Tag: Security

Hashes Are Not *$&%@! Magic

September 27, 2012 » Geek

I’m going to get on a programming soapbox real quick and cover a topic that seems to confuse some people.

Hashes Are Not *$&%@! Magic

Some people seem to think that swapping out a secret with a hashed version of that secret makes it all safe and cozy, but that’s simply not true.

Yes, cryptographic hashes are a very important part of digital security, for a number of good reasons, but they have to be applied in a manner which takes the whole system into account.

The impetus for this work was a login integration I recently updated, because some other developer foolishly applied hashes.

Essentially, we were cross-posting a login form on one website to another. Nothing fancy. Ignore the lack of CSRF control.

<form method="POST" action="http://theotherguys.saas/login">
  <label for="user">Username</label>
  <input type="text" name="user" />
 
  <label for="password">Password</label>
  <input type="text" name="password" />
 
  <button type="submit">Log In</button>
</form>

The New Form

But the new form would need a change. Instead of sending the username and password, we would send the username, and an MD5 hash of the concatenation of username and password.

Now, I’m sure when this idea was implemented, it was sold as a way to authenticate the user, without exposing their password in plaintext (note that they don’t use SSL). Brilliant!

Yes, it does obscure the plaintext password, but it is not any more secure.

You see, they didn’t think about the system as a whole, they were just focused on obscuring the password.

All that happened here is a substitution of shared secrets.

Previously the server compared the username and password it has on file to what was sent in. Now it compares the username and the hashed password to what it has on file. Do you see what we did? We’ve simply swapped the secret of the plaintext password for the secret of the hashed password. I can still intercept your form submission over the wire and steal your credentials.

I don’t have to prove I know the password, I have to prove I know the secret.

Zero gain, and you’ve added complexity.

MD5, lol

As a bonus, they picked MD5, probably because it’s been implemented many times, there is a JavaScript version readily available, and it tends to be one of the first hashes people learn about, due to it’s age.

But MD5 is weak. And we have the salt, if you can call it that, in the username. An old 2Ghz P4 can try about 20 Million hashes a second, and throwing a modern GPU at it you can test several billion hashes a second. If we want the plaintext password, we can get it unless it is reasonably large (7+ characters) and fairly complex (at least one non-alphanumeric character).

(╯°□°)╯︵ ┻━┻

For an extra thought, consider how they must be storing these passwords. Either there scheme has always been MD5(CONCAT(username,password)) or they are storing them in plaintext and are (hopefully) migrating to hashed.

Linux Encrypted Laptop

January 25, 2008 » Geek

This post will (try to) explain how to set up a working system of hard drive encryption on a Debian system, in this case sidux. I’m going to outline the specific course of action I took to set up my own laptop, but will try to provide generic enough instructions alongside that to help the reader adapt it for themselves. Please excuse the wild tense changing and poor overall writing style, I’m not that good at this stuff.

This post is not aimed at the novice Linux user. I’m not going to hold your hand, so be comfortable with the command line and competent enough to get your system back if you screw up along the way. Also, do not skip the backup step! Finally, this is (obviously) not a wholly original and independent work, I owe a great deal to the sources I’ve listed at the bottom. Enjoy!

The Context
I run Linux on my laptop and I want to encrypt the important parts of my hard drive because there is a lot of my personal life on there. Most specifically I’m interested in my passwords, many of which I store in firefox Iceweasel for convenience, and my financial data which is in the form of KMyMoney files and pdf receipts.

Here’s the layout of my disk, and yes I know I have outrageous sizes on some of these partitions, I just like to have breathing room. Please see [1] for a good guide to partitioning.

/dev/sda1ntfs/windows40.00 GB
/dev/sda2ext3/15.00 GB
/dev/sda3EXTENDED
    /dev/sda6swap509.81 MB
    /dev/sda7ext3/tmp1.00 GB
    /dev/sda8ext3/var5.00 GB
    /dev/sda9ext3/home39.51GB
    /dev/sda5fat32/winshare9.98 GB
/dev/sda4ext3/data121.88 GB

What we need to encrypt on there are: /home, /tmp, /data and /swap. I’ll be treating the /windows and the /winshare as dirty and never let anything important touch those partitions, I rarely boot into XP for anything but school work anyway.

The Tools
You’ll need a very few pieces of software, and possibly a piece of hardware. For the software side you just need “cryptsetup” and possibly a partitioning tool if you want to change your layout. You’ll also be needing some spare hard drive space to hold your existing data if you have any. I used an 80 GB external drive I had on hand.

Backup
I’m using an existing system as my base, so I have to copy off my /home and /data partitions. Once we are backed up, it’s important to write down somewhere the /dev names of the file system. I made a little table, like the one above, by using gparted.

Unmounting
Now I’m going to go down to run level 3. This is just to minimize noise on the system. We need to unmount /home, /data and /tmp. When unmounting file systems, you might get something like the following error:

root@asuka:/home/jmhobbs# umount /tmp
umount: /tmp: device is busy
umount: /tmp: device is busy
root@asuka:/home/jmhobbs#

This just tells us there is an open file descriptor on /tmp, we can see who has it with:

root@asuka:/home/jmhobbs# lsof | grep /tmp
COMMAND    PID    USER   FD   TYPE     DEVICE SIZE   NODE NAME
atievents 3037    root    4r   DIR      254,2 4096  29249 /tmp/.X11-unix
kdeinit   5418 jmhobbs    8u  unix 0xf31fc000       11568 /tmp/ksocket-jmhobbs/kdeinit-
gconfd-2  6127 jmhobbs   11wW  REG      254,2  625 102371 /tmp/gconfd-jmhobbs/lock/0t1201112611ut204480u1000p6127r1358695165k3219666472 (deleted)
konqueror 6627 jmhobbs   12u   REG      254,2 1270  58498 /tmp/kde-jmhobbs/konqueror-crash-y2tzca.log
root@asuka:/home/jmhobbs#

Now in the above example it is obvious that I did not go down to run level 3, X11 and kde are still running. So just weed out the open files and then unmount them when there are none left.

Encrypting
This is where that /dev table you made earlier (you did make it right?) comes in handy. Be sure that you are backed up, because this is the point of no return. Setting up an encrypted partition is dead simple. As root you’ll want to run:

cryptsetup --verbose --verify-passphrase luksFormat /dev/sda9

Where /dev/sda9 is your /home partition. I encourage you to go read the man pages for cryptsetup [2]. I just went with the values on a post I found [3].

Now we need to open and format that, so we use cryptsetup to open it:

cryptsetup luksOpen /dev/sda9 chome

This is going to create a mapper device called “chome” in /dev/mapper/chome. You don’t need to call it chome, I just do it to keep track of whats what.

Now to format it we need to do:

mkfs.ext3 -j -m 1 -O dir_index,filetype,sparse_super /dev/mapper/chome

The file system really doesn’t matter, you can use ext2, reiserfs, whatever your heart desires. Once you’ve done that, you’ll want to close it again.

cryptsetup luksClose chome

We need to repeat that process for /data, but since it’s essentially the same procedure I’m not going to run through it here.

The /tmp partition is a different story. You’ve got an existing file system on there that we need to blow away. The first way that came into my head was to use dd to copy zeros over it, like so:

dd if=/dev/zero of=/dev/sda7

That’ll probably take a while and not report in. You can force it to give you a status by stopping it, sending it a USR1 signal then restarting it. Not really a big deal though, I just waited it out.

It also might be wise to increase the block size on that, and you might not have to do the whole thing either. Again, refer to the man pages [4] if it concerns you.

Set Up crypttab And fstab
We now need to update our fstab and the crypt equivalent, crypttab. This is going to vary for everyone, but there are a few key things to note. Let’s look at crypttab first. Here’s mine, and I’ll walk you through it.

# <target name> <source device>         <key file>      <options>
chome   /dev/sda9                       none luks
cdata    /dev/                               none luks
cswap   /dev/sda6       /dev/random     swap
ctmp    /dev/sda7       /dev/random     tmp

So the major things here are the target, which is what the device will be called in /dev/mapper. I picked the easy to associate: chome,cdata, cswap, and ctmp. Next is the source device, which are the partitions we messed with earlier. The key file is set to /dev/random on cswap and ctmp because those are going to be one time file systems, and the key should just be random garbage.

Finally we get to options. chome and cdata have “none” in there. This is just saying “prompt us for the password”. You could put the password in there and it would happily take care of it for you, but that seems like a stupid thing to do to me. The “luks” just tells it to use the luks extensions. cswap and ctmp both use special options. The swap and tmp options basically say “reformat this then encrypt it”. They are reformatted on boot to linux-swap and ext2 file systems, respectively. For more information check out the, you guessed it, man page [5].

Now that we’ve got the crypttab set up we need to modify out fstab. Again, I’ll show you the relevant parts of mine, and walk you through. It’s pretty simple though.

# /etc/fstab - static information about the filesystems - fstab(5)
# <filesystem>  <mountpoint>    <type>          <options>       <dump>  <pass>
 
# automatically added, WDC_WD2500BEVS-0-WD-WXC607403544-part2, /dev/sda2
UUID=60a14eae-a8c7-4ecb-a222-79a0e97fd73e       /       ext3    defaults,noatime,errors=remount-ro      0       1
 
# automatically added, WDC_WD2500BEVS-0-WD-WXC607403544-part7, /dev/sda7
#UUID=0da43c8e-2a64-4f45-b967-91504b4aa167      /tmp    ext3    defaults,noatime        0       2
/dev/mapper/ctmp                                /tmp    ext2    defaults,noatime        0       0
 
# automatically added, WDC_WD2500BEVS-0-WD-WXC607403544-part9, /dev/sda9
#UUID=3ee7225e-f04a-4d96-b28d-e867ed38a73c      /home   ext3    defaults,noatime        0       2
/dev/mapper/chome                               /home   ext3    defaults,noatime        0       2
 
# automatically added, WDC_WD2500BEVS-0-WD-WXC607403544-part4, /dev/sda4, LABEL=\x2fdata
#UUID=e3e9105b-1820-4edc-a660-7d569bc61900       /data   ext3    auto,users,exec,noatime 0       2
/dev/mapper/cdata                               /data   ext3    defaults,noatime        0       2
 
# automatically added, WDC_WD2500BEVS-0-WD-WXC607403544-part6, /dev/sda6
#UUID=21ac314b-704b-4675-bf5e-769745b46f7a      none    swap    sw      0       0
/dev/mapper/cswap                               none    swap    sw      0       0

Okay, so, the basic idea is that we find the old /tmp, /home, /data and swap entries, and replace them with the mapped ones. One important item here is that you’ll want to set that last digit to a 0 on /tmp. This is what says “Hey, fsck me!” at boot time, and we don’t want to bother with a checking a brand new file system, right?

cryptdisks And cryptdisks-early
These two are the init scripts for starting up your disks. They should be in /etc/init.d, which on my system just lead to /lib/cryptsetup/cryptdisks.functions. I tried using bum to add them, but I wasn’t getting them to run before the mounting took place. I poked around on the sidux forums and found a post [6] (in German) that had another way of adding them. I don’t know if this is a Debian issue or not, but the following worked for me, as root.

update-rc.d -f cryptdisks-early remove
update-rc.d -f cryptdisks remove
update-rc.d cryptdisks-early start 26 S . start 59 0 6 .
update-rc.d cryptdisks start 28 S . start 48 0 6 .

Reboot
Now you should be able to just reboot and be good to go. I’m not 100% on this guide as I made it after the fact, so I may have spaced off some small things. If I did, they should be very, very minor and shouldn’t cause any problems. Please do leave comments if you have an issue, I’d like to correct any errors I may have made. There are some additional sources below, please read up if you have the time. Good luck!


Sources

  1. Linux Tips – Disk Partitioning
  2. cryptsetup(8)
  3. HowTo: Setup and Benchmark Encrypted Partitions in Ubuntu
  4. dd(1)
  5. crypttab(5)
  6. Startskript “cryptdisks-early” wird zu spät ausgef
  7. Protect Your Stuff With Encrypted Linux Partitions(And Part 2)

BlowPass Has Taken Over

December 7, 2006 » Geek

So I thought that I had moved past BlowPass. I guess I was wrong. I’ve been spending every spare moment working on it. I found what I feel is a better Blowfish library at www.farfarfar.com. I still can’t implement any of the vector tests because they’re all in hex and translate into nasty characters. This means I have no actual idea if the crypt is working. I also quickly stopped trying to write my own Twofish implementation. I could handle it in C I think, but not JavaScript, I don’t know enough of it and it’s little oddities.

Regardless of all that, I’ve got my prototype AJAX down pat now (okay, AHAH) and I’m working up my own open source version of passlet.com. Here’s a nice list of features/todo’s.

  • Uses a non-proprietary algorithm (Blowfish)
  • Has AJAX-y-ness
  • Uses PHP
  • Uses a database abstraction library TODO
  • Slick animations (mootools?) TODO

You can check out the current version at http://static.velvetcache.org/projects/blowpass/demo/ to play around.

Passlet.com

December 4, 2006 » Geek

I saw on my Ajaxian feed today a neat service called Passlet. Essentially it is a password keeper, like KisKis or the one built into Firefox. The novelty here is that it uses JavaScript to handle all the encrypting and decrypting on the client side. That means no transmission of clear text information, not even over SSL.

I happily admit I’d been thinking about this concept for at least 4 months. See, I liked KisKis a lot. It was Java, used good, solid encryption and had a nice interface. Problem was, it’s hard to keep my thumb drive version synced to my box versions, and I rarely remembered to anyway. So I thought, why not make a web based password keeper that used JavaScript to keep it secure?

The result was BlowPass which uses a JavaScript implementation of the Blowfish cipher. I was working on the Ajax stuff when I got frustrated with mootools and left it alone. It has several key weaknesses, and I suppose I could learn from Passlet, but, I may as well just use it instead of finishing BlowPass. If you want the source to BlowPass leave me a note. Thats my GPL disclaimer since the Blowfish implementation was GPL’d.

Update (01/11/07)
BlowPass is semi-active now, you can get more information and try it out at http://static.velvetcache.org/projects/blowpass. It’s still a rather raw version though. If you aren’t concerned about the “open-source” aspect (e.g. don’t want to host it and mod it yourself) I’d go use passlet or passpack.

WLAN Router Monitor BASH Script

November 16, 2006 » Geek

I was reading some material on WEP and WPA cracking, and decided to write a monitor for our router. I was curious if anyone other than us hooked up. I’ve turned off the MAC filtering on it and got my BASH script working.

I’m kinda proud of it actually. I wrote it from scratch, just hit up the man pages on my system for hints. I wanted to use lynx -dump on the “Attached Devices” page, but I couldn’t get lynx to authenticate from the command line. I decided to use wget instead, since it worked just fine. I also knew I had html2txt installed from something else, so that was good too.

Here’s the script, password removed of course. The slickness is all in that last line, pardon my WP plug-in’s poor highlighting.

1
2
3
4
#!/bin/bash
date >> $HOME/System/routerLog
echo >> $HOME/System/routerLog
wget -O - http://admin:PASSWORD@192.168.1.1/DEV_device.htm | html2text >> $HOME/System/routerLog

The one tough feature to find was getting wget to print to the stdout instead of to a file. Thats what the -O - does.

It works nice, but it has a lot of extra spacing in it. I tried to do a sed line to filter out multiple newlines, but I’ve never actually used sed, and I couldn’t get it working. Maybe it’s my regex: s/\n{2,}//g. Dunno, not a biggie. I hooked up a cron job for every 15 minutes, we’ll see what I catch (and how bloated that log file will get)

P.S. The router is a NetGear WGR614 v5

P.P.S. I got to thinking about that comment about MAC filtering. With a big network you could camp out with Kismet, grab some attached devices MAC, wait until it disconnects and change your MAC to it’s. While you wait you can crack the WEP too. MAC filtering really isn’t as good as I thought. Same with fakeap. If only one ap has attached devices…uh, that’d be the real one…