Confraria InfoSec        Living With Passwords:Personal Password Management                      23/02/2011
Summary  Summary:              •
Mo;va;on                        •
Today’s
scenario                        •
Alterna;ves  ...
Motivation > Lots of accounts compromisedSAPO
Websecurity
Team                       3
Motivation > Lots of accounts compromisedSAPO
Websecurity
Team                       3
Motivation > People Reuse Passwords  •

Password
Sharing:
73%
of
users
share
passwords
that
are
used
for
online
banking
  ...
Today Typical
choice
of
passwords
on
the
Web:SAPO
Websecurity
Team                      5
Today Typical
choice
of
passwords
on
the
Web:   • Weak
password
and
reused
in
different
sitesSAPO
Websecurity
Team         ...
Today Typical
choice
of
passwords
on
the
Web:   • Weak
password
and
reused
in
different
sites   • Strong
password
but
reuse...
Today Typical
choice
of
passwords
on
the
Web:   • Weak
password
and
reused
in
different
sites   • Strong
password
but
reuse...
Today Typical
choice
of
passwords
on
the
Web:   • Weak
password
and
reused
in
different
sites   • Strong
password
but
reuse...
Today Typical
choice
of
passwords
on
the
Web:   • Weak
password
and
reused
in
different
sites   • Strong
password
but
reuse...
Today             Can
we
memorize
hundreds
                of
strong
passwords?SAPO
Websecurity
Team   Confraria
InfoSec   6
Today                        No
way!SAPO
Websecurity
Team    Confraria
InfoSec   7
Today                        So
what
can
we
do?SAPO
Websecurity
Team         Confraria
InfoSec   8
Alternatives to memorizing multiple passwords?     • Non‐electronic         ‐ Post‐it         ‐ Password
Cards     • Limit...
Alternatives > Post-it   Post‐it       User
can
write
passwords
on
a
piece
of
paper,
prefixed
and
sufixed
with
random
chars,...
Alternatives > Password Cards   Password
Cards       User
keeps
the
password
card
in
his/her
wallet
and
all
he/she
does
it...
Alternatives > OpenID   OpenID          Open
standard
that
describes
how
users
can
be
authen;cated
in
a
decentralized
mann...
Alternatives > OAuth based   OAuth
based       Use
popular
sites
(Facebook,
TwiZer,
SAPO)
as
authen;cators
to
other
sites,...
Alternatives > Smart Cards   Smart
Cards       Some
sites
allow
you
to
use
SSL
Client
cer;ficates
as
a
mean
       of
authe...
Alternatives > Password Managers   Password
Managers       Use
a
password
manager
to
manage
all
your
passwords
instead
of
...
Alternatives > Password Managers > Local > PGP File   PGP
Encrypted
File
on
Disk       Not
really
a
password
manager,
but
...
Alternatives > Password Managers > Local > MacOSX Keychain   MacOSX
Keychain       OS‐wise
password
manager.
Can
sync
keyc...
Alternatives > Password Managers > Local > Password Safe   Password
Safe       Similar
to
PGP
Encrypted
File
in
terms
of
f...
Alternatives > Password Managers > Stateless > SuperGenPass   SuperGenPass      SuperGenPass
is
a
simple
bookmarklet
that
...
Alternatives > Password Managers > Remote   Remote
Password
ManagersSAPO
Websecurity
Team                        20
Alternatives > Password Managers > Remote > LastPass LastPass
Features:SAPO
Websecurity
Team                              ...
Alternatives > Password Managers > Remote > LastPass LastPass
Features:   • Server
is
not
aware
of
your
encryp;on
keySAPO
...
Alternatives > Password Managers > Remote > LastPass LastPass
Features:   • Server
is
not
aware
of
your
encryp;on
key   • ...
Alternatives > Password Managers > Remote > LastPass LastPass
Features:   • Server
is
not
aware
of
your
encryp;on
key   • ...
Alternatives > Password Managers > Remote > LastPass > UsageLoginSAPO
Websecurity
Team                                    ...
Alternatives > Password Managers > Remote > LastPass > UsageSaving
a
siteSAPO
Websecurity
Team                            ...
Alternatives > Password Managers > Remote > LastPass > UsageSaving
a
siteSAPO
Websecurity
Team                            ...
Alternatives > Password Managers > Remote > LastPass > UsageSite
loginSAPO
Websecurity
Team                               ...
Alternatives > Password Managers > Remote > LastPass  Looking
deeper:         • The
login
process;         • Adding
a
site...
Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
The
login
processSAPO
Websecurity
Team     ...
Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
The
login
process  Parameter              V...
Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
The
login
process     Parameter            ...
Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
Adding
a
siteSAPO
Websecurity
Team         ...
Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
Adding
a
site   Parameter        Value     ...
Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
Adding
a
site   Parameter        Value     ...
Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
Risks
related
to
implementa[onSAPO
Websecur...
Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
Risks
related
to
implementa[on    • The
URL...
Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
Risks
related
to
implementa[on    • The
URL...
Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
Risks
related
to
implementa[on    • The
URL...
Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
Risks
related
to
implementa[on    • The
URL...
Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
Risks
related
to
implementa[on    • The
URL...
Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
Risks
related
to
implementa[on    • The
URL...
Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
Major
threats  •    Master
password
theH;  ...
Alternatives > Password Managers > Remote > LastPassSAPO
Websecurity
Team                                   33
Alternatives > Password Managers > Remote > LastPass Pros:   Prac[cal       • One
password
to
remember;        •   Integra...
Alternatives > Password Managers > Remote > LastPass Pros:   Prac[cal       • One
password
to
remember;        •   Integra...
Upcoming SlideShare
Loading in...5
×

Living With Passwords: Personal Password Management

4,995
-1

Published on

Living with passwords. How can you manage your passwords and what the alternatives are. Password managers, two-factor authentication, OTPs, smart cards and NFC are some of the covered topics.

Published in: Technology
0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
4,995
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
78
Comments
0
Likes
5
Embeds 0
No embeds

No notes for slide
  • \n
  • - All examples in PHP and MySQL\n
  • - Passwords can be compromised\n- If compromised passwords are hashed, bad passwords can be broken\n
  • - Passwords can be compromised\n- If compromised passwords are hashed, bad passwords can be broken\n
  • - Passwords can be compromised\n- If compromised passwords are hashed, bad passwords can be broken\n
  • - Passwords can be compromised\n- If compromised passwords are hashed, bad passwords can be broken\n
  • - Passwords can be compromised\n- If compromised passwords are hashed, bad passwords can be broken\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • - Passwords are remotely stored\n- Web-based\n- Multi-platform\n- Sync between devices\n\n\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • hash parameter ~ HMAC\n
  • hash parameter ~ HMAC\n
  • hash parameter ~ HMAC\n
  • hash parameter ~ HMAC\n
  • hash parameter ~ HMAC\n
  • hash parameter ~ HMAC\n
  • hash parameter ~ HMAC\n
  • hash parameter ~ HMAC\n
  • hash parameter ~ HMAC\n
  • hash parameter ~ HMAC\n
  • hash parameter ~ HMAC\n
  • - Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
  • - Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
  • - Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
  • - Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
  • - Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
  • - Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
  • - Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
  • \n
  • \n
  • \n
  • - Waterproof\n- \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Anti-phishing\nAnti-gawker\n\n
  • - PAM\n- SSH\n
  • - The ModHex encoding is used instead of standard hex or base64 encoding to make the device independent of language settings in the operating system.\n- sessionCtr : It is incremented every time the device is powered on and an OTP is used\n- timestamp : Is set to a random value every time the device is connected.\n- sessionUse: counts the number of authentication tokens generated during the particular session.\n- random: LFSR register seeded by the touch button sensor USB activity\n- crc: data corruption (not integrity!)\n- \n
  • - Token duplication/steal issues may be hindered by counter desynchronization and the usage of a simple PIN\n- If the authentication token is stolen or lost, one must assume it is compromised already\n\n
  • - Token duplication/steal issues may be hindered by counter desynchronization and the usage of a simple PIN\n- If the authentication token is stolen or lost, one must assume it is compromised already\n\n
  • - Token duplication/steal issues may be hindered by counter desynchronization and the usage of a simple PIN\n- If the authentication token is stolen or lost, one must assume it is compromised already\n\n
  • - Token duplication/steal issues may be hindered by counter desynchronization and the usage of a simple PIN\n- If the authentication token is stolen or lost, one must assume it is compromised already\n\n
  • - Token duplication/steal issues may be hindered by counter desynchronization and the usage of a simple PIN\n- If the authentication token is stolen or lost, one must assume it is compromised already\n\n
  • - Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
  • - Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
  • - Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
  • - Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
  • - Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
  • - Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
  • - Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
  • - Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
  • \n
  • - Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
  • - Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
  • - Token duplication may be hindered by counter desynchronization and the usage of a simple PIN\n- \n
  • \n
  • Living With Passwords: Personal Password Management

    1. 1. Confraria InfoSec Living With Passwords:Personal Password Management 23/02/2011
    2. 2. Summary Summary: •
Mo;va;on •
Today’s
scenario •
Alterna;ves ‐
Non‐electronic ‐
Limited ‐
Password
Managers •
Two‐Factor
Authen;ca;on ‐
SoHware
Tokens ‐
Hardware
Tokens •
TrendsSAPO
Websecurity
Team 2
    3. 3. Motivation > Lots of accounts compromisedSAPO
Websecurity
Team 3
    4. 4. Motivation > Lots of accounts compromisedSAPO
Websecurity
Team 3
    5. 5. Motivation > People Reuse Passwords •

Password
Sharing:
73%
of
users
share
passwords
that
are
used
for
online
banking
 with
at
least
one
non‐financial
website. •

Username
/
Password
Sharing:
42%
of
users
share
both
their
username
and
 password
with
at
least
one
non‐financial
website Study
on
4M
PCs in
Reusing
Login
Creden.als,
Security
Advisor,

February
2010,
Trusteer
Inc.SAPO
Websecurity
Team 4
    6. 6. Today Typical
choice
of
passwords
on
the
Web:SAPO
Websecurity
Team 5
    7. 7. Today Typical
choice
of
passwords
on
the
Web: • Weak
password
and
reused
in
different
sitesSAPO
Websecurity
Team 5
    8. 8. Today Typical
choice
of
passwords
on
the
Web: • Weak
password
and
reused
in
different
sites • Strong
password
but
reused
in
different
sitesSAPO
Websecurity
Team 5
    9. 9. Today Typical
choice
of
passwords
on
the
Web: • Weak
password
and
reused
in
different
sites • Strong
password
but
reused
in
different
sites • Weak
password
but
different
from
other
sitesSAPO
Websecurity
Team 5
    10. 10. Today Typical
choice
of
passwords
on
the
Web: • Weak
password
and
reused
in
different
sites • Strong
password
but
reused
in
different
sites • Weak
password
but
different
from
other
sites • Strong
password
for
cri;cal
sites,
Weak
password
for
other
sitesSAPO
Websecurity
Team 5
    11. 11. Today Typical
choice
of
passwords
on
the
Web: • Weak
password
and
reused
in
different
sites • Strong
password
but
reused
in
different
sites • Weak
password
but
different
from
other
sites • Strong
password
for
cri;cal
sites,
Weak
password
for
other
sites • Strong
or
weak
password
and
basic
deriva;ons
on
other
sitesSAPO
Websecurity
Team 5
    12. 12. Today Can
we
memorize
hundreds
 of
strong
passwords?SAPO
Websecurity
Team Confraria
InfoSec 6
    13. 13. Today No
way!SAPO
Websecurity
Team Confraria
InfoSec 7
    14. 14. Today So
what
can
we
do?SAPO
Websecurity
Team Confraria
InfoSec 8
    15. 15. Alternatives to memorizing multiple passwords? • Non‐electronic ‐ Post‐it ‐ Password
Cards • Limited
adop;on ‐ OpenID
/
OAuth
(Facebook,
TwiZer,
Google,
SAPO) ‐ Smart
card • Password
Managers: ‐ Local
(examples): ‣ PGP
File
on
Disk ‣ Mac
Keychain ‣ Password
Safe ‐ Stateless
(examples): ‣ SuperGenPass ‐ Remote
(examples): ‣ LastPass ‣ 1Password
+
DropboxSAPO
Websecurity
Team 9
    16. 16. Alternatives > Post-it Post‐it User
can
write
passwords
on
a
piece
of
paper,
prefixed
and
sufixed
with
random
chars,
 and
keep
it
in
his/her
wallet Pros: • More
secure
than
memorizing
weak
passwords 12345 6 Cons: • Not
prac;cal
at
all • Difficult
to
check
and
type
passwords
when
there’re
 people
around “Simply, people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down. Were all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.” in
Schneier
on
Security,
Bruce
Schneier,
Jun
2005SAPO
Websecurity
Team 10
    17. 17. Alternatives > Password Cards Password
Cards User
keeps
the
password
card
in
his/her
wallet
and
all
he/she
does
it
remember
a
 combina;on
of
a
symbol
and
a
color
per
site...
and
direc;on
and
length! Pros: • More
secure
than
post‐it
if
 stolen Cons: • Not
prac;cal • Might
be
difficult
to
use
because
of
 password
policies • User
s;ll
needs
to
memorize
some
 informa;on
for
each
siteSAPO
Websecurity
Team 11
    18. 18. Alternatives > OpenID OpenID Open
standard
that
describes
how
users
can
be
authen;cated
in
a
decentralized
manner,
 allowing
users
to
consolidate
their
digital
iden;;es Pros: • Users
don’t
need
to
remember
 mul;ple
passwords • Sites
don’t
know
users’
passwords • Users
can
change
provider
and
s;ll
 maintain
digital
iden;ty • Allows
mul;ple
authen;ca;on
 mechanisms Cons: • Limited
to
the
subset
of
sites
that
 support
OpenID • If
the
provider
is
down
you
can’t
 authen;cate*SAPO
Websecurity
Team 12
    19. 19. Alternatives > OAuth based OAuth
based Use
popular
sites
(Facebook,
TwiZer,
SAPO)
as
authen;cators
to
other
sites,
just
like
 OpenID. Similar
Pros&Cons
of
OpenIDSAPO
Websecurity
Team 13
    20. 20. Alternatives > Smart Cards Smart
Cards Some
sites
allow
you
to
use
SSL
Client
cer;ficates
as
a
mean
 of
authen;ca;on.
Cer;ficates
can
be
stored
in
a
Smart
Card. Pros: • Good
security
offered • Even
beZer
when
used
as
 3‐factor
authen;ca;on Cons: • Not
very
prac;cal • Only
a
very
limited
number
of
sites
 support
SSL
Client
cer;ficates • May
provide
a
false
sense
of
securitySAPO
Websecurity
Team 14
    21. 21. Alternatives > Password Managers Password
Managers Use
a
password
manager
to
manage
all
your
passwords
instead
of
trying
to
memorize
 them
all Types
(we
will
provide
examples
of
each): •
Local •
Stateless •
Remote Pros: • easy
to
use • prac;cal • enable
you
to
use
strong
and
 different
passwords
across
sites Cons: • If
a
hacker
breaks
your
password
 manager,
ALL
your
passwords
are
 compromised!SAPO
Websecurity
Team 15
    22. 22. Alternatives > Password Managers > Local > PGP File PGP
Encrypted
File
on
Disk Not
really
a
password
manager,
but
the
user
can
keep
all
his/hers
passwords
in
one
file
 that
is
encrypted
with
PGP. Pros: • It
seems
preZy
secure Cons: • Not
for
everyone • Hard
to
maintain • If
you
need
a
password
and
you
 don’t
have
your
computer
with
you..SAPO
Websecurity
Team 16
    23. 23. Alternatives > Password Managers > Local > MacOSX Keychain MacOSX
Keychain OS‐wise
password
manager.
Can
sync
keychain’s
data
with
other
computers. Pros: • Integrated
with
the
opera;ng
system,
 thus
easy
and
prac;cal
to
use • Secure • You
can
unlock
your
keychain
with
a
 smart
card Cons: • If
you
need
a
password
and
you
 don’t
have
your
computer
with
you.. • Only
MacOSX
is
supportedSAPO
Websecurity
Team 17
    24. 24. Alternatives > Password Managers > Local > Password Safe Password
Safe Similar
to
PGP
Encrypted
File
in
terms
of
func;onality
but
has
a
GUI. Pros: • Secure • GUI
to
manage
passwords Cons: • If
you
need
a
password
and
you
 don’t
have
your
computer
with
you.. • Only
MS‐Windows
is
supportedSAPO
Websecurity
Team 18
    25. 25. Alternatives > Password Managers > Stateless > SuperGenPass SuperGenPass SuperGenPass
is
a
simple
bookmarklet
that
computes
your
site’s
password. No
one
knows
your
passwords.
Site’s
password
=10x
MD5(yourMasterSecret:domainURL). Pros: • Simple
Idea,
simple
to
use • Very
Prac;cal,
easy
to
use
when
you
don’t
 have
access
to
your
computer Cons: • Prone
to
XSS
aZacks!SAPO
Websecurity
Team 19
    26. 26. Alternatives > Password Managers > Remote Remote
Password
ManagersSAPO
Websecurity
Team 20
    27. 27. Alternatives > Password Managers > Remote > LastPass LastPass
Features:SAPO
Websecurity
Team 21
    28. 28. Alternatives > Password Managers > Remote > LastPass LastPass
Features: • Server
is
not
aware
of
your
encryp;on
keySAPO
Websecurity
Team 21
    29. 29. Alternatives > Password Managers > Remote > LastPass LastPass
Features: • Server
is
not
aware
of
your
encryp;on
key • Data
is
stored
on
server
in
encrypted
form
and
encrypted/decrypted
 locally
(using
JS
or
browser
extension)SAPO
Websecurity
Team 21
    30. 30. Alternatives > Password Managers > Remote > LastPass LastPass
Features: • Server
is
not
aware
of
your
encryp;on
key • Data
is
stored
on
server
in
encrypted
form
and
encrypted/decrypted
 locally
(using
JS
or
browser
extension) • Device
synchroniza;on • Mul;plamorm
support • Import
and
export
func;onality • Mul;‐factor
authen;ca;on
(OTPs,
Yubikey,
Grid,
among
others) • Phishing
mi;ga;onSAPO
Websecurity
Team 21
    31. 31. Alternatives > Password Managers > Remote > LastPass > UsageLoginSAPO
Websecurity
Team 22
    32. 32. Alternatives > Password Managers > Remote > LastPass > UsageSaving
a
siteSAPO
Websecurity
Team 23
    33. 33. Alternatives > Password Managers > Remote > LastPass > UsageSaving
a
siteSAPO
Websecurity
Team 24
    34. 34. Alternatives > Password Managers > Remote > LastPass > UsageSite
loginSAPO
Websecurity
Team 25
    35. 35. Alternatives > Password Managers > Remote > LastPass Looking
deeper: • The
login
process; • Adding
a
site; • Risks
related
to
implementa;on; • Major
threats; • Advantages.SAPO
Websecurity
Team 26
    36. 36. Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
The
login
processSAPO
Websecurity
Team 27
    37. 37. Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
The
login
process Parameter Value Opera[on username hypnotoad@sapo.pt user 0f4ca0edff9ac0436c9c161565c7bff0654aa67 hash e412578e5294a245d971d91cb SHA256(master_key + password) Le74Bkbjqv8Hfj5HPayoqCD402FtjIBn7XhSN encrypted_username,
 B64(AES256_ECB(master_key,
PKCS7(user))) miTNzk= requesthash dafb156eb7e0c3aa23a47c90a70350b54ce64 lostpwotphash 9c9a9e6ee6670f64110dc783778 SHA256(user
+
recovery_key) e548f6d1a533d298102519aed86ef186b3d3b u 9f4b0d3c7c1c20cc8072771ce3d 
SHA256(user)SAPO
Websecurity
Team 28
    38. 38. Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
The
login
process Parameter Value Opera[on username hypnotoad@sapo.pt user 0f4ca0edff9ac0436c9c161565c7bff0654aa67 hash e412578e5294a245d971d91cb SHA256(master_key + password) Le74Bkbjqv8Hfj5HPayoqCD402FtjIBn7XhSN encrypted_username,
 B64(AES256_ECB(master_key,
PKCS7(user))) miTNzk= requesthash dafb156eb7e0c3aa23a47c90a70350b54ce64 lostpwotphash 9c9a9e6ee6670f64110dc783778 SHA256(user
+
recovery_key) e548f6d1a533d298102519aed86ef186b3d3b u 9f4b0d3c7c1c20cc8072771ce3d 
SHA256(user) • user
=
“hypnotoad@sapo.pt” • password
=
“pwd123456” • master_key
=
SHA256(user
+
password) • rand_n
=
RAND(128b) • recovery_key
=
SHA256(user
+
rand_n) • encrypted_master_key
=
AES256_ECB(recovery_key,
master_key)SAPO
Websecurity
Team 28
    39. 39. Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
Adding
a
siteSAPO
Websecurity
Team 29
    40. 40. Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
Adding
a
site Parameter Value Opera[on url 68747470733a2f2f747769747465722e636f6d2f HEX(“hfps://twifer.com/”) name iiFFsmFqWzhZEzz4WdqFsQ== B64(AES256_ECB(master_key,
 PKCS7(“twifer.com”))) username VXu4hWF75MFuA1XiaAUp/g== B64(AES256_ECB(master_key,
 PKCS7(“someaccount”))) 8ISq2uZ6HHHkgaPNPzTDDs2sqi+erKc65snJce/ B64(AES256_ECB(master_key,
 password 0V2s= PKCS7(“NS3ptHQcvwEkCX6NK9uJeKOstLWbN4 Mf”))) Le74Bkbjqv8Hfj5HPayoqCD402FtjIBn7XhSNmiT requesthash B64(AES256_ECB(master_key,
PKCS7(user))) Nzk=SAPO
Websecurity
Team 30
    41. 41. Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
Adding
a
site Parameter Value Opera[on url 68747470733a2f2f747769747465722e636f6d2f HEX(“hfps://twifer.com/”) name iiFFsmFqWzhZEzz4WdqFsQ== B64(AES256_ECB(master_key,
 PKCS7(“twifer.com”))) username VXu4hWF75MFuA1XiaAUp/g== B64(AES256_ECB(master_key,
 PKCS7(“someaccount”))) 8ISq2uZ6HHHkgaPNPzTDDs2sqi+erKc65snJce/ B64(AES256_ECB(master_key,
 password 0V2s= PKCS7(“NS3ptHQcvwEkCX6NK9uJeKOstLWbN4 Mf”))) Le74Bkbjqv8Hfj5HPayoqCD402FtjIBn7XhSNmiT requesthash B64(AES256_ECB(master_key,
PKCS7(user))) Nzk= • user
=
“hypnotoad@sapo.pt” • password
=
“pwd123456” • master_key
=
SHA256(user
+
password)SAPO
Websecurity
Team 30
    42. 42. Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
Risks
related
to
implementa[onSAPO
Websecurity
Team 31
    43. 43. Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
Risks
related
to
implementa[on • The
URL
is
stored
in
plaintext;SAPO
Websecurity
Team 31
    44. 44. Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
Risks
related
to
implementa[on • The
URL
is
stored
in
plaintext; • Form
field
names
are
stored
in
plaintext;SAPO
Websecurity
Team 31
    45. 45. Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
Risks
related
to
implementa[on • The
URL
is
stored
in
plaintext; • Form
field
names
are
stored
in
plaintext; • AES
is
being
used
in
ECB
mode.
The
same
input
always
generates
the
 same
output...
SAPO
Websecurity
Team 31
    46. 46. Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
Risks
related
to
implementa[on • The
URL
is
stored
in
plaintext; • Form
field
names
are
stored
in
plaintext; • AES
is
being
used
in
ECB
mode.
The
same
input
always
generates
the
 same
output...
 • Key
deriva;on
should
be
improved
(e.g.
using
PBKDF2) “That means that it only takes three days to break a seven-letter mixed-case password -- ouch. It takes a little more time if there are numbers and special characters in the password or the password is longer and much less time if the password is all one case, subject to a dictionary attack, or is partially known.”SAPO
Websecurity
Team 31
    47. 47. Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
Risks
related
to
implementa[on • The
URL
is
stored
in
plaintext; • Form
field
names
are
stored
in
plaintext; • AES
is
being
used
in
ECB
mode.
The
same
input
always
generates
the
 same
output...
 • Key
deriva;on
should
be
improved
(e.g.
using
PBKDF2) “That means that it only takes three days to break a seven-letter mixed-case password -- ouch. It takes a little more time if there are numbers and special characters in the password or the password is longer and much less time if the password is all one case, subject to a dictionary attack, or is partially known.” • Beware
of
the
“create
an
OTP
for
recovery
op;on”;SAPO
Websecurity
Team 31
    48. 48. Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
Risks
related
to
implementa[on • The
URL
is
stored
in
plaintext; • Form
field
names
are
stored
in
plaintext; • AES
is
being
used
in
ECB
mode.
The
same
input
always
generates
the
 same
output...
 • Key
deriva;on
should
be
improved
(e.g.
using
PBKDF2) “That means that it only takes three days to break a seven-letter mixed-case password -- ouch. It takes a little more time if there are numbers and special characters in the password or the password is longer and much less time if the password is all one case, subject to a dictionary attack, or is partially known.” • Beware
of
the
“create
an
OTP
for
recovery
op;on”; • Third‐party
security
assessment
s;ll
pending.SAPO
Websecurity
Team 31
    49. 49. Alternatives > Password Managers > Remote > LastPass > DetailsLooking
deeper
‐
Major
threats • Master
password
theH; • Trojan
installed
in
host
may
compromise
all
passwords
at
once.SAPO
Websecurity
Team 32
    50. 50. Alternatives > Password Managers > Remote > LastPassSAPO
Websecurity
Team 33
    51. 51. Alternatives > Password Managers > Remote > LastPass Pros: Prac[cal • One
password
to
remember; • Integrated
with
the
browser; • Synchronizes
creden;als
across
devices.SAPO
Websecurity
Team 33
    52. 52. Alternatives > Password Managers > Remote > LastPass Pros: Prac[cal • One
password
to
remember; • Integrated
with
the
browser; • Synchronizes
creden;als
across
devices. Open • Client‐side
source
code
is
available.SAPO
Websecurity
Team 33
    53. 53. Alternatives > Password Managers > Remote > LastPass Pros: Prac[cal • One
password
to
remember; • Integrated
with
the
browser; • Synchronizes
creden;als
across
devices. Open • Client‐side
source
code
is
available. Secure • Very
effec;ve
in
Gawker‐style
aZacks
(password
containment); • Can
be
paired
with
addi;onal
authen;ca;on
factors; • Passwords
are
stored
in
encrypted
form,
both
locally
and
remotely.SAPO
Websecurity
Team 33
    54. 54. Two-Factor Authentication Two‐Factor
Authen[ca[onSAPO
Websecurity
Team Confraria
InfoSec 34
    55. 55. Two-Factor Auth > Examples Some
Examples •
Smart
cards •
SoHware
OTP
Tokens: ‐
Google
Authen;cator ‐
Verisign
VIP •
Hardware
OTP
Tokens: ‐
Yubikey ‐
CryptoCard ‐
RSA
SecureID Pros: • More
secure
than
single‐ factor:) Cons: • Not
very
prac;cal • May
provide
a
false
sense
of
security • Typically
a
closed
market
(vendors
rip
 you
off!)SAPO
Websecurity
Team 35
    56. 56. Two-Factor Auth > Google Authenticator Google
Authen[cator Supports
HOTP
(event‐based)
and
TOTP
(;me‐based)
codes.
Key
provisioning
via
scanning
 a
QR
code. Pros: • Free!
:) • No
need
to
carry
extra
devices • You
can
use
it
in
your
own
systems
(using
a
PAM
 Module
or
integra;ng
it
with
RADIUS) Cons: • Concerns
related
to
security
of
the
device • Your
baZery
may
die
when
you
most
need
an
OTP • You
lose
some
;me
to
generate
an
OTPSAPO
Websecurity
Team 36
    57. 57. Two-Factor Auth > Yubikey > What is it?What
is
it? • The
Yubikey
is
a
small
USB
token
which
acts
as
a
regular
keyboard.
It
can
 generate
Sta;c
Passwords
and
One
Time
Passwords.
SAPO
Websecurity
Team 37
    58. 58. Two-Factor Auth > Yubikey > How does it work?SAPO
Websecurity
Team 38
    59. 59. Two-Factor Auth > Yubikey > How does it work? Sta[c
Passwords • The
Yubikey
can
be
provisioned
with
a
sta;c
password
with
up
to
64
chars.
 This
password
can
be
used
with
applica;ons/services
that
do
not
support
 OTPs.
You
should
use
an
addi;onal
password!SAPO
Websecurity
Team 38
    60. 60. Two-Factor Auth > Yubikey > How does it work? Sta[c
Passwords • The
Yubikey
can
be
provisioned
with
a
sta;c
password
with
up
to
64
chars.
 This
password
can
be
used
with
applica;ons/services
that
do
not
support
 OTPs.
You
should
use
an
addi;onal
password! One
Time
Passwords • Two
different
One
Time
Password
standards
are
supported:
event‐based
 HOTP
and
Yubikey‐style
OTPs. • HOTP
is
a
beZer
known
standard,
but
it
is
more
limited
due
to
usability
 concerns
(smaller
OTP,
sync
issues,
etc.). • The
Yubikey
OTP
standard
leverages
the
fact
that
the
Yubikey
inputs
the
 OTPs
for
you.SAPO
Websecurity
Team 38
    61. 61. Two-Factor Auth > Yubikey > How does it work? Sta[c
Passwords • The
Yubikey
can
be
provisioned
with
a
sta;c
password
with
up
to
64
chars.
 This
password
can
be
used
with
applica;ons/services
that
do
not
support
 OTPs.
You
should
use
an
addi;onal
password! One
Time
Passwords • Two
different
One
Time
Password
standards
are
supported:
event‐based
 HOTP
and
Yubikey‐style
OTPs. • HOTP
is
a
beZer
known
standard,
but
it
is
more
limited
due
to
usability
 concerns
(smaller
OTP,
sync
issues,
etc.). • The
Yubikey
OTP
standard
leverages
the
fact
that
the
Yubikey
inputs
the
 OTPs
for
you. Two
slots • Short‐press
for
slot
1;
Long‐press
for
slot
2
(3
secs);SAPO
Websecurity
Team 38
    62. 62. Two-Factor Auth > Yubikey > How does it work? Sta[c
Passwords • The
Yubikey
can
be
provisioned
with
a
sta;c
password
with
up
to
64
chars.
 This
password
can
be
used
with
applica;ons/services
that
do
not
support
 OTPs.
You
should
use
an
addi;onal
password! One
Time
Passwords • Two
different
One
Time
Password
standards
are
supported:
event‐based
 HOTP
and
Yubikey‐style
OTPs. • HOTP
is
a
beZer
known
standard,
but
it
is
more
limited
due
to
usability
 concerns
(smaller
OTP,
sync
issues,
etc.). • The
Yubikey
OTP
standard
leverages
the
fact
that
the
Yubikey
inputs
the
 OTPs
for
you. Two
slots • Short‐press
for
slot
1;
Long‐press
for
slot
2
(3
secs); Drivers • Any
OS
with
USB‐keyboard
support.
It
even
works
during
boot
(useful
for,
 e.g.,
whole‐disk
encryp;on
solu;ons
such
as
PGP‐WDE
and
TrueCrypt).SAPO
Websecurity
Team 38
    63. 63. Two-Factor Auth > Yubikey > Where does it work?Yubico
OpenID
(hfp://openid.yubico.com)SAPO
Websecurity
Team 39
    64. 64. Two-Factor Auth > Yubikey > Where does it work?Lastpass
(hfp://www.lastpass.com)SAPO
Websecurity
Team 40
    65. 65. Two-Factor Auth > Yubikey > Where does it work?Laptop

(hfp://127.0.0.1) One
Time
Password Sta;c
PasswordSAPO
Websecurity
Team 41
    66. 66. Two-Factor Auth > Yubikey > DetailsInner
workingsSAPO
Websecurity
Team 42
    67. 67. Two-Factor Auth > Yubikey > Security ThreatsProtocol
afacks • Generated
OTPs
consist
of
unique
128
bit
blocks
encrypted
with
a
shared
 AES
key
between
Token
and
Server.
Protocol
security
depends
on
the
 security
strength
of
the
AES
algorithm.SAPO
Websecurity
Team 43
    68. 68. Two-Factor Auth > Yubikey > Security ThreatsServer
afacks • An
authen;ca;on
server
stores
symmetric
keys
for
all
Token
and
is
a
single
point
 of
failure.
This
can
be
mi;gated
with
tamper‐proof
HSMs
and
user
passwords; • A
DoS
aZack
on
the
server
will
result
in
users
not
being
able
to
log
in.SAPO
Websecurity
Team 44
    69. 69. Two-Factor Auth > Yubikey > Security Threats User
afacks • Social
engineering; • Phishing; • “Borrowing”
the
Token.SAPO
Websecurity
Team 45
    70. 70. Two-Factor Auth > Yubikey > Security Threats Host
afacks • SoHware
key
extrac;on
(very
hard
to
exploit); • Man‐in‐the‐browser.SAPO
Websecurity
Team 46
    71. 71. Two-Factor Auth > Yubikey > Security Threats Hardware
afacks • Hardware
key
extrac;on
and
Token
duplica;on.SAPO
Websecurity
Team 47
    72. 72. Two-Factor Auth > Yubikey > AdvantagesSAPO
Websecurity
Team 48
    73. 73. Two-Factor Auth > Yubikey > AdvantagesPrac[cal • No
drivers
necessary • Types
the
key
for
youSAPO
Websecurity
Team 48
    74. 74. Two-Factor Auth > Yubikey > AdvantagesPrac[cal • No
drivers
necessary • Types
the
key
for
youOpen • Open
standard
and
infrastructure • SoHware
released
under
permissive
license • Extensible
(PIN
op;on) • No
license
required
per
tokenSAPO
Websecurity
Team 48
    75. 75. Two-Factor Auth > Yubikey > AdvantagesPrac[cal • No
drivers
necessary • Types
the
key
for
youOpen • Open
standard
and
infrastructure • SoHware
released
under
permissive
license • Extensible
(PIN
op;on) • No
license
required
per
tokenAffordable • Around
10€
if
purchased
in
larger
quan;;esSAPO
Websecurity
Team 48
    76. 76. Two-Factor Auth > Yubikey > AdvantagesPrac[cal • No
drivers
necessary • Types
the
key
for
youOpen • Open
standard
and
infrastructure • SoHware
released
under
permissive
license • Extensible
(PIN
op;on) • No
license
required
per
tokenAffordable • Around
10€
if
purchased
in
larger
quan;;esSecure • Provides
an
addi;onal
authen;ca;on
factor • OTP
genera;on
requires
manual
interven;onSAPO
Websecurity
Team 48
    77. 77. Future TrendsSAPO
Websecurity
Team Confraria
InfoSec 49
    78. 78. Trends Two‐factor
Authen[ca[on
is
geong
Popular:SAPO
Websecurity
Team 50
    79. 79. Trends NFC
starts
to
be
a
hype: In
“How
Apple
and
Google
will
kill
the
password”,
Computerworld,
Jan
2011:SAPO
Websecurity
Team 51
    80. 80. Trends > BMWʼs NFC PoCSAPO
Websecurity
Team 52
    81. 81. The End Ques[ons? Nuno
Loureiro
<nuno@co.sapo.pt> João
Poupino
<joao.poupino@co.sapo.pt>SAPO
Websecurity
Team Confraria
InfoSec 53
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×