storing passwords in linux
play

Storing passwords in Linux Stored in /etc/shadow - PowerPoint PPT Presentation

Jun 05, 2023 •425 likes •887 views

Storing passwords in Linux Stored in /etc/shadow seed:$6$5MfvmFOaDU$CVt7:14400:0:99999:7:: Colon-separated values, including: username:hash Hash is $-separated values: Id (6 = based on SHA-512, 1 = based on MD5, etc.)

  1. Storing passwords in Linux • Stored in /etc/shadow seed:$6$5MfvmFOaDU$CVt7…:14400:0:99999:7:: • Colon-separated values, including: • username:hash • Hash is $-separated values: • Id (6 = based on SHA-512, 1 = based on MD5, etc.) • Salt • The hash (after being taken multiple times)

  2. Misusing crypto Avoid shooting yourself in the foot: • Do not roll your own cryptographic mechanisms • Takes peer review • Apply Kerkhoff’s principle • Do not misuse existing crypto • Do not even implement the underlying crypto

  3. A paper from 2013 that looked at how Android 
 apps use crypto, as a function of 6 “rules” that reflect 
 the bare minimum a secure programmer should know:

  4. A paper from 2013 that looked at how Android 
 apps use crypto, as a function of 6 “rules” that reflect 
 the bare minimum a secure programmer should know: 1. Do not use ECB mode for encryption. Period.

  5. A paper from 2013 that looked at how Android 
 apps use crypto, as a function of 6 “rules” that reflect 
 the bare minimum a secure programmer should know: 1. Do not use ECB mode for encryption. Period. 2. Do not use a non-random IV for CBC encryption.

  6. A paper from 2013 that looked at how Android 
 apps use crypto, as a function of 6 “rules” that reflect 
 the bare minimum a secure programmer should know: 1. Do not use ECB mode for encryption. Period. 2. Do not use a non-random IV for CBC encryption. 3. Do not use constant encryption keys .

  7. A paper from 2013 that looked at how Android 
 apps use crypto, as a function of 6 “rules” that reflect 
 the bare minimum a secure programmer should know: 1. Do not use ECB mode for encryption. Period. 2. Do not use a non-random IV for CBC encryption. 3. Do not use constant encryption keys . 4. (see paper)

  8. A paper from 2013 that looked at how Android 
 apps use crypto, as a function of 6 “rules” that reflect 
 the bare minimum a secure programmer should know: 1. Do not use ECB mode for encryption. Period. 2. Do not use a non-random IV for CBC encryption. 3. Do not use constant encryption keys . 4. (see paper) 5. (see paper)

  9. A paper from 2013 that looked at how Android 
 apps use crypto, as a function of 6 “rules” that reflect 
 the bare minimum a secure programmer should know: 1. Do not use ECB mode for encryption. Period. 2. Do not use a non-random IV for CBC encryption. 3. Do not use constant encryption keys . 4. (see paper) 5. (see paper) 6. Do not use static seeds to seed SecureRandom(.)

  10. Crypto misuse in Android apps 15,134 apps from Google play used crypto; Analyzed 11,748 of them

  11. Crypto misuse in Android apps 15,134 apps from Google play used crypto; Analyzed 11,748 of them 48% 31% 17% 16% 14% 12%

  12. Crypto misuse in Android apps 15,134 apps from Google play used crypto; Analyzed 11,748 of them 48% 31% 17% 16% 14% 12%

  13. 
 BouncyCastle defaults • BouncyCastle is a library that conforms to Java’s Cipher interface: Cipher c = 
 Cipher.getInstance(“AES/CBC/PKCS5Padding”); // Ultimately end up wrapping a ByteArrayOutputStream 
 // in a CipherOutputStream • Java documentation specifies:

  16. Crypto misuse in Android apps 15,134 apps from Google play used crypto; Analyzed 11,748 of them 48% 31% 17% 16% 14% 12%

  17. Crypto misuse in Android apps 15,134 apps from Google play used crypto; Analyzed 11,748 of them 48% 31% 17% 16% 14% 12% A failure of the programmers to know the tools they use A failure of library writers to provide safe defaults

  18. Misusing crypto Avoid shooting yourself in the foot: • Do not roll your own cryptographic mechanisms • Takes peer review • Apply Kerkhoff’s principle • Do not misuse existing crypto • Do not even implement the underlying crypto

  19. Why not implement AES/RSA/etc. yourself? • Not talking about creating a brand new crypto scheme, just implementing one that’s already widely accepted and used. • Kerkhoff’s principle: these are all open standards; should be implementable. • Potentially buggy/incorrect code, but so might be others’ implementations (viz. OpenSSL bugs, poor defaults in Bouncy castles, etc.) • So why not implement it yourself?

  20. Side-channel attacks • Cryptography concerns the theoretical difficulty in breaking a cipher Input 
 Output 
 Cryptographic processing 
 message message (Encrypt/decrypt/sign/etc.) Secret keys

  21. Side-channel attacks • Cryptography concerns the theoretical difficulty in breaking a cipher Input 
 Output 
 Cryptographic processing 
 message message (Encrypt/decrypt/sign/etc.) Secret keys • But what about the information that a particular implementation could leak? • Attacks based on these are “ side-channel attacks ”

  22. Side-channel attacks • Cryptography concerns the theoretical difficulty in breaking a cipher Leaked information 
 - Power consumption 
 - Electromagnetic radiation - Other (Timing, errors, etc.) Input 
 Output 
 Cryptographic processing 
 message message (Encrypt/decrypt/sign/etc.) Secret keys • But what about the information that a particular implementation could leak? • Attacks based on these are “ side-channel attacks ”

  23. Simple Power Analysis (SPA) • Interpret power traces taken during a cryptographic operation • Simple power analysis can reveal the sequence of instructions executed

  24. SPA on DES Overall operation clearly visible: 
 Can identify the 16 rounds of DES

  25. SPA on DES 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Overall operation clearly visible: 
 Can identify the 16 rounds of DES

  26. SPA on DES Specific instructions are also discernible

  27. SPA on DES Jump taken No jump taken Specific instructions are also discernible

  28. High-level idea HypotheticalEncrypt(msg, key) { for(int i=0; i < key.len(); i++) { 
 if(key[i] == 0) // branch 0 else // branch 1 } }

  29. High-level idea HypotheticalEncrypt(msg, key) { for(int i=0; i < key.len(); i++) { 
 if(key[i] == 0) What if branch 0 had, e.g., 
 // branch 0 a jmp that brand 1 didn’t? else // branch 1 } }

  30. High-level idea HypotheticalEncrypt(msg, key) { for(int i=0; i < key.len(); i++) { 
 if(key[i] == 0) What if branch 0 had, e.g., 
 // branch 0 a jmp that brand 1 didn’t? else // branch 1 } } Implementation issue: If the execution path depends on the inputs (key/data), then SPA can reveal keys

  31. High-level idea HypotheticalEncrypt(msg, key) { for(int i=0; i < key.len(); i++) { 
 if(key[i] == 0) What if branch 0 had, e.g., 
 // branch 0 a jmp that brand 1 didn’t? else // branch 1 What if branch 0 } } Implementation issue: If the execution path depends on the inputs (key/data), then SPA can reveal keys

  32. High-level idea HypotheticalEncrypt(msg, key) { for(int i=0; i < key.len(); i++) { 
 if(key[i] == 0) What if branch 0 had, e.g., 
 // branch 0 a jmp that brand 1 didn’t? else // branch 1 What if branch 0 } - took longer? (timing attacks) } Implementation issue: If the execution path depends on the inputs (key/data), then SPA can reveal keys

  33. High-level idea HypotheticalEncrypt(msg, key) { for(int i=0; i < key.len(); i++) { 
 if(key[i] == 0) What if branch 0 had, e.g., 
 // branch 0 a jmp that brand 1 didn’t? else // branch 1 What if branch 0 } - took longer? (timing attacks) } - gave off more heat? Implementation issue: If the execution path depends on the inputs (key/data), then SPA can reveal keys

  34. High-level idea HypotheticalEncrypt(msg, key) { for(int i=0; i < key.len(); i++) { 
 if(key[i] == 0) What if branch 0 had, e.g., 
 // branch 0 a jmp that brand 1 didn’t? else // branch 1 What if branch 0 } - took longer? (timing attacks) } - gave off more heat? - made more noise? 
 - … Implementation issue: If the execution path depends on the inputs (key/data), then SPA can reveal keys

  35. Differential Power Analysis (DPA) • SPA just visually inspects a single run • DPA runs iteratively and reactively • Get multiple samples • Based on these, construct new plaintext messages as inputs, and repeat

  36. Mitigating such attacks • Hide information by making the execution paths depend on the inputs as little as possible • Have to give up some optimizations that depend on particular bit values in keys Some Chinese Remainder Theorem (CRT) optimizations - permitted remote timing attacks on SSL servers • The crypto community should seek to design cryptosystems under the assumption that some information is going to leak

  37. Other side-channel attacks • Typical threat model: attacker doesn’t have root access to a particular machine • So we safely store keys in memory • But what if the attacker had physical access to the machine?

  38. Attack • Attacker’s goal: reboot the machine into an OS that that he or she controls to look at memory contents • Challenge: memory loses state without power 5 sec 30 sec 60 sec 5 min

  39. Cold boot attack Memory loses its state slower 
 at really cold temperatures

  40. Cold boot attack Memory loses its state slower 
 at really cold temperatures

  41. Cold boot attack Memory loses its state slower 
 at really cold temperatures

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and

User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and

CSS322 Passwords Authentication Passwords Entropy User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by

670 views • 28 slides
User Authentication Storing Passwords Selecting Passwords ITS335: IT Security Tokens

User Authentication Storing Passwords Selecting Passwords ITS335: IT Security Tokens

ITS335 User Authentication Authentication Passwords User Authentication Storing Passwords Selecting Passwords ITS335: IT Security Tokens Biometrics Sirindhorn International Institute of Technology Summary Thammasat University Prepared

663 views • 40 slides
Keys to the Kingdom A presentation to: E-Business 2008 Mike Auty E-Security at WDL Date: 16 th

Keys to the Kingdom A presentation to: E-Business 2008 Mike Auty E-Security at WDL Date: 16 th

Keys to the Kingdom A presentation to: E-Business 2008 Mike Auty E-Security at WDL Date: 16 th October 2008 Overview Securing Systems Passwords Storing Passwords Guessing Passwords What can I do about it?

518 views • 16 slides
Good Passwords, Bad Passwords, and How to See the Difference David Klaftenegger Department of

Good Passwords, Bad Passwords, and How to See the Difference David Klaftenegger Department of

Good Passwords, Bad Passwords, and How to See the Difference David Klaftenegger Department of Information Technology Uppsala University, Sweden 20. January 2020 Caveat Auditor Background Passwords this talk contains opinions Diceware

447 views • 43 slides
PASSWORDS CS682: Advanced Security Topics Vasiliki Panteli 3/9/2020 Passwords 1 Passwords

PASSWORDS CS682: Advanced Security Topics Vasiliki Panteli 3/9/2020 Passwords 1 Passwords

PASSWORDS CS682: Advanced Security Topics Vasiliki Panteli 3/9/2020 Passwords 1 Passwords Passwords is a user authentication mechanism that is widely adopted for many years Methods for user authentication: Something you know

901 views • 52 slides
Security: Some Fun with Passwords How to handle Passwords: the Basics Rainbow Attacks Not

Security: Some Fun with Passwords How to handle Passwords: the Basics Rainbow Attacks Not

CSCE Intro to Computer Systems Security - Passwords Security: Some Fun with Passwords How to handle Passwords: the Basics Rainbow Attacks Not too long ago Hi, I forgot my password! Let me help you. What is your name? My Name is John

369 views • 5 slides
Setting Strong Encrypted Passwords Configuring Password Encryption for Clear Text Passwords Cisco

Setting Strong Encrypted Passwords Configuring Password Encryption for Clear Text Passwords Cisco

Setting Strong Encrypted Passwords Configuring Password Encryption for Clear Text Passwords Cisco IOS stores passwords in clear text in network device configuration files for several features such as passwords for local and remote CLI sessions,

354 views • 13 slides
STUDENT PASSWORDS GUI DEL I NES FOR 2 0 1 9 -2 020 S T U D E N T S , U P D A T E Y O U R P A

STUDENT PASSWORDS GUI DEL I NES FOR 2 0 1 9 -2 020 S T U D E N T S , U P D A T E Y O U R P A

STUDENT PASSWORDS GUI DEL I NES FOR 2 0 1 9 -2 020 S T U D E N T S , U P D A T E Y O U R P A S S W O R D F R O M H O M E ! Students: Update your password this summer from home! Student passwords were reset on 7/3/2019. Please follow the

525 views • 14 slides
Passwords in the Wild Passwords in the Wild Who am I...? My blog... SkullSecurity.org Random

Passwords in the Wild Passwords in the Wild Who am I...? My blog... SkullSecurity.org Random

Passwords in the Wild Passwords in the Wild Who am I...? My blog... SkullSecurity.org Random research, rants, etc. Nmap dev news Password database I post updates to Twitter https://twitter.com/iagox86 My job... Tenable Network Security

990 views • 88 slides
Crypto with Passwords Lecture 22 Passwords Password or passphrase: Low-entropy shared secret

Crypto with Passwords Lecture 22 Passwords Password or passphrase: Low-entropy shared secret

Crypto with Passwords Lecture 22 Passwords Password or passphrase: Low-entropy shared secret Typical goal: client authenticating to server, without being tied to a device holding a cryptographic key. On authentication, a session key should be

344 views • 11 slides
Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client and a server? What is Linux? Linux generally refers to a group of Unix-like free and open-source operating system distributions that use the Linux

562 views • 53 slides
The Long and Short of Passwords Rich Shay November 5, 2009 1 / 34 The Long and Short of

The Long and Short of Passwords Rich Shay November 5, 2009 1 / 34 The Long and Short of

The Long and Short of Passwords The Long and Short of Passwords Rich Shay November 5, 2009 1 / 34 The Long and Short of Passwords Motivation for Studying Passwords Outline Motivation for Studying Passwords 1 2 Overview of Password Failure

373 views • 36 slides
Authentication of People what you know (passwords) what you have (keys) what you are

Authentication of People what you know (passwords) what you have (keys) what you are

people 1 Authentication of People what you know (passwords) what you have (keys) what you are (biometric devices) where you are (physical) October 26, 2000 people 2 Passwords initial password distribution (students)

559 views • 13 slides
Authentication of People what you know (passwords) what you have (keys) what you are

Authentication of People what you know (passwords) what you have (keys) what you are

people 1 Authentication of People what you know (passwords) what you have (keys) what you are (biometric devices) where you are (physical) Slide 1 Passwords initial password distribution (students) limit password guessing

305 views • 7 slides
11. Persistence The use of files, streams and serialization for storing object model data

11. Persistence The use of files, streams and serialization for storing object model data

11. Persistence The use of files, streams and serialization for storing object model data Storing Application Data Without some way of storing data off-line computers would be virtually unusable imagine a Word Processor which forced you

288 views • 16 slides
CS371m - Mobile Computing Persistence Storing Data Multiple options for storing data

CS371m - Mobile Computing Persistence Storing Data Multiple options for storing data

CS371m - Mobile Computing Persistence Storing Data Multiple options for storing data associated with apps Shared Preferences Internal Storage device memory External Storage SQLite Database Network Connection 2 Saving

1.23k views • 55 slides
GCM-SIV: Full Nonce Mis isuse-Resistant Authenticated Encry ryption at t Under One Cycle per

GCM-SIV: Full Nonce Mis isuse-Resistant Authenticated Encry ryption at t Under One Cycle per

` GCM-SIV: Full Nonce Mis isuse-Resistant Authenticated Encry ryption at t Under One Cycle per Byt yte Shay Gueron Yehuda Lindell Bar-Ilan University Haifa Univ. and Intel Appeared at ACM CCS 2015 ` How to Encry rypt wit ith a Blo

684 views • 30 slides
NFCGate Steffen Klee, Alexandros Roussos, Max Maass, Matthias Hollick Opening the Door for NFC

NFCGate Steffen Klee, Alexandros Roussos, Max Maass, Matthias Hollick Opening the Door for NFC

NFCGate Steffen Klee, Alexandros Roussos, Max Maass, Matthias Hollick Opening the Door for NFC Security Research with a Smartphone-Based Toolkit NFCGate | Klee, Roussos et al. | Secure Mobile Networking Lab Near-Field Communication (NFC) While

480 views • 25 slides
CAR E T E AMWORK QU A LITY RE S PECT HONES T Y EEAST Profile Covering 7,500 square miles

CAR E T E AMWORK QU A LITY RE S PECT HONES T Y EEAST Profile Covering 7,500 square miles

CAR E T E AMWORK QU A LITY RE S PECT HONES T Y EEAST Profile Covering 7,500 square miles Serving 5.8 million people With 4,000 staff and 1,500 volunteers Managed 1.1 million 999 calls last year Completed 500,000 non-

153 views • 11 slides
Hardware Acceleration of Cryptography Patrick Schaumont Professor Bradley Department of ECE

Hardware Acceleration of Cryptography Patrick Schaumont Professor Bradley Department of ECE

Hardware Acceleration of Cryptography Patrick Schaumont Professor Bradley Department of ECE Virginia Tech Patrick Schaumont (VT) Outline 1. Fundamentals of Parallelism 2. Embedded Architecture of MSP430, MSP432 3. Hardware Acceleration

1.38k views • 100 slides
Toward Never-Ending Learning of Semantic Knowledge Justin Betteridge, Andrew Carlson, Estevam R.

Toward Never-Ending Learning of Semantic Knowledge Justin Betteridge, Andrew Carlson, Estevam R.

Toward Never-Ending Learning of Semantic Knowledge Justin Betteridge, Andrew Carlson, Estevam R. Hruschka Jr., Tom M. Mitchell (with help from Sue Ann Hong, Sophie Wang, Richard Wang) Carnegie Mellon University March 2009 Our Goal:

645 views • 23 slides
Block Cipher Operation CBC CFB OFB CSS441: Security and Cryptography CTR Feedback Sirindhorn

Block Cipher Operation CBC CFB OFB CSS441: Security and Cryptography CTR Feedback Sirindhorn

CSS441 Block Cipher Operation Modes ECB Block Cipher Operation CBC CFB OFB CSS441: Security and Cryptography CTR Feedback Sirindhorn International Institute of Technology XTS-AES Thammasat University Prepared by Steven Gordon on 20

871 views • 32 slides
Message Integrity CBC-MAC and NMAC Dan Boneh MACs and

Message Integrity CBC-MAC and NMAC Dan Boneh MACs and

Online Cryptography Course

158 views • 13 slides
Transaction Processing on Confidential Data using Cipherbase Arvind Arasu, Ken Eguro, Manas

Transaction Processing on Confidential Data using Cipherbase Arvind Arasu, Ken Eguro, Manas

Transaction Processing on Confidential Data using Cipherbase Arvind Arasu, Ken Eguro, Manas Joglekar* Raghav Kaushik, Donald Kossmann, Ravi Ramamurthy Microsoft Research Stanford University* Cloud Data Security Concerns Data in the cloud

658 views • 36 slides

More recommend