scram authentication
play

SCRAM authentication Heikki Linnakangas / Pivotal pg_hba.conf # - PowerPoint PPT Presentation

Sep 30, 2023 •131 likes •393 views

SCRAM authentication Heikki Linnakangas / Pivotal pg_hba.conf # TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all all trust # Use

  1. SCRAM authentication Heikki Linnakangas / Pivotal

  2. pg_hba.conf # TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all all trust # Use plaintext authentication from localhost host all all 127.0.0.1 plain # Allow md5 authentication from example.com, with SSL hostssl all all .example.com md5 # Require SCRAM for everyone else host all all 0.0.0.0/0 scram-sha-256

  3. PostgreSQL authentication methods ● Password-based: – password (plaintext) – crypt – md5 – scram-sha-256 – RADIUS / LDAP / PAM ● Others: – SSL certificate – kerberos

  4. (Plain) Password authentication Server: Hey, what’s your password? Client: “Swordfjsh” Server: ok, cool

  5. Plain password authentication ● Obviously weak – Password sniffing ● Ok over SSL – With sslmode=verify-full ● Used by RADIUS, LDAP, PAM, BSD authentication methods!

  6. MD5 authentication Server: Here are 4 random bytes (salt). Please compute: md5(md5(password || username), salt) Client: 23dff85f7c38ee928f0c21ae710bba5d Server: Ok, cool

  7. MD5 weaknesses md5( md5(password || username) , salt) ● Password guessing – My laptop can compute about 7 million MD5 hashes per second ● Replay – Only 4 billion unique 4-byte salts (birthday attack) ● Stolen hashes – You don’t need the original password to log in. The hash stored in pg_auth.rolpassword is enough.

  8. Other MD5 issues ● Renaming a user invalidates the password – Because the hash includes the username ● db_user_namespace cannot be used – For same reason ● MD5 has a bad reputation

  9. SCRAM to the rescue! ● S alted C hallenge R esponse A uthentication M echanism ● To be precise, PostgreSQL implements SCRAM-SHA-256 ● Defined by RFC 5802 and RFC 7677 ● Challenge-response like MD5 authentication

  10. SCRAM Client: Hi! Here’s a random nonce: r=fyko+d2lbbFgONRv9qkxdawL Server: Hi! Here’s my random nonce, salt and iteration count: r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j, s=QSXCR+Q6sek8bf92, i=4096 Client: Here’s my proof that I know the password: <ClientProof> Server: Ok, cool. And here’s my proof that I knew it too: <ServerProof>

  11. SCRAM ● More resistant to dictionary attacks – The computation to guess password is much more resource intensive – Configurable iteration count ● Longer nonces defeat replay attacks ● The verifiers stored in pg_authid.rolpassword don’t allow impersonating the user

  12. SCRAM-SHA-256 ● Relatively simple implementation – < 1000 lines of code in libpq ● Relies only on SHA-256 hash function

  13. Password verifiers set password_encryption=' md5 '; create user md5_user password 'foo'; set password_encryption=' scram-sha-256 '; create user scram_user password 'foo';

  14. Password verifiers SCRAM-SHA-256$<salt>:<iteration count>$<hashes> postgres=# select rolname, rolpassword from pg_authid rolname | rolpassword ------------+--------------------------------------------- md5_user | md591334fcda28129398a9cdb3f551e3cc8 scram_user | SCRAM-SHA- 256$4096:uZngi0eCu0IF6wbG$zMiBqWGTny5EEa1I+38fCT8OcuA0xbGA alZfHRh/g6g=:8KiMkegRYfcoEXk9+aLJwR1JhMbM4LyDxQE2arrEvRU= (2 rows)

  15. Compatibility ● ‘md5’ in pg_hba.conf actually means “SCRAM- SHA-256 or MD5 authentication” ● ‘scram-sha-256’ means SCRAM-SHA-256 only ● Plaintext ‘password’ authentication works with either kind of hash

  16. Simple Authentication and Security Layer (SASL) ● “The Simple Authentication and Security Layer (SASL) is a framework for providing authentication and data security services in connection-oriented protocols via replaceable mechanisms.” ● Decouples authentication from application protocol (like PostgreSQL’s FE/BE protocol) ● SCRAM is one SASL authentication mechanism

  17. SASL ● Currently, PostgreSQL has a built-in SCRAM-SHA-256 implementation ● Would be straightforward to add more SASL authentication mechanisms ● Could use an external library to add support for more (e.g. Cyrus libsasl) ● Client can use a library that implements SASL and SCRAM-SHA-256 – Java has a very generic SASL implementation, but no built-in SCRAM-SHA-256 provider

  18. PostgreSQL 10 ● SCRAM-SHA-256 ● Channel binding not supported ● Username is always passed as empty

  19. Migrating 1.Upgrade all clients 2.Set password_encryption=’scram-sha-256’ in postgresql.conf 3.Change all user passwords

  20. SCRAM is not encryption! ● SSL is still recommended – SCRAM is only authentication, not encryption!

  21. Future, short-term ● Implement SCRAM-SHA-256 in all the drivers – JDBC, ODBC (uses libpq), Python, .Net, Ruby, … ● Add support to middleware – Pgbouncer, pgpool-II ● Add option to libpq to require SCRAM ● Implement channel binding

  22. Channel binding ● “binds” the SSL session to the authentication exchange ● Defeats man-in-the-middle attacks ● Makes it unnecessary to have CA certificate in the client

  23. Channel binding ● Not implemented yet ● Michael Paquier created a patch for PostgreSQL 11

  24. Future, long-term ● Allow storing SCRAM verifier in LDAP ● Delegation for middleware ● Zero-knowledge proof – SRP

  25. Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SCRAM in LDAP Better Password-based Authentication Kurt Zeilenga Isode Limited What is SCRAM?

SCRAM in LDAP Better Password-based Authentication Kurt Zeilenga Isode Limited What is SCRAM?

SCRAM in LDAP Better Password-based Authentication Kurt Zeilenga Isode Limited What is SCRAM? S alted C hallenge R esponse A uthentication M echanism SCRAM-SHA-1-PLUS An improved SASL mechanism for password authentication of the

469 views • 31 slides
Salted Challenge Response Authentication Mechanism (SCRAM) draft-newman-auth-scram-10.txt

Salted Challenge Response Authentication Mechanism (SCRAM) draft-newman-auth-scram-10.txt

Salted Challenge Response Authentication Mechanism (SCRAM) draft-newman-auth-scram-10.txt Abhijit Menon-Sen &lt;ams@oryx.com&gt; Chris Newman &lt;chris.newman@sun.com&gt; Alexey Melnikov &lt;alexey.melnikov@isode.com&gt; Simon Josefsson

189 views • 7 slides
WHAT IS SCRAM? A SHORT INTRODUCTION . Ms Angela Tuffley, RedBay Consulting Dr Betsy Clark,

WHAT IS SCRAM? A SHORT INTRODUCTION . Ms Angela Tuffley, RedBay Consulting Dr Betsy Clark,

WHAT IS SCRAM? A SHORT INTRODUCTION . Ms Angela Tuffley, RedBay Consulting Dr Betsy Clark, Software Metrics Inc Mr Adrian Pitman, DAEI, CASG CASG SCRAM Principals 2 Schedule Compliance Risk Assessment Methodology: SCRAM SCRAM is a

250 views • 23 slides
SCRAM Instructions II Philipp Koehn 23 February 2018 Philipp Koehn Computer Systems

SCRAM Instructions II Philipp Koehn 23 February 2018 Philipp Koehn Computer Systems

SCRAM Instructions II Philipp Koehn 23 February 2018 Philipp Koehn Computer Systems Fundamentals: SCRAM Instructions II 23 February 2018 Reminder 1 Fully work through a computer circuit assembly code Simple but Complete Random

822 views • 33 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
SCRAM Instructions Philipp Koehn 16 September 2019 Philipp Koehn Computer Systems Fundamentals:

SCRAM Instructions Philipp Koehn 16 September 2019 Philipp Koehn Computer Systems Fundamentals:

SCRAM Instructions Philipp Koehn 16 September 2019 Philipp Koehn Computer Systems Fundamentals: SCRAM Instructions 16 September 2019 Reminder 1 Fully work through a computer circuit assembly code Simple but Complete Random

1k views • 73 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

613 views • 27 slides
SCRAM Introduction Philipp Koehn 13 September 2019 Philipp Koehn Computer Systems Fundamentals:

SCRAM Introduction Philipp Koehn 13 September 2019 Philipp Koehn Computer Systems Fundamentals:

SCRAM Introduction Philipp Koehn 13 September 2019 Philipp Koehn Computer Systems Fundamentals: SCRAM Introduction 13 September 2019 A Simple Computer 1 Fully work through a computer circuit assembly code Simple but Complete

350 views • 31 slides
SCRAM: Scaleable Collision-avoiding Role Assignment with Minimal-makespan for Formational

SCRAM: Scaleable Collision-avoiding Role Assignment with Minimal-makespan for Formational

SCRAM: Scaleable Collision-avoiding Role Assignment with Minimal-makespan for Formational Positioning Patrick MacAlpine, Eric Price, and Peter Stone Department of Computer Science, The University of Texas at Austin January 30, 2015 Patrick

1.31k views • 94 slides
A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization, Sessions Authentication Determining user identity Multiple ways What you know (password) What you have (phone, RSA SecureID, Yubikey)

1.57k views • 28 slides
Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password Token-based authentication Third party authentication Local Authentication How to store and verify password? Clear Data can be hacked

615 views • 14 slides
The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch Security Engineer kbabioch@suse.de New authentication standards ... 2 Some authentication technologies ... 3 - Authentication theory -

1.28k views • 88 slides
Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239 Authentication on a single machine Computer Security Authentication across a network February 21, 2007 Lecture 9 Lecture 9 Page 1 Page 2 CS 236,

302 views • 8 slides
DPM COR DPM CORPORA PORATE TE P PRESE RESENT NTATION TION Chelopech Mine, Bulgaria Aug

DPM COR DPM CORPORA PORATE TE P PRESE RESENT NTATION TION Chelopech Mine, Bulgaria Aug

DPM COR DPM CORPORA PORATE TE P PRESE RESENT NTATION TION Chelopech Mine, Bulgaria Aug ugust ust 20 2016 16 FORWARD LOOKING STATEMENTS This presentation contains forward looking information or &quot;forward looking

625 views • 47 slides
Attacks on Android 7 File Based Encryption Ronan Loftus 1 &amp; Marwin Baumann 1 1 Systems and

Attacks on Android 7 File Based Encryption Ronan Loftus 1 &amp; Marwin Baumann 1 1 Systems and

Introduction Overview Attacks Conclusion Attacks on Android 7 File Based Encryption Ronan Loftus 1 &amp; Marwin Baumann 1 1 Systems and Network Engineering MSc. University of Amsterdam Research Project 1, 2017 Ronan Loftus &amp; Marwin

990 views • 41 slides
SRS Client Future direction of SRS client Current Client Tested on 5 different distros in

SRS Client Future direction of SRS client Current Client Tested on 5 different distros in

SRS Client Future direction of SRS client Current Client Tested on 5 different distros in 32 bit and 64 bit Requires a dedicated test/build box Difficult Crypt::OpenPGP dependencies Poor error reporting Not thread

495 views • 5 slides
Protec'ng communica'on since 2013 Micael Berg Chief Sales Officer Cryp4fy Cryp'fy Call Secure

Protec'ng communica'on since 2013 Micael Berg Chief Sales Officer Cryp4fy Cryp'fy Call Secure

Protec'ng communica'on since 2013 Micael Berg Chief Sales Officer Cryp4fy Cryp'fy Call Secure voice and messaging, that Adds security to Your standard mobile phone Gives the You absolute and exclusive control of all cryptographic

262 views • 15 slides
Vulcan: Hardware Support for Detecting Sequential Consistency Violations Dynamically Abdullah

Vulcan: Hardware Support for Detecting Sequential Consistency Violations Dynamically Abdullah

Vulcan: Hardware Support for Detecting Sequential Consistency Violations Dynamically Abdullah Muzahid , Shanxiang Qi , and Josep Torrellas University of Illinois at Urbana-Champaign http://iacoma.cs.uiuc.edu MICRO December 2012 Sequential

261 views • 24 slides
We build Transport for the North John Cridland for a better Spitalfields Crypt Trust Gary

We build Transport for the North John Cridland for a better Spitalfields Crypt Trust Gary

Upfront magazine We build for a better society issue #7: 17, June A Skanska publication in print online Inside this issue Creating a positive legacy K&amp;L Gates Clarissa Coleman We build Transport for the North John Cridland for a

292 views • 5 slides
New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4 Subhamoy Maitra ,

New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4 Subhamoy Maitra ,

New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4 Subhamoy Maitra , ISI, Kolkata Goutam Paul , Jadavpur University, Kolkata Roadmap Introduction Related Work and Contribution Bias in the Permutation

531 views • 36 slides
Presentation by the UK Team to Germany Mackenzie, Isabel, Joanna, Luka, Ben, Mario OVERVIEW OF

Presentation by the UK Team to Germany Mackenzie, Isabel, Joanna, Luka, Ben, Mario OVERVIEW OF

Presentation by the UK Team to Germany Mackenzie, Isabel, Joanna, Luka, Ben, Mario OVERVIEW OF THE CITY OF HAMBURG HAMBURG CITY IS THE SECOND LARGEST CITY IN GERMANY AFTER BERLIN AND THE NINTH LARGEST IN THE EU (EUROPEAN UNION) IN TERMS OF

389 views • 15 slides

More recommend