Nick Malcolm, profile picture
Uploaded byNick Malcolm
PPTX, PDF240 views

A Recipe for Password Storage: Add Salt to Taste

The document outlines various methods for password storage, emphasizing the significance of using hashed and salted algorithms rather than plaintext. It discusses common pitfalls in password security practices and highlights the importance of user education, complexity, and additional security measures. Ultimately, the best practice is to never store passwords directly but to utilize slow hashing functions combined with unique salts and potential peppers for added security.

Embed presentation

Download to read offline
@nickmalcolm a recipe for Password Storage. Add Salt to Taste.
@nickmalcolm 345
@nickmalcolm Recipe #1 Plaintext
@nickmalcolm Ingredients: Fruit(s) of choice Preparation: 1. Put fruit on plate.
@nickmalcolm To validate a user’s password, just look at their password
@nickmalcolm username password bluesky98 111111 Kazoo96 password jackals4 r1&N*L&10Pmf Sunny2323 password123
@nickmalcolm Why is this bad?
@nickmalcolm Everyone in the kitchen can see your guest’s secret ingredient(s)
@nickmalcolm People reuse passwords
@nickmalcolm But no company would actually store passwords like that, right?
@nickmalcolm “The security of our users' personal information has always been a top priority - Neopets, 2016
@nickmalcolm 26,892,897 accounts with plaintext passwords
@nickmalcolm Recipe #1 Plaintext
@nickmalcolm Recipe #2 Symmetric Encryption flic.kr/p/EvurHC
@nickmalcolm Ingredients: Fruit(s) of choice Preparation: 1. Put fruit in fridge. 2. Lock fridge. flic.kr/p/EvurHC
@nickmalcolm username password bluesky98 111111 Kazoo96 password jackals4 r1&N*L&10Pmf Sunny2323 password123
@nickmalcolm Recipe #2: Encrypted (a real example) username password hint bluesky98 c57712e7eeadeb17 sixones Kazoo96 94a012e6de4f1f0e 703c8f612c29f4a6 jackals4 Ca97753a79cbdf8f 2a8819ef021ce73a Sunny2323 94a012e6de4f1f0e 6b4e6be23ec132f0 p+123 The Fridge
@nickmalcolm To validate a user’s password, unlock the fridge, look at their password, see if it matches
@nickmalcolm Why is this bad
@nickmalcolm People in your organisation could unlock the fridge when they’re not supposed to.
@nickmalcolm Breaking the lock or finding a key gives access to all the passwords
@nickmalcolm You can sometimes X-Ray the fridge to learn more about what’s inside
@nickmalcolm Recipe #2: Encrypted (a real example) username password hint bluesky98 C57712e7eeadeb17 ________________ sixones Kazoo96 94a012e6de4f1f0e 703c8f612c29f4a6 password jackals4 Ca97753a79cbdf8f 2a8819ef021ce73a Sunny2323 94a012e6de4f1f0e 6b4e6be23ec132f0 p+123
@nickmalcolm But no one would actually store passwords like that, right?
@nickmalcolm “We deeplyregret that this incident occurred. - Adobe, 2013
@nickmalcolm 152,445,165 accounts with 3DES-encrypted passwords alongside plaintext hints
@nickmalcolm Recipe #2 Symmetric Encryption flic.kr/p/EvurHC
@nickmalcolm Recipe #3 Hashed
@nickmalcolm Ingredients: Your choice of fruits, vegetables, etc. Preparation: 1. Put ingredients in. 2. Blend.
@nickmalcolm The way we “blend” passwords is by using a hashing function.
@nickmalcolm Identical smoothie, given the exact same ingredients. Identical hashes, given the same input.
@nickmalcolm Very different smoothies, even with very similar ingredients. (kinda) Very different hashes, even with very similar input.
@nickmalcolm Fast to create a smoothie from even the chunkiest ingredients. Fast to create a hash from even the longest or most complex input.
@nickmalcolm Infeasible to get back the raw ingredients. Infeasible to recover the cleartext input.
@nickmalcolm Unlike a real smoothie… the hash is always the same size, regardless of the size of the input
@nickmalcolm MD5 SHA1 SHA256 SHA384 BLAKE2...
@nickmalcolm username password bluesky98 111111 Kazoo96 password jackals4 r1&N*L&10Pmf Sunny2323 password123 hackerman12 password
@nickmalcolm Recipe #3: Hashed with SHA1 username password bluesky98 3d4f2bf07dc1be38b20cd6e46949a1071f9d0e3d Kazoo96 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 jackals4 f8a087448bcec30f97a46094e48df6e2c76bae58 Sunny2323 cbfdac6008f9cab4083784cbd1874f76618d2a97 hackerman12 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
@nickmalcolm To validate a user’s password, hash the provided input and check it against the hash in the DB
@nickmalcolm username password bluesky98 3d4f2bf07dc1be38b20cd6e46949a1071f9d0e3d Kazoo96 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 “I’m Kazoo96, and my password is ‘password’” 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
@nickmalcolm Why is this bad
@nickmalcolm Users who have the same password have identical hashes
@nickmalcolm Recipe #3: Hashed with SHA1 username password bluesky98 3d4f2bf07dc1be38b20cd6e46949a1071f9d0e3d Kazoo96 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 jackals4 f8a087448bcec30f97a46094e48df6e2c76bae58 Sunny2323 cbfdac6008f9cab4083784cbd1874f76618d2a97 hackerman12 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
@nickmalcolm It’s also really fast to pre-compute lists of passwords. These are called Rainbow Tables
@nickmalcolm 1 123456 7c4a8d09ca3762af61e59520943dc26494f8941b 2 password 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 3 12345678 7c222fb2927d828af22f592134e8932480637c0d 4 qwerty b1b3773a05c0ed0176787a4f1574ff0075f7521e 5 123456789 f7c3bc1d808e04732adf679965ccc34ca7ae3441 6 12345 8cb2237d0679ca88db6464eac60da96345513964 7 1234 7110eda4d09e062aa5e4a390b0a572ac0d2c0220 8 111111 3d4f2bf07dc1be38b20cd6e46949a1071f9d0e3d 9 1234567 20eabe5d64b0e216796e834f52d61fd0b70332fc 10 dragon af8978b1797b72acfff9595a5a2a373ec3d9106d
@nickmalcolm Fast hashing functions also means fast brute-forcing
@nickmalcolm So no one would actually store passwords like that, right?
@nickmalcolm “We take the security of our users veryseriously - Last FM, 2012
@nickmalcolm 37,217,682 accounts with MD5’d passwords
@nickmalcolm “We take the safety and securityof our members' accounts seriously. - LinkedIn, 2016
@nickmalcolm 164,611,595 accounts with SHA1 passwords
@nickmalcolm “the vast majority of passwords were quickly cracked in the days following the release of the data” - Troy Hunt of HaveIBeenPwned.com
@nickmalcolm
@nickmalcolm Recipe #3 Hashed
@nickmalcolm Recipe #4 “Salted” Hash
@nickmalcolm Ingredients: Fruits, vegetables, etc. Artisanal salt. Preparation: 1. Put fruits in blender. 2. Add salt. 3. Blend.
@nickmalcolm Different salt for each diner, chosen by the chef.
@nickmalcolm The type of salt is written on a label, and stuck to their smoothie.
@nickmalcolm To validate a user’s password, hash the provided input plus the salt you wrote on the label of their last smoothie
@nickmalcolm Plaintext isn’t recoverable, & identical input has different output This seems fine?
@nickmalcolm Some blenders are way too fast
@nickmalcolm Some blenders are broken. They can produce same smoothie, even when given very different ingredients.
@nickmalcolm But no one would actually store passwords like that, right?
@nickmalcolm “We take cyber security veryseriously … there’s no need to panic - Zomato, 2017
@nickmalcolm 37,217,682 accounts w/ passwords stored as MD5 with a 2 character(!!!) salt
@nickmalcolm Recipe #4 “Salted” Hash
@nickmalcolm Recipe #4.5 Salted Hash using a good blender.
@nickmalcolm Ingredients: Fruits, vegetables, etc. Artisanal salt. Preparation: 1. Put fruits and salt in a good blender 2. Blend.
@nickmalcolm Fast to create a smoothie, but not too fast.
@nickmalcolm Blend as slowly as your users will tolerate. Slow down your blender every now and then.
@nickmalcolm PBKDF2. Bcrypt. Scrypt. Argon2.
@nickmalcolm argon2id is the algorithm of choice today
@nickmalcolm How to change your blender?
@nickmalcolm “Our customers’ privacy is of the utmostconcern to us. - Ashley Madison, 2015
@nickmalcolm 30,811,934 accounts with bcrypt’d passwords but still kept 15M unsalted MD5 hashes around
@nickmalcolm “A blogger who went after the the bcrypt hashes recovered only 4000 passwords in a week. In contrast, CynoSure Prime recovered the passwords for over 11 million of the MD5 hashes in about 10 days.” - Paul Ducklin of “Naked Security”
@nickmalcolm So it’s fine to store passwords when hashed with a good aglorithm?
@nickmalcolm “ This is regrettable. - Canva, 2019
@nickmalcolm 137,272,116 accounts with bcrypt’d passwords
@nickmalcolm So it’s fine to store passwords like that? Yes, but...
@nickmalcolm An attacker can still (slowly) brute-force passwords, one at a time.
@nickmalcolm Recipe #4.5 Salted Hash using a good blender.
@nickmalcolm Recipe #5 Salted Hash, with Pepper
@nickmalcolm A pepper is a secret. It’s the same for all passwords. It’s stored far away from the passwords.
@nickmalcolm When a user logs in you take their password. You fetch the pepper from the vault. You “unlock” their hash, hash their input + salt, and compare. Phew!
@nickmalcolm An attacker needs to know the secret pepper before they can even start brute-forcing salted hashes
@nickmalcolm Hash & Salt the passwords. Then symmetrically encrypt the hash using the pepper as the secret.
@nickmalcolm Dropbox, after a breach of 68M passwords
@nickmalcolm With or without a pepper, salted hashes are the way to go.
@nickmalcolm Password storage is only a small part of the problem.
@nickmalcolm user education password complexity monitoring & alerting phishing multi-factor authentication rate limiting federated identity / single sign on behavioural analytics
@nickmalcolm 345
@nickmalcolm Never store the password itself. Use a slow blender with built-in salt. Add pepper if you can. Then store the hash.
@nickmalcolm OWASP Password Cheat Sheet Wikipedia google: “paragonie passwords 2016”
@nickmalcolm Kia ora! @nickmalcolm nick.malcolm.net.nz aurainfosec.com

More Related Content

PDF
Access Control Models: Controlling Resource Authorization
byMark Niebergall
 
PPTX
Web Application Security Testing
byAgile Testing Alliance
 
PPTX
Security Code Review 101
byPaul Ionescu
 
PDF
Secure coding guidelines
byZakaria SMAHI
 
PDF
Password (in)security
byEnrico Zimuel
 
PPTX
Microsoft Security Development Lifecycle
byRazi Rais
 
PDF
Secure Coding principles by example: Build Security In from the start - Carlo...
byCodemotion
 
PPT
Software Security Engineering
byMarco Morana
 
Access Control Models: Controlling Resource Authorization
byMark Niebergall
 
Web Application Security Testing
byAgile Testing Alliance
 
Security Code Review 101
byPaul Ionescu
 
Secure coding guidelines
byZakaria SMAHI
 
Password (in)security
byEnrico Zimuel
 
Microsoft Security Development Lifecycle
byRazi Rais
 
Secure Coding principles by example: Build Security In from the start - Carlo...
byCodemotion
 
Software Security Engineering
byMarco Morana
 

What's hot

PDF
Həndəsi fiqurlar
bymimio_azerbaijan
 
PPT
20121221223210196
bymekteb31
 
PDF
Manpower profile final.pdf
byEscrowGroups
 
PDF
431. blindirana soba
byDino dino
 
PPS
Bora Bora Barra
bySuporteaoCorretor
 
PDF
Plantas Maayan Cidade Jardim Barra
byINVEXO Imobiliária
 
PPSX
JARDINS DE MONET | RECREIO
byMEU SONHO MINHA CASA
 
PDF
''Suzuki violin method'' - Книга 3
byTeofila Vasileva
 
PPS
Reserva do Parque
byAristides Alves
 
PDF
Ilha Pura Barra da Tijuca Plantas de Todos os Apartamentos
byINVEXO Imobiliária
 
PPS
Apartamentos na Peninsula Saint Martin - Peninsula - Barra da Tijuca
byLancamentosrj
 
PDF
Hifz Quran Certificate
byMuhammad Mehtab Rana
 
PDF
Têmpera de aço inoxidável AISI 420
byIsoflama Ind e Com Equips Ltda
 
Həndəsi fiqurlar
bymimio_azerbaijan
 
20121221223210196
bymekteb31
 
Manpower profile final.pdf
byEscrowGroups
 
431. blindirana soba
byDino dino
 
Bora Bora Barra
bySuporteaoCorretor
 
Plantas Maayan Cidade Jardim Barra
byINVEXO Imobiliária
 
JARDINS DE MONET | RECREIO
byMEU SONHO MINHA CASA
 
''Suzuki violin method'' - Книга 3
byTeofila Vasileva
 
Reserva do Parque
byAristides Alves
 
Ilha Pura Barra da Tijuca Plantas de Todos os Apartamentos
byINVEXO Imobiliária
 
Apartamentos na Peninsula Saint Martin - Peninsula - Barra da Tijuca
byLancamentosrj
 
Hifz Quran Certificate
byMuhammad Mehtab Rana
 
Têmpera de aço inoxidável AISI 420
byIsoflama Ind e Com Equips Ltda
 

Similar to A Recipe for Password Storage: Add Salt to Taste

PPTX
Password Storage Explained
byjeetendra mandal
 
ODP
An Introduction to Hashing and Salting
byRahul Singh
 
PDF
The slower the stronger a story of password hash migration
byOWASP
 
PPTX
Secure passwords-theory-and-practice
byAkash Mahajan
 
PDF
Password Storage and Attacking in PHP
byAnthony Ferrara
 
PDF
Password hashing, salting, bycrpt
byAhmad karawash
 
PPT
Kieon secure passwords theory and practice 2011
byKieon
 
PPT
Salt Cryptography & Cracking Salted Hashes by fb1h2s
byn|u - The Open Security Community
 
PDF
How to Design Passwords
byUniversity of Hertfordshire
 
PDF
Cracking Salted Hashes
byn|u - The Open Security Community
 
ODP
User Credential handling in Web Applications done right
bytladesignz
 
PPTX
FYP1 Presentation
byfaeezfez
 
PDF
Protecting Your Clients' Privacy
byAijaz Ansari
 
PPTX
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
byAll Things Open
 
PDF
Password Storage And Attacking In PHP - PHP Argentina
byAnthony Ferrara
 
PDF
Passwords good badugly181212-2
byIftach Ian Amit
 
PPTX
P@ssw0rds
byWill Alexander
 
PDF
amani_rwc_password
byArvind Mani
 
ODP
Disclosing password hashing policies
byMichal Špaček
 
PDF
Data Storage and Security Strategies of Network Identity
byAntiy Labs
 
Password Storage Explained
byjeetendra mandal
 
An Introduction to Hashing and Salting
byRahul Singh
 
The slower the stronger a story of password hash migration
byOWASP
 
Secure passwords-theory-and-practice
byAkash Mahajan
 
Password Storage and Attacking in PHP
byAnthony Ferrara
 
Password hashing, salting, bycrpt
byAhmad karawash
 
Kieon secure passwords theory and practice 2011
byKieon
 
Salt Cryptography & Cracking Salted Hashes by fb1h2s
byn|u - The Open Security Community
 
How to Design Passwords
byUniversity of Hertfordshire
 
Cracking Salted Hashes
byn|u - The Open Security Community
 
User Credential handling in Web Applications done right
bytladesignz
 
FYP1 Presentation
byfaeezfez
 
Protecting Your Clients' Privacy
byAijaz Ansari
 
How to Use Cryptography Properly: Common Mistakes People Make When Using Cry...
byAll Things Open
 
Password Storage And Attacking In PHP - PHP Argentina
byAnthony Ferrara
 
Passwords good badugly181212-2
byIftach Ian Amit
 
P@ssw0rds
byWill Alexander
 
amani_rwc_password
byArvind Mani
 
Disclosing password hashing policies
byMichal Špaček
 
Data Storage and Security Strategies of Network Identity
byAntiy Labs
 

More from Nick Malcolm

PPTX
Timing Attacks and Ruby on Rails
byNick Malcolm
 
PDF
Our CloudFlare experience
byNick Malcolm
 
PDF
How To Spot a Wolf in Sheep's Clothing (a.k.a. Account Takeover)
byNick Malcolm
 
PDF
Adding Two Factor Authentication to your App with Authy
byNick Malcolm
 
PPTX
Protecting the Front Door
byNick Malcolm
 
PDF
All aboard the Cyber Security Rollercoaster!
byNick Malcolm
 
PPTX
How To "Speak Developer"
byNick Malcolm
 
Timing Attacks and Ruby on Rails
byNick Malcolm
 
Our CloudFlare experience
byNick Malcolm
 
How To Spot a Wolf in Sheep's Clothing (a.k.a. Account Takeover)
byNick Malcolm
 
Adding Two Factor Authentication to your App with Authy
byNick Malcolm
 
Protecting the Front Door
byNick Malcolm
 
All aboard the Cyber Security Rollercoaster!
byNick Malcolm
 
How To "Speak Developer"
byNick Malcolm
 

Recently uploaded

PDF
Micro project .pdf drone technology Report
byRenitaMamgain
 
PPTX
Types of Cryptograph Symmetric Ceaser cipher and also about Assymetric
byhamzaabdulqadeer11
 
PPT
Memory Organization In Assembly Language
byumairmuhammad0409
 
PPTX
Role of VMware and Cloud Computing in CyberSecurity.pptx
byalehanoor1325
 
PPTX
ChatGPT on education positively snd negatively
by88rtgpscxx
 
PPTX
COĞRAFYA ödevi 70 sayfa güzeldir hayırlı olsun
bydtilter
 
PPTX
BIG DATA it is talking about the big data.pptx
byAbhishekGarg269
 
PDF
WShell Gameplay and Games of Games of Games
byzramirezmtz9
 
PDF
Xnspy vs FlexiSPY: 2025 Monitoring Comparison
byMichael Carter
 
PPTX
Computer Networks 01[1 using all terms].pptx
bywaqasahmedbhatti633
 
PPT
html-forms in web development-courseICT.
bymadz33
 
PPTX
Computer Science Degree for College .pptx
byHanenek1
 
PPTX
Introduction Digital Signal Processing.pptx
byumairmuhammad0409
 
PPT
Lecture_3 Network Securityeyeyggegeg.ppt
bysawsan202
 
PPTX
Ideathon template.pptx it is a ideathon template
bykonav71133
 
PPTX
SriLank SLT LTE Network Sharing V2.pptx
bynthuang
 
PPT
Lecture_3 Network Securityyyeyeyyeeyyeywy.ppt
bysawsan202
 
PDF
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 
PDF
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 
PDF
Design For Test - Getting Test Automation value from Design Expressions.
byDavid Harrison
 
Micro project .pdf drone technology Report
byRenitaMamgain
 
Types of Cryptograph Symmetric Ceaser cipher and also about Assymetric
byhamzaabdulqadeer11
 
Memory Organization In Assembly Language
byumairmuhammad0409
 
Role of VMware and Cloud Computing in CyberSecurity.pptx
byalehanoor1325
 
ChatGPT on education positively snd negatively
by88rtgpscxx
 
COĞRAFYA ödevi 70 sayfa güzeldir hayırlı olsun
bydtilter
 
BIG DATA it is talking about the big data.pptx
byAbhishekGarg269
 
WShell Gameplay and Games of Games of Games
byzramirezmtz9
 
Xnspy vs FlexiSPY: 2025 Monitoring Comparison
byMichael Carter
 
Computer Networks 01[1 using all terms].pptx
bywaqasahmedbhatti633
 
html-forms in web development-courseICT.
bymadz33
 
Computer Science Degree for College .pptx
byHanenek1
 
Introduction Digital Signal Processing.pptx
byumairmuhammad0409
 
Lecture_3 Network Securityeyeyggegeg.ppt
bysawsan202
 
Ideathon template.pptx it is a ideathon template
bykonav71133
 
SriLank SLT LTE Network Sharing V2.pptx
bynthuang
 
Lecture_3 Network Securityyyeyeyyeeyyeywy.ppt
bysawsan202
 
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 
Design For Test - Getting Test Automation value from Design Expressions.
byDavid Harrison
 

A Recipe for Password Storage: Add Salt to Taste

Editor's Notes

  • #2 Thanks Pixabay and Unsplash for the photos!
  • #3 Using some cooking analogies we’ll learn about keeping secrets secret. Will our password-storing creation rise deliciously to the occasion, or will it fall flat in disappointing dispair. Don your chef hat, and come with me.
  • #5 As a chef, a new customer comes to you and says that their password is banana. You take their banana, and put it on a labelled plate in the kitchen.
  • #6 A week later that customer comes back, gives you a piece of fruit, you take it and compare it to the one you had before. If it’s a banana, they’re legit.
  • #7 The users table in your database is the plates of fruit. Each plate is labelled, and the fruit on the plate is just sitting there. Nothing fancy.
  • #9 All the chefs walking through the kitchen, and the wait staff, and the cleaners, they all can see the fruit people have put on their plates.
  • #10 No only that, customers probably use the same fruit at many restaurants - the same password on many websites. Someone who knows their fruit can walk to the restaurant down the street and get a meal on them.
  • #12 Yes, Neopets is still around!
  • #13 Now it’s not just people with access to the kitchen who have your guests’ passwords, it’s everyone!
  • #14 So that was….
  • #17 This is our plaintext password storage from the first recipe
  • #18 This method of storing passwords was actually used, but we’ll get to that in a moment. https://gchq.github.io/CyberChef/#recipe=Triple_DES_Encrypt(%7B'option':'UTF8','string':'passwordpasswordpassword'%7D,%7B'option':'UTF8','string':''%7D,'ECB','Raw','Hex')&input=MTExMTEx
  • #19 This is great! Now waitstaff, cleaners, other chefs, and lost guests can’t see the passwords. They’re still in plaintext inside the fridge, but you can’t get in.
  • #23 The same password will look the same. You can often tell roughly how long a password is.
  • #24 https://gchq.github.io/CyberChef/#recipe=Triple_DES_Encrypt(%7B'option':'UTF8','string':'passwordpasswordpassword'%7D,%7B'option':'UTF8','string':''%7D,'ECB','Raw','Hex')&input=MTExMTEx In this example of bad encryption, you can get information about the length of the plaintext entry. You can also see repetitions in the source data. Both Kazoo and Sunny have passwords which start with the same string - the word “password”. Also the company that stored passwords like this also decided to store plaintext password hints...
  • #27 The key was never breached, but you could look at hints to guess the password. If you figure out one password, you can see all the other users in the table who used the same password. Or, if your own password is in there you can look and see who else has a password that starts like yours does.
  • #28 Better, but still not very good.
  • #31 Hashing Specifically: Cryptographic Hashes.
  • #32 Deterministic
  • #33 Add a drop of hot sauce, and the smoothie will change drastically. (Not really, but…) Although the hashes are very different, the length is still the same. This means we’re not giving away any extra information. (Could also mention about locality-preserving hashes vs random output https://en.wikipedia.org/wiki/Locality-sensitive_hashing and https://en.wikipedia.org/wiki/Avalanche_effect)
  • #34 Also a problem, but we’ll get to that
  • #35 One-way
  • #36  Although the hashes are very different, the length is still the same. This means we’re not giving away any extra information. This is not how blenders work (more ingredients => more smoothie).
  • #37 Hashing
  • #39 Note that they are the same length!
  • #40 The customer comes to you with a banana, and instead of storing the banana on a plate or in a locked fridge, you blend it. When they come back later, they give you their fruit, you blend that too. Then you do a taste test
  • #41 Hash the pwd, compare it against the claimed user’s hashed password.
  • #42 We hashed passwords with SHA1, that sounds good right?
  • #43 Identical hashes is part of the built-in feature of hashes!
  • #45 Most smoothies have banana in them. Most passwords are “password”. In anticipation of a big breach, instead of trying to brute force them at the time, I could build up a list.
  • #46 https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10-million-password-list-top-100.txt
  • #49 http://blog.last.fm/2012/06/08/an-update-on-lastfm-password-security
  • #50 MD5d passwords Well that’s MD5, what about a different hash, a different blender?
  • #51 Not very seriously, like Last FM https://blog.linkedin.com/2016/05/18/protecting-our-members But they were breached in 2012, and either didn’t know or didn’t tell them!
  • #52 MD5d passwords
  • #53 https://haveibeenpwned.com/PwnedWebsites#LinkedIn
  • #54 Zuck used “dadada” as his LinkedIn password, and reused that password on Twitter and Pinterest.
  • #55 What could we do so that rainbow tables don’t work, and common passwords aren’t as obvious?
  • #58 It’s not chosen by the user. Two users with the same requested ingredients will get different smoothies.
  • #59 This way the chef doesn’t need to remember whether it was himalayan or rock salt.
  • #60 And check it against the hash in the DB. Storing the salt alongside the hash allows you to recompute the hash identically, assuming you’re given the same input at the start.
  • #62 Salts don’t do anything to stop brute forcing passwords. An attacker can’t use a pre-computed rainbow table, and they can’t see where folks have reused passwords, but if you’ve used a fast blender, they can crank through passwords one by one Especially if users use weak passwords.
  • #65 https://www.zomato.com/blog/security-notice https://www.zomato.com/blog/security-notice-update https://haveibeenpwned.com/PwnedWebsites
  • #66 Because it was MD5 it was incredibly easy for researchers to brute force the passwords. https://www.vice.com/en_us/article/z4j5g4/restaurant-app-zomato-says-your-stolen-password-is-fine-but-is-it
  • #71 This is called a “work factor”, or “rounds”. Different algorithms let you tune it in different ways.
  • #72 These four options are safe choices, give you a configurable work factor, and handle the salt for you. Don’t make your own blender. PBKDF2 will be familiar to .NET and Django developers. It’s getting a little old. One popular cryptographer called it “the worst of the acceptable options”. Bcrypt has been around since 1999. It’s pretty good and really easy to use, but doesn’t stand up against parallel or GPU - powered brute forcing as well as scrypt and argon2. It’s commonly found in rails and php apps. Scrypt addresses some of bcrypt’s issues, and is a solid choice, but not super common. Argon2 is the new kid on the block, and recommended as the best choice today.
  • #73 “Winner of a several year project to identify a successor to bcrypt/PBKDF/scrypt methods of securely storing passwords” Like bcrypt, Argon2id will choose the salt for you, let you customise and change how slowly it blends, and also has something extra we’ll get to soon.
  • #74 There are a few strategies for this that I don’t have time to go in to, But the OWASP password cheat sheet explores them. Just realise that some ways of changing are better than others
  • #75 https://haveibeenpwned.com/PwnedWebsites#AshleyMadison
  • #76 Side note: Canva’s response was actually pretty good. Better than others. (Still not great: https://www.smartcompany.com.au/startupsmart/analysis/canva-data-breach-response/) But the database is out there, and there will be people who are targeting specific accounts and trying to brute force those passwords.
  • #77 https://nakedsecurity.sophos.com/2015/09/10/11-million-ashley-madison-passwords-cracked-in-10-days/ In July 2017, Avid Life Media (renamed Ruby Corporation) agreed to settle two dozen lawsuits stemming from the breach for $11.2 million. https://en.wikipedia.org/wiki/Ashley_Madison_data_breach https://arstechnica.com/information-technology/2015/09/once-seen-as-bulletproof-11-million-ashley-madison-passwords-already-cracked/
  • #79 https://support.canva.com/contact/customer-support/may-24-security-incident-faqs/
  • #80 Side note: Canva’s response was actually pretty good. Better than others. (Still not great: https://www.smartcompany.com.au/startupsmart/analysis/canva-data-breach-response/) But the database is out there, and there will be people who are targeting specific accounts and trying to brute force those passwords.
  • #82 If the database server is misconfigured, if there’s SQL injection, if a backup goes missing, an attacker has access to a table of salted hashes.
  • #83 If not that, then what?
  • #85 Remember that salts were like a label stuck to a smoothie. They weren’t a secret, they just made hashes unique. A pepper is not stuck to the smoothie. It’s stored elsewhere, like KFC’s 11 Secret Herbs and Spices. You might store it in your app config, or in a hardware security module. All passwords are encrypted and decrypted by the application, using this secret.
  • #86 Like when you set a password on zip file, or your WiFi, or your password manager app. The same password lets you unlock the secrets each time.
  • #87 If you get SQLi, or find a misplaced backup, or steal the database’s harddisk, you’re stuck. You are missing the key. If you compromise a web app, maybe you can get the salted hashes from there. Again, not foolproof, but it’d stop many of the breaches we’ve discussed from being possible.
  • #88 Like when you set a password on zip file, or your WiFi, or your password manager app. The same password lets you unlock the secrets each time. Argon2id has native support for peppers.
  • #89 https://blogs.dropbox.com/tech/2016/09/how-dropbox-securely-stores-your-passwords/ They adopted this model sometime after their breach of 68,648,009 passwords, half of which were SHA1 and half were bcrypt. Dropbox was breached in 2012, because an employee who had access to the password records was reusing a password exposed in the LinkedIn dump!
  • #91 You’re basically buying your users time to change their passwords if there’s a breach. A determined attacker can still try to brute force a pepper,
  • #92 We’ve focused on storage, but there are lots of other factors when it comes to good authentication. All these could be their own topics
  • #93 What we have talked about is how to store passwords properly, if that’s what we need to do
  • #94 In summary
  • #95 Cheat sheet has examples and references For the blender you’re using, how to set it to the right blend-time. Wikipedia can give you insight into the mechanics of the blenders, how they work, the actual values they store in the database, etc The paragonie blog has legit code snippets for argon2, bcrypt, and scrypt, for PHP, Node, .Net, Ruby, Java, Python
  • #96 Adobe Breach https://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/ https://filippo.io/analyzing-the-adobe-leaked-passwords/ Argon2 https://medium.com/@mpreziuso/password-hashing-pbkdf2-scrypt-bcrypt-and-argon2-e25aaf41598e Code snippets for password storage for PHP, .Net, Java, and Ruby https://paragonie.com/blog/2016/02/how-safely-store-password-in-2016