Password is the oldest and the most widely used pillar of authentication, and is still being the core of approximately 80% of authentication events in the 21st century Internet. As the data on the Web becomes more valuable, more sophisticated attacks on authentication are being developed. The good thing is that crypto community tries to keep up with the continuously increasing threat surface and provides more advanced authentication techniques with higher security guarantees. However, password is still a solid building block in each of them: the first part of most two-factor authentication schemes is a password challenge, to generate one-time token, you enter a password, to use a hardware device - you enter a password in the device. But is verifying passwords secure? By communicating a password to a verifying party you leak at least some of the password information. Given the long history of password-based authentication schemes we can clearly see that it is rather challenging even to properly implement password verification. The presentation gives an overview of the evolution of password-based authentication schemes and provides comparison between two of the latest ones: socialist millionaires’ protocol and SPAKE2.
Apache Commons Codec is a library that provides implementations for common encoding and decoding algorithms. It includes classes for encoding and decoding formats like Base64, Hex, URL encoding, and phonetic algorithms. The library is organized into packages for binary codecs, digest algorithms, language-specific codecs, and network-specific codecs. It aims to provide a consistent API for various encoding and decoding needs in Java applications.
1) The document provides an introduction to querying numismatic data using SPARQL including basic syntax, filtering, sorting, optional values, arithmetic functions, and visualization with Google Fusion Tables.
2) Examples are given for querying coin types, specimens, attributes, geographic findspots, and aggregating results.
3) Advanced techniques demonstrated include filtering by date, material, references, regular expressions, and spatial queries.
This document discusses cybercrime and how to prevent becoming a victim. It begins by explaining why we should be aware of cybercrime given our increasing online activities. The objectives are then outlined as providing awareness of cybercrime, recognizing methods, understanding cyber laws, and learning to avoid victimization. Various types of cybercrime are defined including those against persons, property, and government. Examples like phishing, hacking, and cyber terrorism are described. The history of cybercrime in India involves many website hacks and defacements. Laws are still lacking to fully address cybercrime. Awareness, security software, and caution are recommended for protection.
This document discusses cyber security and the need for it. It begins by defining cyber security as the security offered through online services to protect information. It then discusses how security threats are increasing as more people go online. The document covers the meaning of the term "cyber," major security problems like viruses and hackers, and ways to implement and maintain cyber security, such as using strong passwords and firewalls. It concludes by emphasizing that cyber security is everyone's responsibility.
Cyber crime is a growing problem in India. Some common cyber crimes reported in India include phishing, hacking of government websites, and identity theft. India ranks 11th globally for reported cyber crimes, which are increasing due to factors like rapid growth of internet users. Common cyber crimes involve unauthorized access to systems, data theft and alteration, and using computers to enable other illicit activities. While laws like the IT Act 2000 have been enacted to tackle cyber crimes, enforcement remains a challenge as only a small percentage of crimes are reported. Techniques like antivirus software, firewalls, and educating users can help address the problem.
This document provides an overview of cyber crime and security. It defines cyber crime as illegal activity committed on the internet, such as stealing data or importing malware. The document then covers the history and evolution of cyber threats. It categorizes cyber crimes as those using the computer as a target or weapon. Specific types of cyber crimes discussed include hacking, denial of service attacks, virus dissemination, computer vandalism, cyber terrorism, and software piracy. The document concludes by emphasizing the importance of cyber security.
Enforcing Web security and privacy with zero-knowledge protocolsIgnat Korchagin
Zero-knowledge proofs are effective cryptographic primitives which may provide additional properties and guarantees to security systems and communication protocols. However, they are still being underused in modern world. Unfortunately, even with today’s strong cryptography solutions and increased user security awareness information leaks still happen. As the data on the Web becomes more valuable, attackers develop more sophisticated attacks often involving more than just technical assets, but also other techniques like social engineering. The talk presents possible ways of using zero-knowledge proofs to improve authentication and phishing prevention on the Web taking novel implementation of well known technique (socialist millionaires’ protocol) as an example.
What are Hash function and why is it used is security.
How to store passwords.
What are symmetric and asymmetric encryption function.
What is PGP program and how to use to encrypt and sign documents.
Apache Commons Codec is a library that provides implementations for common encoding and decoding algorithms. It includes classes for encoding and decoding formats like Base64, Hex, URL encoding, and phonetic algorithms. The library is organized into packages for binary codecs, digest algorithms, language-specific codecs, and network-specific codecs. It aims to provide a consistent API for various encoding and decoding needs in Java applications.
1) The document provides an introduction to querying numismatic data using SPARQL including basic syntax, filtering, sorting, optional values, arithmetic functions, and visualization with Google Fusion Tables.
2) Examples are given for querying coin types, specimens, attributes, geographic findspots, and aggregating results.
3) Advanced techniques demonstrated include filtering by date, material, references, regular expressions, and spatial queries.
This document discusses cybercrime and how to prevent becoming a victim. It begins by explaining why we should be aware of cybercrime given our increasing online activities. The objectives are then outlined as providing awareness of cybercrime, recognizing methods, understanding cyber laws, and learning to avoid victimization. Various types of cybercrime are defined including those against persons, property, and government. Examples like phishing, hacking, and cyber terrorism are described. The history of cybercrime in India involves many website hacks and defacements. Laws are still lacking to fully address cybercrime. Awareness, security software, and caution are recommended for protection.
This document discusses cyber security and the need for it. It begins by defining cyber security as the security offered through online services to protect information. It then discusses how security threats are increasing as more people go online. The document covers the meaning of the term "cyber," major security problems like viruses and hackers, and ways to implement and maintain cyber security, such as using strong passwords and firewalls. It concludes by emphasizing that cyber security is everyone's responsibility.
Cyber crime is a growing problem in India. Some common cyber crimes reported in India include phishing, hacking of government websites, and identity theft. India ranks 11th globally for reported cyber crimes, which are increasing due to factors like rapid growth of internet users. Common cyber crimes involve unauthorized access to systems, data theft and alteration, and using computers to enable other illicit activities. While laws like the IT Act 2000 have been enacted to tackle cyber crimes, enforcement remains a challenge as only a small percentage of crimes are reported. Techniques like antivirus software, firewalls, and educating users can help address the problem.
This document provides an overview of cyber crime and security. It defines cyber crime as illegal activity committed on the internet, such as stealing data or importing malware. The document then covers the history and evolution of cyber threats. It categorizes cyber crimes as those using the computer as a target or weapon. Specific types of cyber crimes discussed include hacking, denial of service attacks, virus dissemination, computer vandalism, cyber terrorism, and software piracy. The document concludes by emphasizing the importance of cyber security.
Enforcing Web security and privacy with zero-knowledge protocolsIgnat Korchagin
Zero-knowledge proofs are effective cryptographic primitives which may provide additional properties and guarantees to security systems and communication protocols. However, they are still being underused in modern world. Unfortunately, even with today’s strong cryptography solutions and increased user security awareness information leaks still happen. As the data on the Web becomes more valuable, attackers develop more sophisticated attacks often involving more than just technical assets, but also other techniques like social engineering. The talk presents possible ways of using zero-knowledge proofs to improve authentication and phishing prevention on the Web taking novel implementation of well known technique (socialist millionaires’ protocol) as an example.
What are Hash function and why is it used is security.
How to store passwords.
What are symmetric and asymmetric encryption function.
What is PGP program and how to use to encrypt and sign documents.
Presentation by Marco Slaviero at BlackHat USA in 2010.
This presentation is about mining information from memchached. The presentation begins with a brief introduction to memcached. go-derper.rb, a tool developed by the presenter for hacking memchaced servers is introduced and a few memchached mining examples are given. The presentation ends with a brief discussion on serialized objects exposed in the chache.
The document provides information about the Go programming language. It discusses the history and creators of Go, key features of the language such as concurrency and garbage collection, basic Go code examples, and common data types like slices and maps. It also covers Go tools, environments, benchmarks showing Go's performance, and examples of companies using Go in production.
Git Magic: Versioning Files like a Bosstmacwilliam
This document provides an overview of using Git for version control. It discusses setting up Git, making commits, branching, merging, resolving conflicts, reverting changes, collaborating remotely, and using hooks. Key aspects covered include distributed version control, non-linear development with branches, committing snapshots of a project's files, and resolving incompatible changes during merges.
The document discusses best practices for securely implementing cryptography and discusses common cryptography algorithms and implementations such as hashing, symmetric encryption, asymmetric encryption, and password hashing. It emphasizes using proven implementations like those in Django and OpenSSL and enabling HTTPS to securely transmit data. The document also cautions that securely managing cryptographic keys is critical for encryption to provide security.
Thwarting The Surveillance in Online Communication by Adhokshaj MishraOWASP Delhi
This document discusses techniques for countering online surveillance and protecting private communications. It begins by outlining common surveillance methods used by governments and companies, such as wiretapping and exploiting software vulnerabilities. It then discusses using cryptography to counter surveillance and keep data safe, such as encrypting files and filling volumes with cryptographically secure random data. Secure authentication techniques are presented that allow verifying credentials without revealing passwords. Finally, the document details a method for encrypting and authenticating private messages between two parties using Diffie-Hellman key exchange and digital signatures to provide encryption, authentication, deniability and perfect forward secrecy.
- Ethereum is a blockchain platform that allows for the building of decentralized applications and smart contracts. It has its own cryptocurrency called Ether.
- Ethereum transactions are grouped into blocks that are mined approximately every 15 seconds using a proof-of-work consensus algorithm. The Ethereum Virtual Machine runs on every node and can execute smart contracts written in languages like Solidity.
- Ether is used to pay transaction fees, called gas, to incentivize miners to process transactions and smart contracts. The amount of gas used depends on the computational complexity and resources required to execute the transaction or smart contract.
The document discusses secrets in infrastructure as code and how Checkov can help identify secrets before public exposure. It defines what secrets are, including passwords, keys, and credentials. It provides examples of how secrets commonly get exposed, such as through source code commits. It recommends best practices for securing secrets, such as using secrets managers and scanning code for secrets. It introduces Checkov, an open source tool that scans infrastructure as code for security issues and secrets. Checkov uses regular expressions, keywords, and entropy analysis to detect a wide range of secrets.
- The document discusses using the ELK stack (Elasticsearch, Logstash, Kibana) to perform real-time log search, analysis, and monitoring. It provides examples of using Logstash and Elasticsearch for parsing and indexing application logs, and using Kibana for visualization and analysis.
- The document identifies several performance and stability issues with Logstash and Elasticsearch including high CPU usage from grok filtering, GeoIP filtering performance, and Elasticsearch relocation and recovery times. It proposes solutions like custom filtering plugins, tuning Elasticsearch configuration, and optimizing mappings.
- Rsyslog is presented as an alternative to Logstash for log collection with better performance. Examples are given of using Rsyslog plugins and Rainerscript for efficient
Public key cryptography uses two keys, a public key that can encrypt messages and a private key that decrypts messages. It has six components: plain text, encryption algorithm, public and private keys, ciphertext, and decryption algorithm. Some key characteristics are that it is computationally infeasible to determine the private key from the public key alone, and encryption/decryption is easy when the relevant key is known. The requirements of public key cryptography are that it is easy to generate a public-private key pair, easy to encrypt with the public key, easy for the recipient to decrypt with the private key, and infeasible to determine the private key from the public key or recover the plaintext from the ciphertext and public key alone
Hideo Kimura from DeNA presented on the MBGA Open Platform and the Hermit gadget server. The key points are:
- The MBGA Open Platform uses OpenSocial 0.9 and allows third party developers to build gadgets and integrate them into social networks.
- Hermit is the gadget server implemented in Perl using PSGI and Plack. It uses pluggable modules and can handle high volumes of requests through lighttpd and FCGI.
- Future directions include supporting OpenSocial 1.0, developing template APIs, and integrating additional authentication methods.
Get Your Insecure PostgreSQL Passwords to SCRAMJonathan Katz
Passwords: they just seem to work. You connect to your PostgreSQL database and you are prompted for your password. You type in the correct character combination, and presto! you're in, safe and sound.
But what if I told you that all was not as it seemed. What if I told you there was a better, safer way to use passwords with PostgreSQL? What if I told you it was imperative that you upgraded, too?
PostgreSQL 10 introduced SCRAM (Salted Challenge Response Authentication Mechanism), introduced in RFC 5802, as a way to securely authenticate passwords. The SCRAM algorithm lets a client and server validate a password without ever sending the password, whether plaintext or a hashed form of it, to each other, using a series of cryptographic methods.
In this talk, we will look at:
* A history of the evolution of password storage and authentication in PostgreSQL
* How SCRAM works with a step-by-step deep dive into the algorithm (and convince you why you need to upgrade!)
* SCRAM channel binding, which helps prevent MITM attacks during authentication
* How to safely set and modify your passwords, as well as how to upgrade to SCRAM-SHA-256 (which we will do live!)
all of which will be explained by some adorable elephants and hippos!
At the end of this talk, you will understand how SCRAM works, how to ensure your PostgreSQL drivers supports it, how to upgrade your passwords to using SCRAM-SHA-256, and why you want to tell other PostgreSQL password mechanisms to SCRAM!
Termtter is a Ruby-based Twitter client that runs in a terminal. It allows users to interact with Twitter via command line commands and provides a concise real-time Twitter stream directly in the terminal. Some key features include commands to update status, view replies, retweet, and view timelines. It utilizes various Ruby gems and has an open plugin architecture allowing for customization.
Tomas Doran presented on their implementation of Logstash at TIM Group to process over 55 million messages per day. Their applications are all Java/Scala/Clojure and they developed their own library to send structured log events as JSON to Logstash using ZeroMQ for reliability. They index data in Elasticsearch and use it for metrics, alerts and dashboards but face challenges with data growth.
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...DefconRussia
Расскажу где и как iCloud Keychain хранит пароли, и какие потенциальные риски это несёт. Apple утверждает, что пароли надежно защищены, и даже её сотрудники не могут получить к ним доступ. Чтобы это подтвердить или опровергнуть, необходимо разобраться с внутренним устройством iCloud Keychain, чем мы и займемся.
This document provides an overview of cryptography concepts including:
- Homework 1 is due on 1/18 and project 1 is due the next day
- It reviews classical ciphers, modern symmetric ciphers like DES, and basic cryptography terminology
- It describes the Feistel cipher structure used in DES, the DES algorithm details like key scheduling and rounds, and strengths and weaknesses of DES versus alternatives like AES and triple DES
This document provides an overview of cryptography fundamentals including:
- Symmetric and asymmetric cryptography principles like encryption with keys and digital signatures.
- The use of random numbers, prime numbers, and algorithms in cryptography.
- Basic security properties like authentication, privacy and integrity.
- Digital signatures, envelopes, and certificates that combine cryptographic methods for authentication and privacy.
- How cryptography standards and export controls balance security and policy concerns.
The document discusses goa, a framework for building REST APIs in Go. It provides an overview of goa's design slangage (DSL) for defining APIs, resources, media types, and code generation tools. Examples are given of defining an Account media type and Account resource using the DSL. The document also mentions using goagen to generate API, client, and Swagger code from the DSL definitions.
The slower the stronger a story of password hash migrationOWASP
Did you know that a single modern GPU is able to compute almost 20 billion MD5 hashes in a second? That’s why we need SLOW hashing algorithms!
This talk is a case study of a successful migration of www.ocado.com customer password hashes. I will not only show you the “why”, “what” and “how”, but also what was problematic, what went wrong and how we dealt with it.
I will talk about slow hashing algorithms - such as Argon2, PBKDF2, BCrypt or SCrypt - and compare them to other popular hashing algorithms - like MD5 or SHA1. Next, I will tell you a story of hashes which took about 80 ms to compute - not slow enough, fairly easy to crack. I will show you what our password hashing code looks like and I will guide you through our migration plan, describing in detail how we executed it, and what problems we encountered on the way.
Safely Protect PostgreSQL Passwords - Tell Others to SCRAMJonathan Katz
Jonathan S. Katz gave a talk on safely protecting passwords in PostgreSQL. He discussed:
- The evolution of password management in PostgreSQL, from storing passwords in plain text to using md5 hashes to modern SCRAM authentication.
- How plain text and md5 password storage are insecure as passwords can be intercepted or cracked.
- The SCRAM authentication standard which allows two parties to verify they know a secret without exchanging the secret directly.
- How PostgreSQL implements SCRAM-SHA-256 to generate a secure verifier from the password and authenticate users with random salts and iterations to secure against brute force attacks.
Presentation by Marco Slaviero at BlackHat USA in 2010.
This presentation is about mining information from memchached. The presentation begins with a brief introduction to memcached. go-derper.rb, a tool developed by the presenter for hacking memchaced servers is introduced and a few memchached mining examples are given. The presentation ends with a brief discussion on serialized objects exposed in the chache.
The document provides information about the Go programming language. It discusses the history and creators of Go, key features of the language such as concurrency and garbage collection, basic Go code examples, and common data types like slices and maps. It also covers Go tools, environments, benchmarks showing Go's performance, and examples of companies using Go in production.
Git Magic: Versioning Files like a Bosstmacwilliam
This document provides an overview of using Git for version control. It discusses setting up Git, making commits, branching, merging, resolving conflicts, reverting changes, collaborating remotely, and using hooks. Key aspects covered include distributed version control, non-linear development with branches, committing snapshots of a project's files, and resolving incompatible changes during merges.
The document discusses best practices for securely implementing cryptography and discusses common cryptography algorithms and implementations such as hashing, symmetric encryption, asymmetric encryption, and password hashing. It emphasizes using proven implementations like those in Django and OpenSSL and enabling HTTPS to securely transmit data. The document also cautions that securely managing cryptographic keys is critical for encryption to provide security.
Thwarting The Surveillance in Online Communication by Adhokshaj MishraOWASP Delhi
This document discusses techniques for countering online surveillance and protecting private communications. It begins by outlining common surveillance methods used by governments and companies, such as wiretapping and exploiting software vulnerabilities. It then discusses using cryptography to counter surveillance and keep data safe, such as encrypting files and filling volumes with cryptographically secure random data. Secure authentication techniques are presented that allow verifying credentials without revealing passwords. Finally, the document details a method for encrypting and authenticating private messages between two parties using Diffie-Hellman key exchange and digital signatures to provide encryption, authentication, deniability and perfect forward secrecy.
- Ethereum is a blockchain platform that allows for the building of decentralized applications and smart contracts. It has its own cryptocurrency called Ether.
- Ethereum transactions are grouped into blocks that are mined approximately every 15 seconds using a proof-of-work consensus algorithm. The Ethereum Virtual Machine runs on every node and can execute smart contracts written in languages like Solidity.
- Ether is used to pay transaction fees, called gas, to incentivize miners to process transactions and smart contracts. The amount of gas used depends on the computational complexity and resources required to execute the transaction or smart contract.
The document discusses secrets in infrastructure as code and how Checkov can help identify secrets before public exposure. It defines what secrets are, including passwords, keys, and credentials. It provides examples of how secrets commonly get exposed, such as through source code commits. It recommends best practices for securing secrets, such as using secrets managers and scanning code for secrets. It introduces Checkov, an open source tool that scans infrastructure as code for security issues and secrets. Checkov uses regular expressions, keywords, and entropy analysis to detect a wide range of secrets.
- The document discusses using the ELK stack (Elasticsearch, Logstash, Kibana) to perform real-time log search, analysis, and monitoring. It provides examples of using Logstash and Elasticsearch for parsing and indexing application logs, and using Kibana for visualization and analysis.
- The document identifies several performance and stability issues with Logstash and Elasticsearch including high CPU usage from grok filtering, GeoIP filtering performance, and Elasticsearch relocation and recovery times. It proposes solutions like custom filtering plugins, tuning Elasticsearch configuration, and optimizing mappings.
- Rsyslog is presented as an alternative to Logstash for log collection with better performance. Examples are given of using Rsyslog plugins and Rainerscript for efficient
Public key cryptography uses two keys, a public key that can encrypt messages and a private key that decrypts messages. It has six components: plain text, encryption algorithm, public and private keys, ciphertext, and decryption algorithm. Some key characteristics are that it is computationally infeasible to determine the private key from the public key alone, and encryption/decryption is easy when the relevant key is known. The requirements of public key cryptography are that it is easy to generate a public-private key pair, easy to encrypt with the public key, easy for the recipient to decrypt with the private key, and infeasible to determine the private key from the public key or recover the plaintext from the ciphertext and public key alone
Hideo Kimura from DeNA presented on the MBGA Open Platform and the Hermit gadget server. The key points are:
- The MBGA Open Platform uses OpenSocial 0.9 and allows third party developers to build gadgets and integrate them into social networks.
- Hermit is the gadget server implemented in Perl using PSGI and Plack. It uses pluggable modules and can handle high volumes of requests through lighttpd and FCGI.
- Future directions include supporting OpenSocial 1.0, developing template APIs, and integrating additional authentication methods.
Get Your Insecure PostgreSQL Passwords to SCRAMJonathan Katz
Passwords: they just seem to work. You connect to your PostgreSQL database and you are prompted for your password. You type in the correct character combination, and presto! you're in, safe and sound.
But what if I told you that all was not as it seemed. What if I told you there was a better, safer way to use passwords with PostgreSQL? What if I told you it was imperative that you upgraded, too?
PostgreSQL 10 introduced SCRAM (Salted Challenge Response Authentication Mechanism), introduced in RFC 5802, as a way to securely authenticate passwords. The SCRAM algorithm lets a client and server validate a password without ever sending the password, whether plaintext or a hashed form of it, to each other, using a series of cryptographic methods.
In this talk, we will look at:
* A history of the evolution of password storage and authentication in PostgreSQL
* How SCRAM works with a step-by-step deep dive into the algorithm (and convince you why you need to upgrade!)
* SCRAM channel binding, which helps prevent MITM attacks during authentication
* How to safely set and modify your passwords, as well as how to upgrade to SCRAM-SHA-256 (which we will do live!)
all of which will be explained by some adorable elephants and hippos!
At the end of this talk, you will understand how SCRAM works, how to ensure your PostgreSQL drivers supports it, how to upgrade your passwords to using SCRAM-SHA-256, and why you want to tell other PostgreSQL password mechanisms to SCRAM!
Termtter is a Ruby-based Twitter client that runs in a terminal. It allows users to interact with Twitter via command line commands and provides a concise real-time Twitter stream directly in the terminal. Some key features include commands to update status, view replies, retweet, and view timelines. It utilizes various Ruby gems and has an open plugin architecture allowing for customization.
Tomas Doran presented on their implementation of Logstash at TIM Group to process over 55 million messages per day. Their applications are all Java/Scala/Clojure and they developed their own library to send structured log events as JSON to Logstash using ZeroMQ for reliability. They index data in Elasticsearch and use it for metrics, alerts and dashboards but face challenges with data growth.
Andrey Belenko, Alexey Troshichev - Внутреннее устройство и безопасность iClo...DefconRussia
Расскажу где и как iCloud Keychain хранит пароли, и какие потенциальные риски это несёт. Apple утверждает, что пароли надежно защищены, и даже её сотрудники не могут получить к ним доступ. Чтобы это подтвердить или опровергнуть, необходимо разобраться с внутренним устройством iCloud Keychain, чем мы и займемся.
This document provides an overview of cryptography concepts including:
- Homework 1 is due on 1/18 and project 1 is due the next day
- It reviews classical ciphers, modern symmetric ciphers like DES, and basic cryptography terminology
- It describes the Feistel cipher structure used in DES, the DES algorithm details like key scheduling and rounds, and strengths and weaknesses of DES versus alternatives like AES and triple DES
This document provides an overview of cryptography fundamentals including:
- Symmetric and asymmetric cryptography principles like encryption with keys and digital signatures.
- The use of random numbers, prime numbers, and algorithms in cryptography.
- Basic security properties like authentication, privacy and integrity.
- Digital signatures, envelopes, and certificates that combine cryptographic methods for authentication and privacy.
- How cryptography standards and export controls balance security and policy concerns.
The document discusses goa, a framework for building REST APIs in Go. It provides an overview of goa's design slangage (DSL) for defining APIs, resources, media types, and code generation tools. Examples are given of defining an Account media type and Account resource using the DSL. The document also mentions using goagen to generate API, client, and Swagger code from the DSL definitions.
The slower the stronger a story of password hash migrationOWASP
Did you know that a single modern GPU is able to compute almost 20 billion MD5 hashes in a second? That’s why we need SLOW hashing algorithms!
This talk is a case study of a successful migration of www.ocado.com customer password hashes. I will not only show you the “why”, “what” and “how”, but also what was problematic, what went wrong and how we dealt with it.
I will talk about slow hashing algorithms - such as Argon2, PBKDF2, BCrypt or SCrypt - and compare them to other popular hashing algorithms - like MD5 or SHA1. Next, I will tell you a story of hashes which took about 80 ms to compute - not slow enough, fairly easy to crack. I will show you what our password hashing code looks like and I will guide you through our migration plan, describing in detail how we executed it, and what problems we encountered on the way.
Safely Protect PostgreSQL Passwords - Tell Others to SCRAMJonathan Katz
Jonathan S. Katz gave a talk on safely protecting passwords in PostgreSQL. He discussed:
- The evolution of password management in PostgreSQL, from storing passwords in plain text to using md5 hashes to modern SCRAM authentication.
- How plain text and md5 password storage are insecure as passwords can be intercepted or cracked.
- The SCRAM authentication standard which allows two parties to verify they know a secret without exchanging the secret directly.
- How PostgreSQL implements SCRAM-SHA-256 to generate a secure verifier from the password and authenticate users with random salts and iterations to secure against brute force attacks.
Similar to Overview and evolution of password-based authentication schemes (20)
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
Ready to Unlock the Power of Blockchain!Toptal Tech
Imagine a world where data flows freely, yet remains secure. A world where trust is built into the fabric of every transaction. This is the promise of blockchain, a revolutionary technology poised to reshape our digital landscape.
Toptal Tech is at the forefront of this innovation, connecting you with the brightest minds in blockchain development. Together, we can unlock the potential of this transformative technology, building a future of transparency, security, and endless possibilities.
2. Passwords in Roman Empire
Ave, Caesar!
http://ancienthistory.about.com/library/bl/bl_text_polybius6.htm
• every night the watchword was changed
• used a “roundtrip” delivery mechanism with confirmation to distribute the
password
3. Passwords in modern world
create
password?
“hunter2”
hehe, no one
will ever guess
9. HTTP digest authentication
• server stores Hash(alice:example.com:hunter2)
GET secret info
nonce
cnonce,
Hash(Hash(alice:example.com:hunter2),nonce,cnonce)
10. HTTP digest authentication
• passwords are not sent in clear text
• protected from replay attacks
• servers may store hashes of passwords instead of
passwords themselves
• server DB leak compromises passwords for specific
realm only
11. HTTP digest authentication
• passwords are not sent in clear text
• protected from replay attacks
• servers may store hashes of passwords instead of
passwords themselves
• server DB leak compromises passwords for specific
realm only
BUT…
12. HTTP digest authentication
• still vulnerable to MiTM
• still vulnerable to spoofed websites
• requires HTTPS
• vulnerable to dictionary attacks
13. HTTP digest authentication
• still vulnerable to MiTM
• still vulnerable to spoofed websites
• requires HTTPS
• vulnerable to dictionary attacks
From RFC 7616:
HTTP Digest Authentication, when used with human-memorable passwords, is vulnerable to
dictionary attacks. Such attacks are much easier than cryptographic attacks on any widely
used algorithm, including those that are no longer considered secure. In other words,
algorithm agility does not make this usage any more secure.
As a result, Digest Authentication SHOULD be used only with passwords that have a
reasonable amount of entropy, e.g., 128-bit or more. Such passwords typically cannot be
memorized by humans but can be used for automated web services.
If Digest Authentication is being used, it SHOULD be over a secure channel like HTTPS.
15. HTTP OAuth
auth token
GET
auth token
• allows delegations
• does not need to use real credentials
• needs other methods to authenticate on authorization server
• HTTPS is needed to protect from eavesdroppers
17. HTTPS is hard
• problems with mixed content
• maybe fixed with implementing proper content security policy
18. HTTPS is hard
• problems with mixed content
• maybe fixed with implementing proper content security policy
• spoofed websites
• similar domain names, same look and feel
19. HTTPS is hard
• problems with mixed content
• maybe fixed with implementing proper content security policy
• spoofed websites
• similar domain names, same look and feel
• spoofed certificates
• https://thehackerblog.com/keeping-positive-obtaining-arbitrary-wildcard-ssl-
certificates-from-comodo-via-dangling-markup-injection/index.html
20. HTTPS is hard
• problems with mixed content
• maybe fixed with implementing proper content security policy
• spoofed websites
• similar domain names, same look and feel
• spoofed certificates
• https://thehackerblog.com/keeping-positive-obtaining-arbitrary-wildcard-ssl-
certificates-from-comodo-via-dangling-markup-injection/index.html
• compromised keys and certificates
• certificate revocation is hard
23. Socialist millionaires
• EC curve: G - base point, n - order of G
• Alice and Bob have x and y respectively. Both want to know whether x==y.
24. Socialist millionaires
• EC curve: G - base point, n - order of G
• Alice and Bob have x and y respectively. Both want to know whether x==y.
Generate a2, a3, s
G2a = a2*G
G3a = a3*G
Generate b2, b3, r
G2b = b2*G
G3b = b3*G
G2a, G3a, G2b, G3b
25. Socialist millionaires
• EC curve: G - base point, n - order of G
• Alice and Bob have x and y respectively. Both want to know whether x==y.
Generate a2, a3, s
G2a = a2*G
G3a = a3*G
Generate b2, b3, r
G2b = b2*G
G3b = b3*G
G2 = a2*G2b
G3 = a3*G3b
Pa = s*G3
Qa = s*G + x*G2
G2 = b2*G2a
G3 = b3*G3a
Pb = r*G3
Qb = r*G + y*G2
G2a, G3a, G2b, G3b
Pa, Qa, Pb, Qb
26. Socialist millionaires
• EC curve: G - base point, n - order of G
• Alice and Bob have x and y respectively. Both want to know whether x==y.
Generate a2, a3, s
G2a = a2*G
G3a = a3*G
Generate b2, b3, r
G2b = b2*G
G3b = b3*G
G2 = a2*G2b
G3 = a3*G3b
Pa = s*G3
Qa = s*G + x*G2
G2 = b2*G2a
G3 = b3*G3a
Pb = r*G3
Qb = r*G + y*G2
Ra = a3*(Qa-Qb) Rb = b3*(Qa-Qb)
G2a, G3a, G2b, G3b
Pa, Qa, Pb, Qb
Ra, Rb
27. Socialist millionaires
• EC curve: G - base point, n - order of G
• Alice and Bob have x and y respectively. Both want to know whether x==y.
Generate a2, a3, s
G2a = a2*G
G3a = a3*G
Generate b2, b3, r
G2b = b2*G
G3b = b3*G
G2 = a2*G2b
G3 = a3*G3b
Pa = s*G3
Qa = s*G + x*G2
G2 = b2*G2a
G3 = b3*G3a
Pb = r*G3
Qb = r*G + y*G2
Ra = a3*(Qa-Qb) Rb = b3*(Qa-Qb)
a3*Rb == Pa-Pb b3*Ra == Pa-Pb
G2a, G3a, G2b, G3b
Pa, Qa, Pb, Qb
Ra, Rb
28. Socialist millionaires
• EC curve: G - base point, n - order of G
• Alice and Bob have x and y respectively. Both want to know whether x==y.
Generate a2, a3, s
G2a = a2*G
G3a = a3*G
Generate b2, b3, r
G2b = b2*G
G3b = b3*G
G2 = a2*G2b
G3 = a3*G3b
Pa = s*G3
Qa = s*G + x*G2
G2 = b2*G2a
G3 = b3*G3a
Pb = r*G3
Qb = r*G + y*G2
Ra = a3*(Qa-Qb) Rb = b3*(Qa-Qb)
a3*Rb == Pa-Pb b3*Ra == Pa-Pb
G2a, G3a, G2b, G3b
Pa, Qa, Pb, Qb
Ra, Rb
a3 * Rb = b3 * Ra = (Pa - Pb) + (a3 * b3 * (x - y)) * G2
29. Socialist millionaires
• EC curve: G - base point, n - order of G
• Alice and Bob have x and y respectively. Both want to know whether x==y.
Generate a2, a3, s
G2a = a2*G
G3a = a3*G
Generate b2, b3, r
G2b = b2*G
G3b = b3*G
G2 = a2*G2b
G3 = a3*G3b
Pa = s*G3
Qa = s*G + x*G2
G2 = b2*G2a
G3 = b3*G3a
Pb = r*G3
Qb = r*G + y*G2
Ra = a3*(Qa-Qb) Rb = b3*(Qa-Qb)
a3*Rb == Pa-Pb b3*Ra == Pa-Pb
G2a, G3a, G2b, G3b
Pa, Qa, Pb, Qb
Ra, Rb
a3 * Rb = b3 * Ra = (Pa - Pb) + (a3 * b3 * (x - y)) * G2
30. Socialist millionaires
• Socialist millionaire problem is a way for two
millionaires to check whether their wealth is equal
• can be used to verify whether two parties posses the same secret
• a passive attacker learns nothing about the protocol and its outcome
• MiTM can do no better than passive attacker except disrupting the
communication channel
• even if one of the parties is dishonest, he learns nothing more that the
protocol outcome
• unlike most other zero-knowledge proofs requires O(1) protocol iterations
• is adopted and has good history
33. OTR SMP
• Uses 1536-bit group calculations
• BUT: LogJam!
• 512-bit broken
• 1024-bit probably
• 1536-bit is very close!
34. Themis SMP vs OTR SMP
• Improving SMP
• moved all cryptographic operations in ECC domain
• modern (boring) cryptography (ed25519)
• timing attacks protection
• fast and performant
• reduced memory footprint
• support for many high-level languages
• simple API
• GitHub: https://github.com/cossacklabs/themis
35. SPAKE2
• EC curve: G - base point, n - order of G, M,N - known fixed points on the curve
• Alice and Bob know w.
36. SPAKE2
• EC curve: G - base point, n - order of G, M,N - known fixed points on the curve
• Alice and Bob know w.
Generate x
X = x*G
T = w*M + X
Generate y
Y = y*G
S = w*N +Y
37. SPAKE2
• EC curve: G - base point, n - order of G, M,N - known fixed points on the curve
• Alice and Bob know w.
Generate x
X = x*G
T = w*M + X
Generate y
Y = y*G
S = w*N +Y
T, S
38. SPAKE2
• EC curve: G - base point, n - order of G, M,N - known fixed points on the curve
• Alice and Bob know w.
Generate x
X = x*G
T = w*M + X
Generate y
Y = y*G
S = w*N +Y
K = x*(S - w*N) K = y*(T - w*M)
T, S
39. SPAKE2
• PAKE - password-authenticated key agreement
• basic SPAKE2 requires only 1 roundtrip
• simple, requires small number of asymmetric cryptographic operations
• easy to implement
• provides a negotiated secret key as a protocol outcome
40. SPAKE2
• PAKE - password-authenticated key agreement
• basic SPAKE2 requires only 1 roundtrip
• simple, requires small number of asymmetric cryptographic operations
• easy to implement
• provides a negotiated secret key as a protocol outcome
• Example: SPAKE2 (https://tools.ietf.org/html/draft-irtf-
cfrg-spake2-03)
42. SMP vs SPAKE2
SMP SPAKE2
• provides mutual authentication
• protected from MiTM
• provides mutual authentication
• protected from MiTM
43. SMP vs SPAKE2
SMP SPAKE2
• provides mutual authentication
• protected from MiTM
• requires 3 roundtrips
• provides mutual authentication
• protected from MiTM
• requires 2 roundtrips
44. Socialist millionaires
• EC curve: G - base point, n - order of G
• Alice and Bob have x and y respectively. Both want to know whether x==y.
Generate a2, a3, s
G2a = a2*G
G3a = a3*G
Generate b2, b3, r
G2b = b2*G
G3b = b3*G
G2 = a2*G2b
G3 = a3*G3b
Pa = s*G3
Qa = s*G + x*G2
G2 = b2*G2a
G3 = b3*G3a
Pb = r*G3
Qb = r*G + y*G2
Ra = a3*(Qa-Qb) Rb = b3*(Qa-Qb)
a3*Rb == Pa-Pb b3*Ra == Pa-Pb
G2a, G3a, G2b, G3b
Pa, Qa, Pb, Qb
Ra, Rb
45. SPAKE2
• EC curve: G - base point, n - order of G, M,N - known fixed points on the curve
• Alice and Bob know w.
Generate x
X = x*G
T = w*M + X
Generate y
Y = y*G
S = w*N +Y
K = x*(S - w*N) K = y*(T - w*M)
T, S
46. SPAKE2
• EC curve: G - base point, n - order of G, M,N - known fixed points on the curve
• Alice and Bob know w.
Generate x
X = x*G
T = w*M + X
Generate y
Y = y*G
S = w*N +Y
K = x*(S - w*N) K = y*(T - w*M)
T, S
Key confirmation?
48. SMP vs SPAKE2
SMP SPAKE2
• provides mutual authentication
• protected from MiTM
• requires 3 roundtrips
• slower
• ~30 times slower in pure C
• provides mutual authentication
• protected from MiTM
• requires 2 roundtrips
• faster
• ~30 times faster in pure C
49. SMP vs SPAKE2
SMP SPAKE2
• provides mutual authentication
• protected from MiTM
• requires 3 roundtrips
• slower
• ~30 times slower in pure C
• ~3 times slower in Python
• provides mutual authentication
• protected from MiTM
• requires 2 roundtrips
• faster
• ~30 times faster in pure C
• ~3 times faster in Python
50. SMP vs SPAKE2
SMP SPAKE2
• provides mutual authentication
• protected from MiTM
• requires 3 roundtrips
• slower
• ~30 times slower in pure C
• ~3 times slower in Python
• negotiates 2 shared secrets
• provides mutual authentication
• protected from MiTM
• requires 2 roundtrips
• faster
• ~30 times faster in pure C
• ~3 times faster in Python
• negotiates 1 shared secret
51. Socialist millionaires
• EC curve: G - base point, n - order of G
• Alice and Bob have x and y respectively. Both want to know whether x==y.
Generate a2, a3, s
G2a = a2*G
G3a = a3*G
Generate b2, b3, r
G2b = b2*G
G3b = b3*G
G2 = a2*G2b
G3 = a3*G3b
Pa = s*G3
Qa = s*G + x*G2
G2 = b2*G2a
G3 = b3*G3a
Pb = r*G3
Qb = r*G + y*G2
Ra = a3*(Qa-Qb) Rb = b3*(Qa-Qb)
a3*Rb == Pa-Pb b3*Ra == Pa-Pb
G2a, G3a, G2b, G3b
Pa, Qa, Pb, Qb
Ra, Rb
52. Socialist millionaires
• EC curve: G - base point, n - order of G
• Alice and Bob have x and y respectively. Both want to know whether x==y.
Generate a2, a3, s
G2a = a2*G
G3a = a3*G
Generate b2, b3, r
G2b = b2*G
G3b = b3*G
G2 = a2*G2b
G3 = a3*G3b
Pa = s*G3
Qa = s*G + x*G2
G2 = b2*G2a
G3 = b3*G3a
Pb = r*G3
Qb = r*G + y*G2
Ra = a3*(Qa-Qb) Rb = b3*(Qa-Qb)
a3*Rb == Pa-Pb b3*Ra == Pa-Pb
G2a, G3a, G2b, G3b
Pa, Qa, Pb, Qb
Ra, Rb
53. SMP vs SPAKE2
SMP SPAKE2
• provides mutual authentication
• protected from MiTM
• requires 3 roundtrips
• slower
• ~30 times slower in pure C
• ~3 times slower in Python
• negotiates 2 shared secrets
• provides zero-knowledge
guarantee
• provides mutual authentication
• protected from MiTM
• requires 2 roundtrips
• faster
• ~30 times faster in pure C
• ~3 times faster in Python
• negotiates 1 shared secret
• has some implementation caveats
54. SPAKE2
• EC curve: G - base point, n - order of G, M,N - known fixed points on the curve
• Alice and Bob know w.
Generate x
X = x*G
T = w*M + X
Generate y
Y = y*G
S = w*N +Y
K = x*(S - w*N) K = y*(T - w*M)
T, S
55. SPAKE2
• EC curve: G - base point, n - order of G, M,N - known fixed points on the curve
• Alice and Bob know w.
Generate x
X = x*G
T = w*M + X
Generate y
Y = y*G
S = w*N +Y
K = x*(S - w*N) K = y*(T - w*M)
T, S
56. SPAKE2
• EC curve: G - base point, n - order of G, M,N - known fixed points on the curve
• Alice and Bob know w.
Generate x
X = x*G
T = w*M + X
Generate y
Y = y*G
S = w*N +Y
K = x*(S - w*N) K = y*(T - w*M)
T, S
To successfully complete the protocol:
• the peer may not even know w (the real secret
information)
• but only w*M and w*N (its public derivatives)
60. Possible use-cases
SMP (or SPAKE2 with confirm)
Encrypted communication (K1)
• Automatic key rotation for long-lived encrypted connections
61. Possible use-cases
SMP (or SPAKE2 with confirm)
Encrypted communication (K1)
• Automatic key rotation for long-lived encrypted connections
save negotiated key
62. Possible use-cases
SMP (or SPAKE2 with confirm)
Encrypted communication (K1)
Encrypted communication (K2)
• Automatic key rotation for long-lived encrypted connections
save negotiated key
63. Conclusions
• Zero-knowledge protocols are useful building blocks for
enhanced security and privacy preserving protocols
• They can be useful in a scenario where one of the protocol participants may
be malicious
• You may use SPAKE2 for many real world tasks, but you
have to be aware of the caveats
• Socialist millionaire protocol provides more security
guarantees, although with some performance penalty