[Russia] Node.JS - Architecture and Vulnerabilities

OWASP EEE
OWASP EEEOWASP
1 Node.JS – Architecture and Vulnerabilities By Leon Maister Oct, 2015
Agenda • Architecture • DoS – (Demo) • Weak Crypto – (Demo)
EventLoop Event Queue Event Loop (Single thread) File System Database Network Register Callback Operation Complete Trigger Callback http://stackoverflow.com/questions/21596172/what-function-gets-put-into-eventloop-in-nodejs-and-js
[Russia] Node.JS - Architecture and Vulnerabilities
Architecture (cont) • I/O Intensive • DB queries • Application with user UI (WebApps) • CPU Intensive
DoS Function sum (p) for (i=1;i<=p;++i) { f=f+i; } This makes node.js highly vulnerable to DoS http://localhost:49090/sum?p=5 http://localhost:49090/sum?p=100000000 http://localhost:49090/sum?p=5
Weak Crypto ?
Seed State0[0,1] State1[0,1] State2[0,1] State3[0,1] Staten[0,1] Random0 Random1 Random2 Randomn Random3 V8 PRNG is known as weak V8 PRNG is known to be weak. For example, check Amit Klein’s http://dl.packetstormsecurity.net/papers /general/Google_Chrome_3.0_Beta_M ath.random_vulnerability.pdf
V8’s default PRNG Given 3 consecutive random numbers, the values of state[0] and state[1] can be inferred – hence all future values can be known in advance. But In browsers, each tab has its own set of “state” variables. That’s one of the reasons this issue is treated as low-severity But In node.js, all users are running within the same context. Each user can tell what are the values of the global “state” variables.
V8’ f u PRNG Given 3 “random” new passwords – we will be able to tell all future ones First, we need to “reverse” the MD5 for 3 passwords to their original “random” float number. Then, we need to compute the “state” variable to get the 4th consecutive value.
Register FakeUser1 Register FakeUser2 Register FakeUser3 FakeUser1 Password FakeUser2 Password FakeUser3 Password Reminder: Password = MD5(random()) Step 1
Step2 Register FakeUser1 Register FakeUser2 Register FakeUser3 FakeUser1 Password FakeUser2 Password FakeUser3 Password Reminder: Password = MD5(random())
Step2 FakeUser1 – Clear Random FakeUser1 Password FakeUser2 Password FakeUser3 Password Reminder: Password = MD5(random()) FakeUser2 – Clear Random FakeUser3 – Clear Random
Step2 FakeUser1 – Clear Random FakeUser1 Password FakeUser2 Password FakeUser3 Password Reminder: Password = MD5(random()) FakeUser2 – Clear Random FakeUser3 – Clear Random RealUser1 – Future Password
DEMO
1 of 15

[Russia] Node.JS - Architecture and Vulnerabilities

Download to read offline
Internet

Node.JS - Architecture and Vulnerabilities. Leon Maister.

OWASP EEE
OWASP EEEOWASP

Recommended

Nodejs a-practical-introduction-oredev by
Nodejs a-practical-introduction-oredevNodejs a-practical-introduction-oredev
Nodejs a-practical-introduction-oredevFelix Geisendörfer
2.9K views59 slides
Nodejs - Should Ruby Developers Care? by
Nodejs - Should Ruby Developers Care?Nodejs - Should Ruby Developers Care?
Nodejs - Should Ruby Developers Care?Felix Geisendörfer
3.8K views52 slides
Nodejs - A quick tour (v4) by
Nodejs - A quick tour (v4)Nodejs - A quick tour (v4)
Nodejs - A quick tour (v4)Felix Geisendörfer
4.6K views50 slides
Go, memcached, microservices by
Go, memcached, microservicesGo, memcached, microservices
Go, memcached, microservicesmosa siru
17.1K views58 slides
ニュースパスのクローラーアーキテクチャとマイクロサービス by
ニュースパスのクローラーアーキテクチャとマイクロサービスニュースパスのクローラーアーキテクチャとマイクロサービス
ニュースパスのクローラーアーキテクチャとマイクロサービスmosa siru
10.6K views57 slides
Let's Get Acquainted: Ansible! / Symfony Camp UA 2014 by
Let's Get Acquainted: Ansible! / Symfony Camp UA 2014Let's Get Acquainted: Ansible! / Symfony Camp UA 2014
Let's Get Acquainted: Ansible! / Symfony Camp UA 2014Igor Brovchenko
2K views39 slides

More Related Content

Viewers also liked

[Lithuania] I am the cavalry by
[Lithuania] I am the cavalry[Lithuania] I am the cavalry
[Lithuania] I am the cavalryOWASP EEE
539 views36 slides
RESUME OF MAHFUZUR RAHMAN_Oct' 15 by
RESUME OF MAHFUZUR RAHMAN_Oct' 15RESUME OF MAHFUZUR RAHMAN_Oct' 15
RESUME OF MAHFUZUR RAHMAN_Oct' 15Mahfuzur Rahman
317 views7 slides
[Bucharest] XML Based Attacks by
[Bucharest] XML Based Attacks[Bucharest] XML Based Attacks
[Bucharest] XML Based AttacksOWASP EEE
610 views25 slides
[Russia] Give me a stable input by
[Russia] Give me a stable input[Russia] Give me a stable input
[Russia] Give me a stable inputOWASP EEE
335 views56 slides
Dia da Música by
Dia da MúsicaDia da Música
Dia da MúsicaPaulo Antunes
1.2K views18 slides
[Austria] Security by Design by
[Austria] Security by Design[Austria] Security by Design
[Austria] Security by DesignOWASP EEE
665 views16 slides

Viewers also liked(12)

[Lithuania] I am the cavalry by OWASP EEE
[Lithuania] I am the cavalry[Lithuania] I am the cavalry
[Lithuania] I am the cavalry
OWASP EEE539 views
RESUME OF MAHFUZUR RAHMAN_Oct' 15 by Mahfuzur Rahman
RESUME OF MAHFUZUR RAHMAN_Oct' 15RESUME OF MAHFUZUR RAHMAN_Oct' 15
RESUME OF MAHFUZUR RAHMAN_Oct' 15
Mahfuzur Rahman317 views
[Bucharest] XML Based Attacks by OWASP EEE
[Bucharest] XML Based Attacks[Bucharest] XML Based Attacks
[Bucharest] XML Based Attacks
OWASP EEE610 views
[Russia] Give me a stable input by OWASP EEE
[Russia] Give me a stable input[Russia] Give me a stable input
[Russia] Give me a stable input
OWASP EEE335 views
Dia da Música by Paulo Antunes
Dia da MúsicaDia da Música
Dia da Música
Paulo Antunes1.2K views
[Austria] Security by Design by OWASP EEE
[Austria] Security by Design[Austria] Security by Design
[Austria] Security by Design
OWASP EEE665 views
[Lithuania] DigiCerts and DigiID to Enterprise apps by OWASP EEE
[Lithuania] DigiCerts and DigiID to Enterprise apps[Lithuania] DigiCerts and DigiID to Enterprise apps
[Lithuania] DigiCerts and DigiID to Enterprise apps
OWASP EEE350 views
[Cluj] CSP (Content Security Policy) by OWASP EEE
[Cluj] CSP (Content Security Policy)[Cluj] CSP (Content Security Policy)
[Cluj] CSP (Content Security Policy)
OWASP EEE576 views
[Poland] It's only about frontend by OWASP EEE
[Poland] It's only about frontend[Poland] It's only about frontend
[Poland] It's only about frontend
OWASP EEE521 views
[Bucharest] Catching up with today's malicious actors by OWASP EEE
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors
OWASP EEE431 views
[Lithuania] Introduction to threat modeling by OWASP EEE
[Lithuania] Introduction to threat modeling[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
OWASP EEE444 views
[Russia] MySQL OOB injections by OWASP EEE
[Russia] MySQL OOB injections[Russia] MySQL OOB injections
[Russia] MySQL OOB injections
OWASP EEE1.6K views

Similar to [Russia] Node.JS - Architecture and Vulnerabilities

Observable Node.js Applications - EnterpriseJS by
Observable Node.js Applications - EnterpriseJSObservable Node.js Applications - EnterpriseJS
Observable Node.js Applications - EnterpriseJSYunong Xiao
1.8K views72 slides
Building Observable Applications w/ Node.js -- BayNode Meetup, March 2014 by
Building Observable Applications w/ Node.js -- BayNode Meetup, March 2014Building Observable Applications w/ Node.js -- BayNode Meetup, March 2014
Building Observable Applications w/ Node.js -- BayNode Meetup, March 2014Yunong Xiao
4.7K views47 slides
Node azure by
Node azureNode azure
Node azureEmanuele DelBono
1.6K views66 slides
Node.js Enterprise Middleware by
Node.js Enterprise MiddlewareNode.js Enterprise Middleware
Node.js Enterprise MiddlewareBehrad Zari
4.6K views54 slides
[Rakuten TechConf2014] [C-5] Ichiba Architecture on ExaLogic by
[Rakuten TechConf2014] [C-5] Ichiba Architecture on ExaLogic[Rakuten TechConf2014] [C-5] Ichiba Architecture on ExaLogic
[Rakuten TechConf2014] [C-5] Ichiba Architecture on ExaLogicRakuten Group, Inc.
4.7K views88 slides
Nodejs - A quick tour (v6) by
Nodejs - A quick tour (v6)Nodejs - A quick tour (v6)
Nodejs - A quick tour (v6)Felix Geisendörfer
3.9K views68 slides

Similar to [Russia] Node.JS - Architecture and Vulnerabilities(20)

Observable Node.js Applications - EnterpriseJS by Yunong Xiao
Observable Node.js Applications - EnterpriseJSObservable Node.js Applications - EnterpriseJS
Observable Node.js Applications - EnterpriseJS
Yunong Xiao1.8K views
Building Observable Applications w/ Node.js -- BayNode Meetup, March 2014 by Yunong Xiao
Building Observable Applications w/ Node.js -- BayNode Meetup, March 2014Building Observable Applications w/ Node.js -- BayNode Meetup, March 2014
Building Observable Applications w/ Node.js -- BayNode Meetup, March 2014
Yunong Xiao4.7K views
Node azure by Emanuele DelBono
Node azureNode azure
Node azure
Emanuele DelBono1.6K views
Node.js Enterprise Middleware by Behrad Zari
Node.js Enterprise MiddlewareNode.js Enterprise Middleware
Node.js Enterprise Middleware
Behrad Zari4.6K views
[Rakuten TechConf2014] [C-5] Ichiba Architecture on ExaLogic by Rakuten Group, Inc.
[Rakuten TechConf2014] [C-5] Ichiba Architecture on ExaLogic[Rakuten TechConf2014] [C-5] Ichiba Architecture on ExaLogic
[Rakuten TechConf2014] [C-5] Ichiba Architecture on ExaLogic
Rakuten Group, Inc.4.7K views
Nodejs - A quick tour (v6) by Felix Geisendörfer
Nodejs - A quick tour (v6)Nodejs - A quick tour (v6)
Nodejs - A quick tour (v6)
Felix Geisendörfer3.9K views
StrongLoop Overview by Shubhra Kar
StrongLoop OverviewStrongLoop Overview
StrongLoop Overview
Shubhra Kar2.3K views
Node.js: The What, The How and The When by FITC
Node.js: The What, The How and The WhenNode.js: The What, The How and The When
Node.js: The What, The How and The When
FITC4.6K views
IVS CTO Night And Day 2018 Winter - [re:Cap] Serverless & Mobile by Amazon Web Services Japan
IVS CTO Night And Day 2018 Winter - [re:Cap] Serverless & MobileIVS CTO Night And Day 2018 Winter - [re:Cap] Serverless & Mobile
IVS CTO Night And Day 2018 Winter - [re:Cap] Serverless & Mobile
Amazon Web Services Japan467 views
Codemotion 2013: Feliz 15 aniversario, SQL Injection by Chema Alonso
Codemotion 2013: Feliz 15 aniversario, SQL InjectionCodemotion 2013: Feliz 15 aniversario, SQL Injection
Codemotion 2013: Feliz 15 aniversario, SQL Injection
Chema Alonso2.9K views
Search and analyze data in real time by Rohit Kalsarpe
Search and analyze data in real timeSearch and analyze data in real time
Search and analyze data in real time
Rohit Kalsarpe362 views
Exploring the Final Frontier of Data Center Orchestration: Network Elements -... by Puppet
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Puppet2.2K views
John adams talk cloudy by John Adams
John adams talk cloudyJohn adams talk cloudy
John adams talk cloudy
John Adams3.3K views
Social Photos - My presentation at Microsoft Tech Day by TechMaster Vietnam
Social Photos - My presentation at Microsoft Tech DaySocial Photos - My presentation at Microsoft Tech Day
Social Photos - My presentation at Microsoft Tech Day
TechMaster Vietnam1.3K views
Realtime Analytics with MongoDB Counters (mongonyc 2012) by Scott Hernandez
Realtime Analytics with MongoDB Counters (mongonyc 2012)Realtime Analytics with MongoDB Counters (mongonyc 2012)
Realtime Analytics with MongoDB Counters (mongonyc 2012)
Scott Hernandez2.8K views
Oleg Natalushko. Drupal server anatomy. DrupalCamp Kyiv 2011 by Vlad Savitsky
Oleg Natalushko. Drupal server anatomy. DrupalCamp Kyiv 2011Oleg Natalushko. Drupal server anatomy. DrupalCamp Kyiv 2011
Oleg Natalushko. Drupal server anatomy. DrupalCamp Kyiv 2011
Vlad Savitsky1.4K views
Monitoring and Scaling Redis at DataDog - Ilan Rabinovitch, DataDog by Redis Labs
Monitoring and Scaling Redis at DataDog - Ilan Rabinovitch, DataDog Monitoring and Scaling Redis at DataDog - Ilan Rabinovitch, DataDog
Monitoring and Scaling Redis at DataDog - Ilan Rabinovitch, DataDog
Redis Labs2K views
Saltstack - Orchestration & Application Deployment by inovex GmbH
Saltstack - Orchestration & Application DeploymentSaltstack - Orchestration & Application Deployment
Saltstack - Orchestration & Application Deployment
inovex GmbH517 views
Neotys PAC 2018 - Jonathon Wright by Neotys_Partner
Neotys PAC 2018 - Jonathon WrightNeotys PAC 2018 - Jonathon Wright
Neotys PAC 2018 - Jonathon Wright
Neotys_Partner308 views
Going Reactive with Relational Databases by Ivaylo Pashov
Going Reactive with Relational DatabasesGoing Reactive with Relational Databases
Going Reactive with Relational Databases
Ivaylo Pashov262 views

More from OWASP EEE

[Austria] ZigBee exploited by
[Austria] ZigBee exploited[Austria] ZigBee exploited
[Austria] ZigBee exploitedOWASP EEE
747 views48 slides
[Austria] How we hacked an online mobile banking Trojan by
[Austria] How we hacked an online mobile banking Trojan[Austria] How we hacked an online mobile banking Trojan
[Austria] How we hacked an online mobile banking TrojanOWASP EEE
654 views41 slides
[Poland] SecOps live cooking with OWASP appsec tools by
[Poland] SecOps live cooking with OWASP appsec tools[Poland] SecOps live cooking with OWASP appsec tools
[Poland] SecOps live cooking with OWASP appsec toolsOWASP EEE
461 views35 slides
[Cluj] Turn SSL ON by
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ONOWASP EEE
406 views16 slides
[Cluj] Information Security Through Gamification by
[Cluj] Information Security Through Gamification[Cluj] Information Security Through Gamification
[Cluj] Information Security Through GamificationOWASP EEE
585 views17 slides
[Cluj] A distributed - collaborative client certification system by
[Cluj] A distributed - collaborative client certification system[Cluj] A distributed - collaborative client certification system
[Cluj] A distributed - collaborative client certification systemOWASP EEE
163 views14 slides

More from OWASP EEE(17)

[Austria] ZigBee exploited by OWASP EEE
[Austria] ZigBee exploited[Austria] ZigBee exploited
[Austria] ZigBee exploited
OWASP EEE747 views
[Austria] How we hacked an online mobile banking Trojan by OWASP EEE
[Austria] How we hacked an online mobile banking Trojan[Austria] How we hacked an online mobile banking Trojan
[Austria] How we hacked an online mobile banking Trojan
OWASP EEE654 views
[Poland] SecOps live cooking with OWASP appsec tools by OWASP EEE
[Poland] SecOps live cooking with OWASP appsec tools[Poland] SecOps live cooking with OWASP appsec tools
[Poland] SecOps live cooking with OWASP appsec tools
OWASP EEE461 views
[Cluj] Turn SSL ON by OWASP EEE
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ON
OWASP EEE406 views
[Cluj] Information Security Through Gamification by OWASP EEE
[Cluj] Information Security Through Gamification[Cluj] Information Security Through Gamification
[Cluj] Information Security Through Gamification
OWASP EEE585 views
[Cluj] A distributed - collaborative client certification system by OWASP EEE
[Cluj] A distributed - collaborative client certification system[Cluj] A distributed - collaborative client certification system
[Cluj] A distributed - collaborative client certification system
OWASP EEE163 views
[Russia] Bugs -> max, time &lt;= T by OWASP EEE
[Russia] Bugs -> max, time &lt;= T[Russia] Bugs -> max, time &lt;= T
[Russia] Bugs -> max, time &lt;= T
OWASP EEE346 views
[Russia] Building better product security by OWASP EEE
[Russia] Building better product security[Russia] Building better product security
[Russia] Building better product security
OWASP EEE382 views
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent by OWASP EEE
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent
OWASP EEE774 views
[Hungary] I play Jack of Information Disclosure by OWASP EEE
[Hungary] I play Jack of Information Disclosure[Hungary] I play Jack of Information Disclosure
[Hungary] I play Jack of Information Disclosure
OWASP EEE510 views
[Hungary] Survival is not mandatory. The air force one has departured are you... by OWASP EEE
[Hungary] Survival is not mandatory. The air force one has departured are you...[Hungary] Survival is not mandatory. The air force one has departured are you...
[Hungary] Survival is not mandatory. The air force one has departured are you...
OWASP EEE378 views
[Hungary] Secure Software? Start appreciating your developers! by OWASP EEE
[Hungary] Secure Software? Start appreciating your developers![Hungary] Secure Software? Start appreciating your developers!
[Hungary] Secure Software? Start appreciating your developers!
OWASP EEE237 views
[Bucharest] Your intents are dirty, droid! by OWASP EEE
[Bucharest] Your intents are dirty, droid![Bucharest] Your intents are dirty, droid!
[Bucharest] Your intents are dirty, droid!
OWASP EEE390 views
[Bucharest] #DontTrustTheDarkSide by OWASP EEE
[Bucharest] #DontTrustTheDarkSide[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSide
OWASP EEE517 views
[Bucharest] From SCADA to IoT Cyber Security by OWASP EEE
[Bucharest] From SCADA to IoT Cyber Security[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber Security
OWASP EEE1.1K views
[Bucharest] Reversing the Apple Sandbox by OWASP EEE
[Bucharest] Reversing the Apple Sandbox[Bucharest] Reversing the Apple Sandbox
[Bucharest] Reversing the Apple Sandbox
OWASP EEE338 views
[Bucharest] Attack is easy, let's talk defence by OWASP EEE
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence
OWASP EEE792 views

Recently uploaded

Marketing and Community Building in Web3 by
Marketing and Community Building in Web3Marketing and Community Building in Web3
Marketing and Community Building in Web3Federico Ast
14 views64 slides
Affiliate Marketing by
Affiliate MarketingAffiliate Marketing
Affiliate MarketingNavin Dhanuka
17 views30 slides
hamro digital logics.pptx by
hamro digital logics.pptxhamro digital logics.pptx
hamro digital logics.pptxtupeshghimire
10 views36 slides
The Dark Web : Hidden Services by
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden ServicesAnshu Singh
14 views24 slides
ATPMOUSE_융합2조.pptx by
ATPMOUSE_융합2조.pptxATPMOUSE_융합2조.pptx
ATPMOUSE_융합2조.pptxkts120898
35 views70 slides
How to think like a threat actor for Kubernetes.pptx by
How to think like a threat actor for Kubernetes.pptxHow to think like a threat actor for Kubernetes.pptx
How to think like a threat actor for Kubernetes.pptxLibbySchulze1
5 views33 slides

Recently uploaded(6)

Marketing and Community Building in Web3 by Federico Ast
Marketing and Community Building in Web3Marketing and Community Building in Web3
Marketing and Community Building in Web3
Federico Ast14 views
Affiliate Marketing by Navin Dhanuka
Affiliate MarketingAffiliate Marketing
Affiliate Marketing
Navin Dhanuka17 views
hamro digital logics.pptx by tupeshghimire
hamro digital logics.pptxhamro digital logics.pptx
hamro digital logics.pptx
tupeshghimire10 views
The Dark Web : Hidden Services by Anshu Singh
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden Services
Anshu Singh14 views
ATPMOUSE_융합2조.pptx by kts120898
ATPMOUSE_융합2조.pptxATPMOUSE_융합2조.pptx
ATPMOUSE_융합2조.pptx
kts12089835 views
How to think like a threat actor for Kubernetes.pptx by LibbySchulze1
How to think like a threat actor for Kubernetes.pptxHow to think like a threat actor for Kubernetes.pptx
How to think like a threat actor for Kubernetes.pptx
LibbySchulze15 views

[Russia] Node.JS - Architecture and Vulnerabilities

  • 1. 1 Node.JS – Architecture and Vulnerabilities By Leon Maister Oct, 2015
  • 2. Agenda • Architecture • DoS – (Demo) • Weak Crypto – (Demo)
  • 3. EventLoop Event Queue Event Loop (Single thread) File System Database Network Register Callback Operation Complete Trigger Callback http://stackoverflow.com/questions/21596172/what-function-gets-put-into-eventloop-in-nodejs-and-js
  • 5. Architecture (cont) • I/O Intensive • DB queries • Application with user UI (WebApps) • CPU Intensive
  • 6. DoS Function sum (p) for (i=1;i<=p;++i) { f=f+i; } This makes node.js highly vulnerable to DoS http://localhost:49090/sum?p=5 http://localhost:49090/sum?p=100000000 http://localhost:49090/sum?p=5
  • 8. Seed State0[0,1] State1[0,1] State2[0,1] State3[0,1] Staten[0,1] Random0 Random1 Random2 Randomn Random3 V8 PRNG is known as weak V8 PRNG is known to be weak. For example, check Amit Klein’s http://dl.packetstormsecurity.net/papers /general/Google_Chrome_3.0_Beta_M ath.random_vulnerability.pdf
  • 9. V8’s default PRNG Given 3 consecutive random numbers, the values of state[0] and state[1] can be inferred – hence all future values can be known in advance. But In browsers, each tab has its own set of “state” variables. That’s one of the reasons this issue is treated as low-severity But In node.js, all users are running within the same context. Each user can tell what are the values of the global “state” variables.
  • 10. V8’ f u PRNG Given 3 “random” new passwords – we will be able to tell all future ones First, we need to “reverse” the MD5 for 3 passwords to their original “random” float number. Then, we need to compute the “state” variable to get the 4th consecutive value.
  • 11. Register FakeUser1 Register FakeUser2 Register FakeUser3 FakeUser1 Password FakeUser2 Password FakeUser3 Password Reminder: Password = MD5(random()) Step 1
  • 12. Step2 Register FakeUser1 Register FakeUser2 Register FakeUser3 FakeUser1 Password FakeUser2 Password FakeUser3 Password Reminder: Password = MD5(random())
  • 13. Step2 FakeUser1 – Clear Random FakeUser1 Password FakeUser2 Password FakeUser3 Password Reminder: Password = MD5(random()) FakeUser2 – Clear Random FakeUser3 – Clear Random
  • 14. Step2 FakeUser1 – Clear Random FakeUser1 Password FakeUser2 Password FakeUser3 Password Reminder: Password = MD5(random()) FakeUser2 – Clear Random FakeUser3 – Clear Random RealUser1 – Future Password
  • 15. DEMO