Password (in)security
Upcoming SlideShare
Loading in...5

Password (in)security



The 7th June 2012 Linkedin was hacked. More than 6 million LinkedIn passwords was compromised. The real shocking news was not the theft but the fact that the attackers were able to decrypt many of ...

The 7th June 2012 Linkedin was hacked. More than 6 million LinkedIn passwords was compromised. The real shocking news was not the theft but the fact that the attackers were able to decrypt many of these passwords. Why it happened? The answer is simple: a bad design of the password security. In this talk I presented how to choose "secure" user's passwords and how to safely store it from a programmer's perspective.
This talk has been presented during the MOCA 2012,



Total Views
Views on SlideShare
Embed Views



9 Embeds 2,583 2563 11 3 1 1 1 1 1 1



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Password (in)security Password (in)security Presentation Transcript

  • Password (in)securityHow to generate and store passwords in a secure way by Enrico “cerin0” Zimuel
  • About me 1998 Enrico “cerin0” Zimuel Developer since Texas Instruments TI99/4A Research programmer, Informatics institute of UvA (Amsterdam) Core team of the open source project Zend Framework Co-author of the books “Segreti, Spie Codici Cifrati”, “Come si fa ausare la firma digitale”, “PHP Best Practices” Founder of the PHP User Group Torino
  • Password A password is a secret word orstring of characters that is used for authentication.
  • User perspective: How to choose a “secure” password? Developer perspective:How to store a password in a secure way?
  • Password securityBasically every security system is based on password.
  • When security fails...
  • Hack: 6th June 2012More than 6 million passwords was compromised SHA1 password
  • Hack: 6th June 2012More than 1.5 million passwords was compromised SHA1 password
  • Hack: 7th June 2012? million passwords was compromised MD5 password
  • Hack: 12th June 2012 443K passwords was compromisedSQL injection, password in plaintext!
  • How to choose a “robust” users password
  • Some best practices:● No personal information● A long pass phrase is better than a shorterrandom jumble of characters● At least 10 characters long● Dont use the same password for everything● Change your password from time to time
  • DevelopersForce the user to generate robust password
  • DevelopersHow to store a password in a secure way?
  • Old school (deprecated) Use hash algorithms like MD5 or SHA1
  • New school (deprecated?) Use hash algorithm + salt (a random string).
  • Using hash + saltPrevent dictionary attacks? YESPrevent brute force attacks? NO
  • Brute forcing attacksCPU power is growing (multi-core)GPU are rendering password securityuselessUse a Cloud system (n-CPU)
  • Brute forcing with a GPU Source:
  • GPU and CUDACUDA™ is a parallel computingplatform and programming modelinvented by NVIDIA
  • Extreme GPU Bruteforcer using NVIDIA GTS250 ~ $100Algorithm Speed 8 chars 9 chars 10 charsmd5($pass) 426 million p/s 6 days 1 year 62 yearsmd5($pass.$salt) 170 million p/s 14 days 2 ½ years 156 yearssha1($pass) 85 million p/s 29 days 5 years 313 yearssha1($pass.$salt) 80 million p/s 31 days 5 years 332 years Password of 62 characters (a-z, A-Z, 0-9) Source:
  • IGHASHGPU ATI HD 5970 ~ $700Algorithm Speed 8 chars 9 chars 10 charsmd5($pass) 5600 million p/s 10 hours 27 days 4 ½ yearssha1($pass) 2300 million p/s 26 hours 68 days 11 ½ years Password of 62 characters (a-z, A-Z, 0-9) Source:
  • Whitepixel4 Dual HD 5970~ $2800Algorithm Speed 8 chars 9 chars 10 charsmd5($pass) 33 billion p/s 1 ½ hour 4 ½ days 294 days Password of 62 characters (a-z, A-Z, 0-9) Source:
  • Secure algorithms for password storing●Hash + salt + stretching (i.e. PBKDF2)● bcrypt● scrypt
  • Hash + salt + stretching● Stretching = iterate (hash + salt) n-timeskey = ““for 1 to n­times do  key = hash(key + password + salt)
  • How to estimate the number of iterations?●The number of iterations depends on the CPUspeed, should take around 1 sec to be consideredsecure● For instance, this PHP code: <?php $key=; for ($i=0;$i<NUM_ITERATIONS;$i++) {    $key= hash(sha512,$key.$salt.$password); }runs in 900 ms with NUM_ITERATIONS= 40000 usingan Intel Core 2 at 2.1Ghz
  • PBKDF2● PBKDF2 (Password-Based Key Derivation Function 2)is a key derivation function that is part of RSALaboratories Public-Key Cryptography Standards(PKCS) series, specifically PKCS #5 v2.0● PBKDF2 applies a pseudorandom function, such as acryptographic hash, cipher, or HMAC to the input passwordor passphrase along with a salt value and repeats theprocess many times to produce a derived key, which canthen be used as a cryptographic key in subsequentoperations
  • PBKDF2 in PHPPBKDF2 in PHP (Zend Framework 2.0)function calc($hash, $password, $salt, $iterations, $length) { $num = ceil($length / Hmac::getOutputSize($hash,  Hmac::OUTPUT_BINARY)); $result = ; for ($block = 1; $block <= $num; $block++) { $hmac = Hmac::compute($password, $hash, $salt . pack(N,  $block), Hmac::OUTPUT_BINARY);    $mix = $hmac;    for ($i = 1; $i < $iterations; $i++) {    $hmac = Hmac::compute($password, $hash, $hmac,    Hmac::OUTPUT_BINARY);    $mix ^= $hmac;    }    $result .= $mix; } return substr($result, 0, $length);}
  • bcrypt●● bcrypt uses Blowfish cipher + iterations to generatesecure hash values● bcrypt is secure against brute force or dictionaryattacks because is slow, very slow (that means attacksneed huge amount of time to be completed)
  • bcrypt parameters●The algorithm needs a salt value and a work factorparameter (cost), which allows you to determinehow expensive the bcrypt function will be●The cost value depends on the CPU speed, checkon your system! I suggest to set at least 1 second.
  • bcrypt in PHP● bcrypt is implemented in PHP with the crypt() function: $salt = substr(str_replace(+, .,                base64_encode($salt)), 0, 22); $hash = crypt($password,$2a$.$cost.$.$salt);● For instance, $password= thisIsTheSecretPassword and $salt= hsjYeg/bxn()%3jdhsGHq0   aHNqWWVnL2J4bigpJTNqZGhzR0hxMA==$a9c810e9c722af719adabcf50d b8a0b4cd0d14e07eddbb43e5f47bde620a3c13 Green= salt, Red= encrypted password
  • scrypt●● scrypt is a sequential memory hard algorithm: ● memory-hard functions require high memory ● cannot be parallelized efficiently● scrypt uses PBKDF2, HMAC-SHA256, Salsa 20/8 core
  • scrypt security“From a test executed on modern (2009) hardware,if 5 seconds are spent computing a derived key, thecost of a hardware brute-force attack against scryptis roughly 4000 times greater than the cost of asimilar attack against bcrypt (to find the samepassword), and 20000 times greater than a similarattack against Pbkdf2." Colin Percival (the author of scrypt algorithm)
  • Conclusion● As user:Use only “robust” password (e.g. long pass phrase isbetter than a shorter random jumble of characters)Dont use the same password for different services● As developer:Dont use hash or hash+salt to store a password!Use hash+salt+stretching (PBKDF2), bcrypt or scryptto store your passwords
  • References● Colin Percival, Stronger Key Derivation via Sequential Memory-Hard Functions, presented at BSDCan09, May 2009● Morris, Robert, Thompson, Ken, Password Security: A Case History, Bell Laboratories, 2011● Coda Hale, How to safely store a password, 2010● J. Kelsey, B. Schneier, C. Hall, and D. Wagner, Secure Applications of Low-Entropy Keys, nformation Security Workshop (ISW97), 1997● Marc Bevand, Whitepixel breaks 28.6 billion password/sec● Andrew Zonenberg, Distributed Hash Cracker: A Cross- Platform GPU-Accelerated Password Recovery System, 2009
  • Thanks! @ezimuel