DaemonForums  

Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 13th November 2013
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,710
Thanked 214 Times in 189 Posts
Default Cryptanalysis: a stunning display of bad security design

Some background

Triple DES, commonly referred to as 3DES, is a perfectly acceptable and well understood stream cipher. It was one of the algorithms I studied when I took a cryptography course last year.

During that course, Prof. Boneh hammered into us that as cryptology amateurs, we should never desgin our own cyrptographic solutions, even when using well understood primitiives. Such as 3DES, or AES, or SHA256. Mistakes in design can permit an attacker to obtain partial plaintext, partial keys, or critical information permitting them to derive partial plaintext or keys.


The news

You may have heard the news that Adobe disclosed a loss of 3 million encrypted passwords. You may also have heard that they underreported the loss by a factor of 20 -- that the password database that was published online actually lists 150 million userids, Email addresses, password hints and encrypted passwords. You might also have received an Email from Adobe in October about the disclosure, as I did.

The 3DES cipher is excellent, for its intended purpose. Its choice for static information, or data at rest, was excoriable. Its implementation in Adobe's database was nothing short of excrement.

This morning, there was an article on Bruce Schneier's blog, that pointed to a fascinating cryptanalysis by Paul Ducklin, who contributes to the Naked Security column at Sophos. His column, Anatomy of a password disaster - Adobe's giant-sized cryptographic blunder, is intended for the lay reader, and is clear, understandable, and compelling. You do not need to have a background in cryptography to understand it.

Everyone who uses the Internet should read it.

Don't read it just to enjoy Adobe's ineptitude, which is devastatingly, mind bogglingly fun to read about and understand.

Read it because there will be future ill-conceived solutions, and these could be solutions we devise ourselves.

Read it because we all need to understand that we never know how well protected any information is, in the event it is disclosed. Whether that information is in the trust of others, or our own.

And, read it because we should all be cognizant of just how easy cryptanalysis is when the same key is reused for the same information.
Reply With Quote
  #2   (View Single Post)  
Old 14th November 2013
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Thanked 0 Times in 0 Posts
Default

Hi jggimi ! thanks for the interesting thread
Outliars pretend to care about users privacy ..

http://nakedsecurity.sophos.com/2013...ails-on-adobe/
http://nakedsecurity.sophos.com/2013...phic-defaults/
Reply With Quote
  #3   (View Single Post)  
Old 14th November 2013
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,710
Thanked 214 Times in 189 Posts
Default

Perhaps I was not sufficiently clear. Anyone can make mistakes that unknowingly puts privacy at risk. Not just Adobe. It does not matter if we trust another entity, or if we trust only ourselves.

Example:

A privacy advocate ensures that her personal connections to the Internet are always through Tor. She keeps all of her software up to date and watches for security announcements that affect any of her components: OS, Tor, browser, and other tools. She also uses the P2P protocol BitTorrent from her main workstation. It does not work very well, and she is unaware that the BitTorrent protocol publishes her real IP address, eliminating the privacy she works hard to maintain.

Example:

An OpenBSD user sets up a small application server, and sets up PF rules that pass traffic to all of his daemons, blocking everything else. He thinks he has secured his system, because he is using OpenBSD with PF, both of which surely enhance his security. He is unaware that his pass rules have exposed his new application server's internal database to the Internet.

Example:

An OpenBSD user gets an Email from Adobe, telling him that they had a security breach. He doesn't know when it occurred, or the extent of the breach, but the userid was one he used commonly, and he had been using the same easy to remember password on a lot of his network accounts that did not have personal information within them. He spent the next week changing passwords on all of his network accounts anyway, and he is still not sure if he got all of them, more than a month later.
Reply With Quote
  #4   (View Single Post)  
Old 14th November 2013
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Old man from scene 24
 
Join Date: Apr 2008
Location: Eindhoven, Netherlands
Posts: 2,074
Thanked 198 Times in 156 Posts
Default

It could be worse. A large Dutch telecom (KPN) once claimed their passwords were encrypted with UTF-8 :-)

I've once had my password read to me over the phone by someone checking some basic information (name, email, address, and apparently also password)... The (repeated) attempts to actually pronounce my random passwords were quite amusing.

A few months ago, there was quite some hubub in the Netherlands because a journalist had `hacked' a medical system because a patient had overheard a password.

The point is, whenever you use a password, *anywhere*, it's best to always assume your password is public.
Just storing the passwords securely is no guarantee. I could, for example, easily modify the code for these forums to email me your password when you login.

The best thing you can do is:
1) Use a password manager & unique passwords
2) *Always* use a password manager & unique passwords!

This won't actually stop misuse, but it would certainly limit the scope of misuse.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #5   (View Single Post)  
Old 14th November 2013
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,710
Thanked 214 Times in 189 Posts
Default

Quote:
2) *Always* use a password manager & unique passwords!
That long time OpenBSD user mentioned in my third example is doing that now.
Reply With Quote
  #6   (View Single Post)  
Old 14th November 2013
shep shep is offline
ISO Quartermaster
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 593
Thanked 9 Times in 9 Posts
Default

Quote:
2) *Always* use a password manager & unique passwords!
I moved away from complex desktops (Gnome/KDE) with keyring based password managers.

Any suggestions about the available password managers in OpenBSD with a window manager like FluxBox or OpenBox?
Reply With Quote
  #7   (View Single Post)  
Old 14th November 2013
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Thanked 0 Times in 0 Posts
Default

Hi shep ! I was about to ask as well .. then , is keepassx convenient ?
Thanks jggimi ! your examples are to the point but some (I mean myself) learn too late ..
Reply With Quote
  #8   (View Single Post)  
Old 14th November 2013
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Old man from scene 24
 
Join Date: Apr 2008
Location: Eindhoven, Netherlands
Posts: 2,074
Thanked 198 Times in 156 Posts
Default

If you want a basic solution, you can do this in vim:

Code:
:set cryptmethod=blowfish
:X
:w ~/passwords
Note the default cryptmethod is *not* secure, you *need* to set it to blowfish!

Don't forget to backup (no matter how you store your passwords), you will *not* be happy if you lose it.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #9   (View Single Post)  
Old 15th November 2013
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Thanked 0 Times in 0 Posts
Default

Thanks Carpetsmoker !

Quoting keepassx wikipedia page :
Quote:
KeePass encrypts the database with the AES or Twofish symmetric ciphers. AES is the default option, and Twofish is available in 1.x, but is not available in version 2.x. However, a separate plugin provides Twofish as an encryption algorithm.
Reply With Quote
Old 10th February 2014
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Old man from scene 24
 
Join Date: Apr 2008
Location: Eindhoven, Netherlands
Posts: 2,074
Thanked 198 Times in 156 Posts
Default

I wrote a few functions to make Vim work as a password manager ... I cleaned that up a bit, and released it as a program of sorts.

http://code.arp242.net/password-bunny

This is ridiculous simple, but it's the best password manager I've used so far...
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
Old 10th February 2014
thirdm thirdm is offline
Package Pilot
 
Join Date: May 2009
Posts: 205
Thanked 3 Times in 3 Posts
Default

Quote:
Originally Posted by jggimi View Post
You may have heard the news that Adobe disclosed a loss of 3 million encrypted passwords. You may also have heard that they underreported the loss by a factor of 20 -- that the password database that was published online actually lists 150 million userids, Email addresses, password hints and encrypted passwords. You might also have received an Email from Adobe in October about the disclosure, as I did.
It's sad that it's Adobe being so incompetent, but of course it's rampant.

I know a place that not only uses 3DES for passwords, but keeps the key in the text of the executable. In case that's not a big enough hole, it provides an API function that will authenticate you if you provide the cipher text of your password (think if passwd had a flag where you could provide the ciphertext in master.passwd and that would be as good as typing your password). When I challenged someone on that I was told it was to avoid having users keep their unencrypted password in a file on their machine's file system for programs that run automated without a chance for a login prompt. Heh. Challenge them a little more and you soon get, "well our systems are only meant for internal networks anyway." So let's be honest about it and not have authentication at all.

I'm not pretending to be any kind of expert, but when even I could break your system, you're pretty pathetic.
Reply With Quote
Old 10th February 2014
Beastie Beastie is offline
Daemonology student
 
Join Date: Jan 2009
Location: /dev/earth0
Posts: 270
Thanked 23 Times in 23 Posts
Default

Quote:
Originally Posted by Carpetsmoker View Post
Great Monty Python references
__________________
May the source be with you!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
The Design and Implementation of the FreeBSD Operating System cajunman4life Book reviews 9 27th July 2013 04:04 PM
Home LAN design help. silex OpenBSD General 0 15th December 2012 09:40 AM
SilverStripe CMS 3.0 arrives with new interface design J65nko News 0 3rd July 2012 07:22 AM
HTTP cookies, or how not to design protocols J65nko News 2 31st October 2010 07:39 AM
Design & Implementation 4.4 BSD vs FreeBSD m3t4tr0n Book reviews 8 6th August 2010 11:02 PM


All times are GMT. The time now is 09:41 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick