secret-in · 2020. 7. 31. · you should find a way to share it. ... what's a good secret...
TRANSCRIPT
Secret-in.me
A pentester design of password secret manager
Who am I ?
Security engineer
Working at SCRT France !
Password manager
Password
A string
● You have to remember
● To authenticate yourself
● Others can't guess
Very hard for human mind.
Try to remember 4csVIus9TG82BXRedA5B5gAZjHKm7dNa
Secret
Information shared by very few people
You should find a way to share it.
Only the concerned people should access it.
Multiple services => multiple passwords
Impossible to do with your mind
Try to remember 235 random strings...
Password manager
SSO/LDAP binding● Linked to the Active Directory
● Centralized management
● One private password by employee
● Multiple access to the service
● Access log rely on the service
● Service should support SSO !
KEEPASS● Not easy to share
● Centralized management
● Work with any services
● One private password by employee
● One access to the service
● Useless access log on the service
Company's headache : managing access authorization
● Multiple equipment● Employees in and out
Password manager
SSO/LDAP binding KEEPASS● Identify user using keepass
● Wait for the keepass to be unlocked
● KeeFarce
● Do it for every users
Pentest timePick your favorite vulnerability
● WPAD + weak password● Outdated software● Default passwords● ...
Password manager
● Secret encryption with standards => Obvious
● Open source => To check claimed security
● Limited dependencies => Reduce trust surface
● Cryptography not written by us => Crypto is hard
● Double authentication standard => Obvious
● Sharing possibility => Needed in company
● Logging possibility => Needed in company
● Browser integration => Easier to use
What's a good secret manager ? (from our point of view)
Secret-in.me
Started in 2015 after Gandi 15 years anniversaryImproved a lot more recently
TADAAAA!
Secret-in.me● Reduce trust surface
– "We don't want to install new client software"● Maintenance, backdoor…
– We trust the browser (I hope you do)
– W3C wrote WebCryptoAPI
– Browser can do cryptography !
– For now, only Blink (google chrome and chromium engine) support every standards.
● You only have to trust your browser and secret-in.me
● Unfortunately not if you want a pretty UI...
Secret-in.me● Storage
– JSON is easy to transport● Write it on file anywhere (like keepass)● Use a server to save it for you
● Cryptography is done client side
– Compromised server can't read your secrets
– Compromised network can't read your secrets
● Using server can add privileges and logging dimension
– Read only, Read/write, Read/Write/Share
– Who, what, when
Secret-in.me
How it worksCryptographic layer
Key pairRSA-OAEP 4096SHA256
PBKDF2 SHA256256 bits random salt100 000 + (random%255) iterations
Derived Key
Wrapping with AES-CBC-256
IV + Wrapped private key
Insecure server
Derivation parametersSHA256(username)IV + Wrapped private keyPublic key
Registration
Passphrase
Username SHA256
{ "0a041b9462caa4a31bac3567e0b6e6fd9100787db2ab433d96f6d178cabfce90": { "keys": {}, "pass": { "iterations": 100105, "salt": "1e473abdb40125b8f07b6a77959413f2fed862ffa4c81cbcb5db17de7aebcf48" }, "privateKey": { "iv": "ee73cf663438360febc74d5d6f8720f4", "privateKey": "47da2b54a55198[...]9e0d64fda2db9211ad7d6394a9d7" }, "publicKey": { "alg": "RSA-OAEP-256", "e": "AQAB", "ext": true, "key_ops": [ "encrypt", "wrapKey" ], "kty": "RSA", "n": "nGGkuqrDLpqrggBzkmx-[...]hLt9wEFh5tQRbObcFFEZ8" } }}
Server View
PBKDF2 SHA256
Derived Key
Unwrapping with AES-CBC-256
Login
Username SHA256 0a041b946ef12a6...
Passphrase
Derivation parameters+
Public key+
IV + Wrapped private key
Response
Private key
"Authenticated" user
Secret
Encryption with AES-GCM-256
Wrapping with RSA-OAEP
IV + Encrypted secret
Insecure server
Secret IDIV + Encrypted secretWrapped shared key
Secret creation
Random shared key
Title SHA256
Timestamp
Secret ID
Public key
Wrapped shared key
{ "secrets": { "0839fb4655ea32255f60e4e37fe07e207be65774d8a9255bc9344403faeaead7": { "iv": "2e16d955f86c6589d821c7a1", "secret": "873c828e20ef4909cf[...]5640ac4b", }, }, "users": { "0a041b9462caa4a31bac3567e0b6e6fd9100787db2ab433d96f6d178cabfce90": { "keys": { "0839fb4655ea32255f60e4e37fe07e207be65774d8a9255bc9344403faeaead7": { "key": "98fef3afc43e7f3d[...]26b2f833b972b3d54", }, }, "pass": { "iterations": 100024, "salt": "5dd0c60727bc84e49f0fa271bb4e7188d750e10eb0ae868df008d39464541634" }, "privateKey": { "iv": "23ddc5828a2533c1b23ca5ffa7eb4cb0", "privateKey": "6fa526a3c515068537a8e033[...]8e9d8937c21db55b" }, "publicKey": { "alg": "RSA-OAEP-256", "e": "AQAB", "ext": true, "key_ops": [ "encrypt", "wrapKey" ], "kty": "RSA", "n": "vON4sq1SWK9bKEqXWMkG7n[...]drK24TkxJXHJ1vxLDjiIM" } } }}
Secret
Decryption with AES-GCM-256
Secret retrievalGive me my keys
List of IDs + Wrapped shared keys
Give me the secret 80ae13...
IV + Encrypted secret
Private key Wrapped shared key
Unwrapping with RSA-OAEP
Shared key
Secret sharing
Friend public key
Private keyWrapped shared key of secret you want to share
Unwrapping with RSA-OAEP
Shared key
Friend username
SHA256
Wrapping with RSA-OAEP
Wrapped shared key
Wrapped shared key for friendFriend IDSecret ID
Friend ID
Secret-in.me
How it worksLogic layer
PBKDF2 SHA256256 bits random salt100 000 + (random%255) iterations
Derived Key
SHA256 derived key
Insecure server
Registration / Login
Passphrase
Username SHA256
Username: 0a041b946ef12a6...
Hashed derived key0bc12feaa12331c...
SHA256 hashed derived key
Authenticated actions
Username SHA256
Actiondatas
Datas signed withRSA-PSS
Datas + signature
Retrieve public key from claimed hashed username
Verify signature with RSA-PSS
SHA256 derived key
Double authentication (TOTP)Generate 256 bits random seed
XOR seed with hashed derived key
Insecure server
Save it to the user datas
Insecure server
Username: 0a041b946ef12a6...
Hashed derived key0bc12feaa12331c…
TOTP Token187 223
Activation
Login...XOR saved seed with hashed derived key
Verify TOTP token
Insecure server
Derivation parameterSHA256(Device name)Wrapped protection key without IV
Double authentication (Trusted device)
Random protection key PBKDF2 SHA256
256 bits random salt100 000 + (random%255) iterations
Derived Key
ShortpassWrapping with AES-CBC-256
IV + Protected private key Wrapping with AES-CBC-256
Device nameUsername
Wrapped protection key IV
Activation
PBKDF2 SHA256
Derived key
Unwrapping withAES-CBC-256
Double authentication (Trusted device)
Username SHA256 0a041b946ef12a6...
Shortpass
Derivation parameters+
Public key
"Authenticated" user
Login
Device name cd0155eff6ef223...
Hashed derived key
SHA256 SHA256(Hashed derived key)
Wrapped protection key
Wrapped protection key IV
Wrapped private key
Unwrapping with AES-CBC-256
Secret-in.me
● Technologies– Server in nodeJS to stay in JavaScript world
– CouchDB Database● Smart conflict management● Made for easy replication
– Client side library without any dependencies
– Client app using ReactJS
Secret-in.me
DEMO
Secret-in.me
● Problem– How can I save my windows password in it ?
– I need windows access to launch my browser
● Solution
Secret-in.me
● Available on https://secret-in.me
– Server (redis+couchdb+api) bundled by docker-compose● github.com/secretin/secretin-server
– Library shipped in npm● github.com/secretin/secretin-lib
– Client● github.com/secretin/secretin-app
– Windows black magic● github.com/secretin/secretin-windows
Secret-in.me roadmap
– Find a logo !
– Offline mode (in beta)
– React-native app for iOS
– Improve UI:UX● Add loading information● Add error information
– Improve documentation for easy self hosting● How to setup couchdbv2 with master master replication...
– Add application settings (auto close, secret generation options...)
– Obfuscate private key in memory when decrypted