext anddeleting salt
UPDATE contactsSET `Password` = 'hammer',
`PasswordSalt` = ''WHERE UserId = 123;
On next login itwill be hashedautomatically
Thankyou :-)Questions? Comments? Insults?
Slides: jon.oxer.com.au/talksInsults: >/dev/nullQuestions: Jonathan Oxer [email protected]