2016 BSidesLV - Paswords16 - Day One
Show transcript [en]
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e e
I will hand the microphone so we don't have to repeat that
so did everyone get lunch no provided we have password
I can I can tell you before I do the official introduction of unold here uh when when when he submitted his his proposal I saw it immediately and all is the inventor of diceware saw the headline for securely storing and utilizing password validation data I also read the abstract which you can see in the program as well I don't know if you read it and honestly on Old it doesn't say too much um and uh I was very curious about this uh so I'm I'm no pressure I'm really looking forward to this one and I think quite a few other people are as well so we are time recording is uh ready I need to tell a few more jokes
before we start start um well I came in here I live in Bergen on the west coast of Norway so English is not my uh Mone uh but when I was flying over here uh pretty long three long flights I was actually asked by a person you know he asked me know so why are you going to Las Vegas oh it's a Well business trip I said oh what are you doing um well I'm co-organizing a conference okay what about urity okay what kind of security well my specialty is passwords and PIN codes and how people make them and remember them and forget about them and how they get access to their accounts again anything
you can relate to passwords and he immediately goes well I always use the names of different parts of rioo with two or three digits at the end as my password do you think that's a good idea I look at name like no not really not anymore at least and the fascinating thing is if you have never tried this and you know you should uh and it's also a really you know brilliant way to crash any part really uh ask tell people that you are passw expert or pretend to be a password expert it's amazing how many people that they just need to confess their own password and they also want to confess about how all the crappy passwords you
can find with their employ like you know it's insane you know the the root password in the entire loation is the name of the company and our company is this that I can give a call so you should try that if you haven't done so already tell people on passur see what happens Pro perfect way of getting uh becoming single again as well password inspector password inspector oh sounds nice well time's up and I will leave the stage to somebody uh is going to talk about something we're looking forward to so please welcome Arnold the author of the talk about Russ thank you all for coming out and not taking a nap after lunch um you know as as I've
been mentioned I've done been doing various things over the course of the last couple of decades to try and improve uh password usage I started off of a I actually posted something to side. Crypt asking people to send me their pgp passwords on a postcard on the theory that you know don't put any identification any identifying information on the postcard and quite a few people did and I put out a little survey and sure enough most people were making really weak passwords uh th SAR hex is a uh I think one of the earliest probably the earliest um memory intensive hash and uh um diceware um doing very well people have on their own translated into a
number of languages the the instructions and there are currently uh diceware wordless in 17 different languages how many people here are familiar with diceware have seen it or how many use it right that's for for the course okay um another little thing I did was this is a a dice where uh for taking a random set of 10 C 10 uh letters and producing a sentence there's a lot of password advice to take a sentence and make a use the initial letters as the password the problem is people are not very good at coming up with random sentences and the the distribution of letters at the beginning of words is not that random uh this guarantees it's all uniformly
distributed and any any 10 characters you want you can get a sentence out of it to to help you remember the past word um it's not my day job um I've done many other different things um I've also among which is I've written the security chapters of a number of different dummies books including email for dummies um it turns out when when Hillary had her 50th birthday she she got a copy of email for dummies from her staff I'm not making this up it was reported at the time and time in Newsweek um so that she could send email to to her daughter who was going off to college and so anyway it's all my
fault okay so today's problem I keep looking I have this thing right in front of me I don't have to keep looking at this the screen today's problem is protecting passwords in the Enterprise um what I'm talking about today rockol T is intended to talk Target Enterprise scale systems big systems many users server Farms e-commerce you know serious serious value at stake I'm not there's a whole other class of passwords that are used to generate more or less directly cryptographic Keys uh the pgp and gpg use it um dis encryption systems use it Wi-Fi um and password managers and Bitcoin wallets uh in those cases you know I I still say uh you know pick
systems that use good key stretching uh use diceware and contrary to a lot of advice write your password down because that way you'll have you'll pick a password strong enough to remember it and and no don't put it on a Post-It note next to your screen okay so back to the Enterprises which is the topic here um Enterprises have a problem they have to store for every one of their users some information uh that can be used to validate a password when it's entered to the computer and uh although many people keep talking about the death of passwords they not going any way going away any time soon um the Enterprise can do things like throttling how many
online login attempts happen per unit time but uh there's this whole problem of offline attacks um the difficulty is that databases that are in use are very hard to protect uh the databases are frequently stolen and uh just encrypting people say well just encrypt the passwords I think as most of you know it's not that simple um there have been many database breaches here's a few that I there's a list of them on Wikipedia um you know companies that should know better including RSA have been hacked um it's very hard for middle-sized companies or any kind of Enterprise that doesn't specialize in the topic uh to do an adequate job um this I went to a my local
business school had a uh conference on computer security and this is one of the slides that was up there a couple of quotes um the favorite being uh there are only two types of companies left in the United States those that have been hacked and those that don't know they've been hacked um the the other line at the bottom there the best way to protect data is to get rid of all humans Plan B is to train them you know Plan B isn't working either and you know I think we need to go to plan C and plan C is can we find a better way to protect passwords that are being stored okay the existing methods are
inadequate uh the obviously the the worst case is just to store the raw password there are still some people doing that unfortunately we find out simple hashing there are problems with that because you can build rainbow tables and whatnot salted hashing computational intensive hashing all all these things are increasing vulnerable because um um as you'll see at the next Slide the computing power available to the attackers is just getting larger and larger so um people have come up with the idea of memory intensive hashes uh that has that pushes the the U the threshold a little higher for the attackers um but it's still expensive for large users of multi user systems they can't tie up um uh a
server for several seconds for every uh person who's trying to log in or at least they could they could but it's it's expensive um and we still have the problem that the weakest password can compromise the system so that if you're uh once once you're in then you have the whole um panoply of escalation attacks available to you so um uh you know and all these things they help but they don't really solve the problem key hashes was mentioned earlier today in the this presentation um it's a good solution and in some sense you'll see rock salt has a lot in common with that but it's still a single point of failure you know we don't know what uh how
exactly we store these the key for the hash it's it's a very small value we don't even know if it's been stolen or not stolen okay so there's an arms race going on here between the Protectors of of of password validation uh data and the crackers and the crackers are winning and there are a bunch of reasons for that one of which of course is our favorite Moors law that's another thing I guess Moors law and and passwords have a lot in common their death is always being predicted um but they never seem to quite die uh but another big driver that is gaming computer gaming is a major driver of the industry and has
focused a lot of uh development work on building very high performance Graphics processors and the modern Graphics processors it turns out are just more than adequate for uh calculating um the standard hash functions which means that they are very good at uh um attacking large numbers of uh doing large numbers of password guesses at the same time so even though the the hash is salted the the the the uh uh gpus can handle that um memory intensive hashes help but again gpus are getting bigger uh just a matter of time before they get big enough and then finally um you've got the whole issue of botn Nets which means that criminal elements have access to
hundreds of thousands of computers that they can put to work on attacking pass password hashes if they get hold of them and the cracking problem is of course massively paralleled you can't think of a better solution for a better problem uh to attack with parallel Computing so this is the problem I'm trying to solve okay and then you know the question is are really at this point um there was a couple earlier presentations on uh the keynote speaker from uh from uh FTC and and uh another presentation ear earlier in this room from n talking about increasing uh how to how to train people how to get people to be more um diligent in picking good password what is a good
password you know there's a whole lot of of uh um churning about this um there's a recent story that um Mark Zuckerberg of of of Facebook Fame his Twitter password turned out was was hacked and it turned out the password was ba ba ba you know and if somebody at that level who's a very bright guy you know can be that sloppy and password picking you know maybe you know we're uh trying to climb a hill that's a little bit too steep um you also have the problem that passwords people reuse passwords so damage from one attack can can weaken other systems and you know at some point the the industry the problem is industry
is trying to store this data it really shouldn't be uh the responsible of users to fix this problem at some point you know there there has to be some way to solve this that is not dependent on users being ever more diligent and memorizing ever more longer passwords and even using diceware okay and Enterprise databases present an extra set of security challenges because they're in heavy use and that means there are multiple applications from multiple computers some of them accessing remotely um you can encrypting databases I mean there's there's this whole um technology being developed called homographic encryption uh yeah right I got that right anyway um where where you you can actually manipulate the data while it's still encrypted but
that's very uh Cutting Edge research and it's not clear will ever be really practical enough for day-to-day use but in general the problem with uh encrypting a database is that you know the encryption key has to be in the computer to access the database and at some point this this becomes sort of meaningless also um password databases have to be backed up they have to be synchronized all this adds more attx surface and more more potential vulnerability and the volume of password information is fairly small I did a quick back of envelope calculation for 200 million username 200 million users the name the username plus hash Plus Salt less than 10 gigabytes and these days you know 10 gigabytes you know
isn't really is too inadequate for my watch you know I mean it fits in your pocket and if you take the thing apart you can probably you know swallow it and it's just a very small amount of data physically um and then finally the attacker doesn't need the entire file attacker gets a you know can get a few hundred kilobytes of the of the password or even few K of the password you know they have something to attack okay there are a bunch of Alternatives two factor and biometric they're cumbersome adoption has been slow U the typical user has lots of accounts so that right now you know you can get a dongle for your bank or a
dongle for your for your your company thing but how many dongles you going to carry around and as far as I know there are no good standards yet for interoperable dongles and that will prevent that will no doubt present another whole level of attack um there was an earlier report and I guess it was discussed also this morning's uh discussion uh nist is I love having normally I try to avoid having too many U acronyms but it's fun to put a bunch of in one one one uh bullet point but n is depreciating using uh SMS text messages for outof band two Factor authentication because as they as it was pointed out this morning it's too
there are too many people like every every Clerk and every uh um cell phone um kiosk has the ability to generate a an SMS card with a with a phony uh with a phony telephone number so that uh the the uh the uh validation message that came by through your phone could actually be diverted to somebody else's phone so there's so many insecurities that with that that that is which was actually one of the things that actually starting to work people are getting used to using your phones their phones as a authenticator it looks like that's that's like too dangerous and I'd also point out that one without secure password storage then two Factor if you know if you it's if
you have a leg that's on or or something that's standing on two legs and you cut down one leg you only have you only have one one leg without without uh Secure fastwood Storage two Factor becomes one factor okay so that brings us to what is rock salt and it's somewhat similar to salted hashing or key hashing but it uses something uh that is sort of my invention which I call very large key cryptography um and very large and I use very large cryp key cryp photography to transform the salt and in doing so I Mak something that's hard to steal and makes physical security feasible so let's talk about what this VK concept means and the
idea here is to have a key that is actually much larger than the expected volume of data that's going to be encrypted now at at first that seems like crazy right I mean if you I have this little equation that Cipher keys are much smaller than onetime pads which in turn are much smaller than very large Keys you know it seems paradoxal One Time Pad is enough once you have enough uh key bites to encrypt every single character separately what's the point of going beyond that and the answer is there are there are in fact some advantages to it um one of which is you can get provable security and I can get that I think is going to be beyond the
point of beyond the scope of this talk but it's pretty easy to see why but the most important thing for this talk is that it's a you get a macroscopic OPC key a macroscopic secret a secret that is actually physically big okay and that means it can be physically defended and short leaks of that key if if if you use it properly are inconsequential okay um the very large key it would be random or possibly pseudo random that's a whole other discussion um it can be many terabytes multiple solid state dis modules um and compare this of ordinary Keys which can literally fit on t-shirts um and and have in the past that's the that's a complete program for decrypting
DVDs um and and of course the whole side Channel problem where where you're talking about a few hundred a few dozen bytes it's very easy to um not easy but it's it's very feasible to monitor power us your monitor uh radio frequency aminations there a whole bunch of different ways of getting key that are being used over and over and over again um the one example that I'm aware of for that's somewhat parallel to very large key cryptography is is deniable cryptographic file systems where you basically fill a dis with random stuff and then when you write uh um data into that disk you do it in an encrypted way and hopefully if the encryption system is indistinguishable
from Pure random data nobody looking at the dis and tell what's what's data and what's what's nonsense so that and and the point there being that you can then reveal part of what's there without revealing all of it but so far that's the only um precedent for what I'm talking about that I know about okay so let's go into a little bit more of the details and it's not complicated at all really once you once you get past this point normal password verification using salt uh you you look up the salt and the look up the the using the username as a key you you look up their stored hash and salt in a database you hash the password that was
submitted with that salt does that match the sto the store hash if yes you're in if not you're not in okay everybody's familiar with this I hope at this point okay rock salt is not that different again you look up the stored hash and Sal in the database and I let me just go back a second here um obviously there's another step here when you which which I I'm not illustrating here but it's it's straightforward which is when you first set up the account of course you take the password you hash it and you put with a you generate a random salt you hash the password with that random salt in and that's what gets
stored away in the in the in the database okay um for rock salt the main difference is you still look up the stored hash and salt you send the salt to the rock salt server the rock salt server uses the salt as a seed for a deterministic random number generator preferably cryptographically strong that picks out some number of bytes you know enough for uh say 64 bits or whatever whatever there's an engineering tradeoffs there but basically nothing much different from ordinary salt you assemble those bites return it to the um password server as the rock salt and the rock salt then the server uh does a hash of that trial password with the rock salt if it matches the
stored hash great you allow access if not you don't um um it's not that different um here's a here's a kind of a block diagram of how that works um users again they're they're accessing the computer pmm is the password password uh this my the password uh uh management module which is probably typically a dedicated server or servers in a in a Enterprise environment um that that in turn communicates to this black box that I have down the bottom the rock salt server um it can either be via the whatever the corporate network is or even better with a optional direct link um the password management module also talks to directly that little database symbol down there with the little file
folders that's just the ordinary corporate database I'm not doing anything different to protect the corporate database obviously you want to protect it if you can but as I pointed out earlier that's hard to protect the only thing that's being protected here is this very large key that is literally stored in a safe and on the left there you can see my little sketches of how that would work um the the solid state um memories would be put into little modules that might actually be keyed to make it hard to uh some interlocks would make make it hard to not impossible just hard slow down anybody who got physical access from trying to copy what's in
that and then the whole thing being locked in a uh in a safe and again once you have something that is physically large enough to protect there's a huge amount of Technology out there that's well established um you you you can obviously use a faraday cage to minimize any stray radiation you can attach alarm system to this one of the things about this is that the U rockol secret is static so that means it doesn't require any periodic maintenance the only reason to get in there is maybe an electronic failure that you have to replace one of the modules so you can lock things in a safe you can use I don't know if you're
famili everybody's familiar with it but the whole concept of two person Integrity where you have two different you know it goes back to the um you know nuclear weapons launches where you have to have two people turn turning a key to launch a missile and uh certain government seet actually require two people with a combination um that kind of Technology can be used to ensure that no one Insider can can uh get at things and again with video surveillance by making this thing big enough the time taking the time required to copy uh the key or or get meaningful amounts of data off the system is long enough that hopefully somebody would would physically interrupt the process um you
would presumably make more than one copy of this so so for an Enterprise you might have several of them operating at the same time and a few more of these modules um kept in a in a vault somewhere as backups um there there's tons of standards for uh both in terms of the electronic emissions from it and uh for the actual testing of safes um the H's laboratory has various standards the uh General Services Administration has their class five and class six standards there's all kinds of stuff out there that basically you know these kinds of really fancy safes cost a couple thousand dollars you know and if you think in terms of uh again an
Enterprise service situation spending a lot of money to build a a box like this that that is secure uh we're talking maybe you know if we're selling this you know tens 20s of thousands dollars it's it's typical of Internet appliances and it's small compared to the uh what What's at risk by having um password data uh stolen another thing that can be used to protect us you since we do obviously you have that some electronic communication with this uh very large key is to use a Data Guard My Data Guard basically is is a microprocessor or even a um an ASI or fpga that's just designed to pass only certain messages and at a rate limited
level because uh the amount of data traffic required for the day-to-day ongoing by minute password verification is much less than the data rate needed to exfiltrate uh sign enough of that very large key to cause damage uh um these data guards can be made they won't have they don't need an operating syst they can be very simple easily audited software there's a lot of I think you you can now actually get uh stuff that will take has sculpt code and and translate it into microprocessors you can so you can have stuff that can be be subject to proof system so that and you can actually have a series of different uh um guards along the way one of one
some of which just limit the data other of which um we'll talk about the second make certain um um statistical tests to see if the things come under other kinds of attack um the alternative the the major alternative that I'm aware of is is creating a separate database for password verification um somebody asked me a question on on the purist system I name is 1337 Mark uh is this are we talking about a secure Enclave for the for the passwords and uh the problem with that is it it complicates back of and synchronization of databases um large Enterprises may need to have more than one server and more than one um password database to uh allow you know
multi-continent um operation of their of their business um all that synchronization places more creates more places where where uh data can be stolen and again a small link can compromise can cause compromises okay so again the big advantage of this is what we know from from the users perspective is that you know we're back to passwords that are short enough that that really people are comfortable with them uh you still obviously have to limit or throttle fail login attempts so that uh a remote system doesn't sit there uh cracking away trying to log in over and over again but that's well established technology people do that and you know it it doesn't require any new um any
changes to existing practice the only thing you really have to avoid is obvious passwords something that you can get from the Facebook account or uh you know any any some some social engineering uh pet names and stuff like that even the old you know a remember the I don't know how many people remember the old AOL disc that used to be handed out but they'd come in a little card and there'd be like a little your password on it that was uh two words of a with a special character in between that would be more than adequate for this kind of thing even ba ba ba would be fine okay so potential attacks um obvious one
physical security violation again the use of alarm systems and monitoring systems uh again since this doesn't require anybody to access the system on on a normal basis one can be fairly strict and in terms of using um secure uh practices that are that are standard in Industry um one of the I think one of the major concerns would be malware that go simply sitting inside the corporate system and using the rockol server to periodically you know check passwords and and uh um you know accumulate them and exfiltrate those out um I think the the answer to that one Bas there's a bunch of different answers there one of which is to really have a secure link between
the password server and the rockol server keeping track of how many requests and so on maybe even add some Canary passwords that would not normally be accessed um the the uh um the basic um think to think about is that really if if the the software that's actually doing the password checking can be compromised the all the attacker has to do is get the passwords that as they're entered so you have to assume that for for any kind of system that we have at least some Integrity in the actual password uh verification software itself again easy to guess passwords um I had put down using dictionaries to prevent um to prevent users from selecting passwords
that are too obvious uh actually there was an interesting comment made earlier that that actually may be counterproductive because when um when when I when somebody types in Rumple skill Rumple still skin as their password and it gets rejected they'll just type A Rumple still Rumple still skin one and that actually creates a set of passwords that are uh you know um good ones to start trying but again um um there there may be some training required here or actually it maybe may be desirable not to look at a dictionary necessarily but look at uh things that you already know about the user so that for example they don't use their username or the company's name or their
personal name as as the as their password but this is again is a much easier um a much easier challenge in terms of training people to just get them to not use things that are really closely that some somebody could easily guess about them and of course any password system is vulnerable to that kind of attack so summing up the advantages of rock salt it's Dependable it's engineered it can be proven from its security can be proven from first principles uh it eliminates the arms race because attackers don't get the opportunity to get to do offline password guessing even if they get hold of the database um it's even Quantum Computing resistant less burden on users
um the changes to existing password management practice are very small you one has to set up this communication link um and probably have some some field in the database that that tells you rock salt is enabled but that's about it um and and again the password data itself the verification data is just becomes part of the ordinary corporate database it can be backed up it can be handled no differently from any other user account information the transition is easy uh I we've we thought about how to how to fall if people try this and they don't like it coming up with way to fall back to older systems if necessary I think there's a confidence in
confidence building step required here but the bottom line is a lot less risk and liability for the Enterprise and of course a lot less burden on users limitations um it's too cumbers I think for small or personal operations again using key derivation functions uh it's probably the best bet for that it's not a solution as I said earlier for passwords that are used to drive a cryptographic key you can't use password hashes as a credential to share of other organizations or other parts of the organization and that's not a good idea anyway business problems you know obviously this is a new idea getting people to try it will be interesting um there are a lot of questions there
but that's maybe for another discussion um finally I want to say that this is not necessarily the most elegant solution the idea of having building this you know terabytes and terabytes of information just to protect passwords seems clumsy but I believe it works and nothing else does and this if those of you who remember Raiders of the or lost Arc uh might remember this particular scene okay and any questions I don't think there are any questions so we can just Matt the starting this one okay so this sounds like it has a lot of uh similarities to Blind hashing by tap link which is they Co to turn security through obesity uh by essentially having a very large um hash
datab or or database that they would use in the hashing process it maybe I I haven't seen it I I should look at for it okay cool
thanks this is probably just my own brain fart because you definitely went into detail but why is it that um how is the RSS server able to verify all these passwords if the trusted module is stored separately and securely right all the all the RSS server does that that's a good question all let me see if I can get back to the little picture um all the RSS server does is effectively create a way of transforming the hash that was stored in the database to a different sorry the salt that was stored in the database transferring the salt that was stored in the database to a different salt and it does it in a way
that an outside attacker has no way of knowing what that salt value is so even though they get the salt that was in the database they can't use that to calc calate the hash that's stored in the database so is it a salt token H how's that differ from a salting token that represents the actual Sal I I mean I'm not sure it is I'm not sure the difference here the difference here only is that by using a very large key you can defend this process that's that's the novelty a key hash would do this right but a ke hash you have you have a 128bit or 256bit um key in that hash you have no maybe
you're using a Hardware security man module maybe somebody develops a new side Channel attack to that module there there you know it's it's a single point it's a very very fragile single point to failure the diff the the the the novelty here is using this very large key uh can you go back one frame or slide so uh is that accurate I think so maybe if I okay so there's a salt in the database then you take that salt give it to the rock salt server right it returns a salt for you it returns a different value yeah and then you hash that yeah so what's stopping someone from getting into the server grabbing all the salts requesting the
rock salt server for all of those right and and I I I I mentioned that earlier and that that is that let me see if we're I can get down that the main the main thing is a to use a Data Guard that limits the rate at which you do this and then also maybe has statistical tests that say h everybody's there seems to be a large number of you I believe you can get statistical patterns for what normal access is um and to distinguish between a systematic search but yes that and and then the other the other point is that um in this in this whole system I'm assuming assuming that the the server
that is actually doing the password you know when you when you attempt to log in a password field get sent to some server somewhere that server then then tells the rest of system yep that's okay or no it's not okay right um if that server can be compromised you don't have to do anything more fancy than save all the passwords get typed in so we have to assume that there's the ability to make that server um reliable TR that has to be trustworthy because if it isn't trustworthy like I say you just grab the passwords directly why bother if anything else so if you can make that if you can make that U reliable that
becomes the only thing that has the ability to talk to the rockol server it has a secure link so the rockol server is looking for looking for his sign messages from it whatever you know there's a variety of ways you can secure that link but the idea is to make that link sec sure so that it's not easy for somebody to infiltrate um software and and and do exactly what you're saying but that that of course is is the the the trick that has to be prevented so it sounds like your um your big win here is that you're protecting uh from the particular attack like offline attacks so somebody can't just get to the database and then do as
many offline attacks with as many like gpus as they possibly can right and and you still have a bunch of the same problems that existing systems do but you've really locked down the offline attacks but if you if you were here earlier I mean it's the offline track that's driving everybody crazy you know the the the the um I don't know if you heard the keyote but um the young woman who was speaking was talking about you know the fact that um um you know large numbers of people are are not with the uh requirements for people to change passwords they're using closely related passwords so once you get their password or one or two two examples of their
password you can figure out their whole PR practice and maybe try it out on other systems you know the whole thing becomes uh an arms race and the arms race is not in the favor of people try trying to defend so it it sounds like the difference here between what you're doing I mean there there obviously some mathematical differences uh between what you're doing and the and the idea of doing a keyed hmac on the hash uh but aside from that the it it sounds like the the fundamental difference here is that the secret that you're using is fundamentally larger than the secret that might necessarily be used in an in say an HSM uh for for doing an hmac is that is
that correct that's correct that's exactly that's exactly correct so basically your assertion here is that it's easier to protect a big key than it is to protect a smaller key yes and I guess I don't accept that that's necessarily the case I mean a lot of the things that you're talking about doing here in terms of protecting the rock salt server are things that you could do just as easily on an HSM to protect the hmac process right but how you know again how would you for example uh take take for example the question of side Channel attacks with an HSM um you could get uh if somebody came into the facility set up a monitoring thing which you know
the cleaning person or whatever um got the you know we're talking about 32 bytes of data here um you there's no way you you could have any confidence that that never happened um whereas with with this you have some it's an engineering thing you have some engineering ability to say uh you know I know what the amount of data is I know solid state drives actually can't be read out very quickly um you can actually make so you have a whole bunch of of again it's a defense and depth engineering solution that says I at least have the ability to get some conference I can review my um monitoring tapes I can do a whole bunch
of things to say that that data has not been stolen with some confidence whereas with an HSM maybe well I I we we'll just leave it and say that that I I think there are ways to protect against those side Channel attacks in HS M as well um the other the other part of this though is unless I missed it you didn't say anything about the size of the salt that that you were using here because in the in the other case we had a uh I think a perhaps a 32bit salt which is enough in order to essentially solve the D duplication problem here you're asking for an additional level of security from it that would require a much longer salt
I presume well I I I didn't talk about it and I I can um the short answer is there there are a couple things you want to do one of which is there there a couple engineering trade-offs you know it's assault at 64 bit or 128 bits is not a great expense in terms of databases and stuff like that um the and and then the rock sorry not even a question of databases in terms of transmitting data back and forth and I there's there's actually a a bunch of tradeoffs I I've considered here but um one of the reasons you want it a little bit bigger is there's always I mentioned that small amounts of data leaked from
the uh uh very large key don't do damage the reason they don't do damage is that probability would be you might get one or two or three bytes so you want to have the salt large enough so that one or two or three bytes um being compromised doesn't reduce its efficiency but it's not it's not a huge increase in size um and there's some actually other options here too one of which is um actually s a different mode which I talk about in my paper is uh sending the password to the rock salt server and having and and the and the hash letting and the salt and letting um the pass the uh rockol server
do all the calculation then just only send back a single bit which says yes or no so that that would even further reduce the amount of data that could leak out of the out of the server but the these These are engineering trade-offs but they're not they're not um in my opinion they're not that difficult or dramatic last one so you mentioned a uh deterministic random number generator on the previous slide is there any uh security concerns about that random number generator that would uh you would have to think about specifically with this problem where you have a very large key and you're trying to uh prevent exfiltration of even of a smaller key uh um the all the all the I
mean really any decent um deterministic Rand number generator will do the think about what's going on you're sending the sot which is becomes the key the seed for that terministic random number Jor that is going to pick out 32 or 64 bytes out of the this entire um 100 terabyte 10 terabyte whatever memory and then those those th those uh that that string of bites will be the rock salt so the secrecy is simply the fact that the attacker has no idea what's in that very large key and in fact uh you can then begin to do spasic statistics given the volume of users and and what is the probability of that of any one bite
being used even twice and you can make that relatively small so that in reality the vast majority of bytes that make up that key will never have been seen before so that that's really where the security comes from okay I think we'll stop there uh Arnold will be around afterwards as well outside in the hallway uh so now we'll do a short break until 3:00 and next speaker up is Jeff Goldberg from AEL Brits makers of one password see you back then thank you Victor from cyber jungle radio hi please
V
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e e
[Applause] thank you and um speaking of the talk at Cambridge in December I'm just assuming all of you have either watched that talk or read all the slides so I don't actually have to explain what this two secret key derivation is and I can just talk about how we communicate this to users right yeah sure okay so um uh uh two of the three JS are here um Jesse please stand up Jesse on Twitter yes um Julie is not here that's me at the end and we are being protected by Umbrella bear a bit of an inside joke um okay anyway um so two secret key derivation we've been struggling with names for this thing um but this is the
flavor of the week um and uh basically what we're doing is in deriving the keys that are used for both authenticating with the one password server now that we've actually started running a service um and the keys that are used to that are used to decrypt the key encryption key that's used for encrypting your private key from your personal key set that's way too many keys the so in deriving the keys that you actually need to unlock stuff um uh we take two user Secrets a master password and something that we've called an account key and I have no idea why we call it that um so a master password is something that's more or less created by the user
it's stored only in the user's head which makes it difficult to steal I mean tortures one way but um uh but it is you know it's created by it's a human created password they need to remember it um they need to type it so it is not so difficult to guess now the count key is created randomly by the client 128 bits um it is stored only on the user's device is um it is possible to steal because it's stored on the user on the user's device before they actually get their keys for encrypting their data um and it's pretty much impossible to guess now the reason for this is that we don't want to store
hashes that if stolen could be used in any kind of offline attack that is the goal of this thing what we store on the server we've as said until recently we never touched any user data whatsoever and we liked that and there were reasons for that um so we don't want to have anything worth stealing anything that we could work on cracking if we were compelled or just decided to turn evil no it's not going to happen um anyway so so by blending in this other high entropy user secret this account key then what we're storing server side is just basically uncrackable now it's not actually a hash it's an it's an SRP verifier but the principle still
applies okay um now uh I said in Cambridge I talked about the technology the key derivation all of that stuff my concern here is we are presenting a new kind of secret to users and we kind of hope that they behave in ways that um help their security instead of uh harm their own interests now so we've got this new kind of secret uh it's unfamiliar uh so the questions are how do we get users to treat it properly how can we help users not to lose it because if they lose I if they forget their master password or they lose their account key that's it there's no way to derive those keys that are used as key encryption
keys um so so now we've added a new way that people can get totally locked out of their data by losing their account key so um it's sort of the user it's the helping the user or what we attempt to do that is really the topic of this talk okay so um chain of the psycho do is really sweet and except for when she isn't catches frisbee balls we have no idea of who trained her to do this um but anyway um so she's going to be our team leader and so what you're going to see is a video that shows a first sign in and a first sign up for uh one password for
teams um and so we're just going to go through a lot of steps here um but I think that uh uh so we'll see her do lots of things and we okay so here's a video um sorry chain of the psycho dog um this is Morgan the other member of the family and yeah she's the samean one okay so uh although I got to talk about team she's going to create a family because the control panel and screens are a little simpler for those okay so uh go through a normal uh sign up she selects a family name and she has to give her email address and I decided not to expose her real email address and
I was too lazy to set up a special account so there we go and so she will be given a URL based on that name and there we go she gets told that she'll get some email there's her email um real name and this by the way is me speeding up the video because I type really slowly but chaina types even slower okay first presentation of two Secrets uh protect your data um and now you are given your account key the first part of it is non-secret information but the bulk of it is secret um you know so there's actually account identifier at the beginning of it and she she um so it was selectable
you saw a copy operation she saved it someplace okay uh now oh wow this is going way too fast um uh okay um uh uh but as you saw there was actually a dice where like generator to offer people help in choosing Master passwords um she practices that oops she typed it in wrong because she thought it was cake instead of Cape as the last word there we go and now we are generating public private key Pairs and a bunch of other stuff um and her first task she's given is to save her emergency kit the emergency kit kit contains all the non-secret information her account key and a nice space to actually write in
your master password and a QR code that we'll get to later you're encouraged to write down your master password put this piece of paper in someplace safe okay let's just set up stuff for the account oh well they're dogs you know okay um okay so just so that we have some data to look at chaina enters creates some data um rabbits are fast than they look as much as I hate to say it we may need to cooperate instead of compete yay oops but she saved this to her personal Vault this is something that should be shared with every member of the family so uh one has these different vaults with different properties so she's now put that into the shared
Vault okay so that was a lot that we've seen there um because the this first run through and then also uh uh adding data um uh is a is a bit much but uh this means that at the moment the only place she has her account key is in that emergency kit that we hope that she saved and in the local storage of the browser that she used for doing this um and remember the account key is absolutely necessary for deriving these keys so what we would like her to do and for other reasons we'd prefer her to be using a native client instead of the web client because then we don't have to be
entirely depending on TLS for the overall security um uh so we would like to encourage her to uh to get this working in one password on um on different clients so what so the next video we're going to see how you set this up in one password uh for Mac so she's going to go to preferences she's going to select to add a new team she's first going to do it the hard way she's going to give up on doing it the hard way she's going to do it the easy way and then we'll see that she uh has the vaults from her team so so she's joining a team using one password for Mac
uh she can enter it manually which means all of the which means the uh account key the email address the UR URL and the master password that's not anything that any human or canine should ever have to type so uh we've got this scanning a QR code here's a handy copy from her emergency kit and boom everything is there except the master password which she types in and now this instance of one password for Mac on this machine um has that team data and we see uh within one password her secure note about strategy so now this is stored again it's unencrypted but it's stored by uh theer the count key is now stored um by the client um okay we do
need to add more people to this more dogs to this family we're going to add Morgan and that is going to look like uh this so first uh chain is going to log in because we're switching back in fourth between chain and Morgan you get one of the dogs showing who's actually the one doing stuff now also chaina uses Chrome Morgan uses Safari so uh uh so chaina sends an
invite and she gets a list of family members including those pending invites and more gets email rabbit Hunters is using one password chain of the psycho dog wants you to join rabbit Hunters she clicked the link she's got she's now given this signup stuff introduced to to the two keys um I didn't see her select um uh that account key even though she pressed I've got it safe okay and she types in she creates a master password and I'll write the uh which was a wonderful master password of abc123 ABC oh look save your emergency kit remind me later okay now there's a little bit of back and forth uh because because Morgan's keys are
generated by Morgan's client when she first signs up for the public key to get to the team administrator um uh anyway chain has to go through this step for the user it's just or it's just confirming what it actually is doing is it is um encrypting the vault key for the shared key with Chain's public key anyway now chaina Morgan I'm sorry Morgan can enter in some very precious data that must never ever be
lost um and as you see she can actually get what's in the shared vault as well um because the key to that vault has been encrypted with her public key
and and there we go okay so uh now we were really really scared when we thought of this notion of account key we just thought it's way too easy for people to get them El uh locked out but we agile bits do not want to have the power or responsibility of doing actual recovery for people who have lost their account keys are forgotten their Master passwords we shouldn't have the power and we shouldn't have to be sitting there trying to decide whether some request is genuine from the real owner so uh what we've done in instead is we have given the family organizers or team owners that power so every time a vault is created um by any user within a team or
within a family the the keys to that particular Vault get encrypted with the public keys of the organizer but the or organizer may not actually have access to the actual encrypted data that's done through normal kind of Access Control sorts of stuff uh from our server so they don't have access to the data but they do have the keys for it so chain actually has the keys to Morgan's personal Vault but China does not have the authority to get the act the encrypted data that is Chain's um personal Vault okay um so uh here we go with recovery Morgan having trashed her Safari installation has lost her account key and thus lost her access to the
secret plans in an act of desperation she sends an outof band message to chaina Via Droid fortunately for Our Heroes the organizer of the team has access to all the Vault Keys blah blah blah blah blah okay so now so Chain's gotten this out of band message which obviously I'm not showing um she goes into the admin Council console and she sees Morgan
here and she clicks on a begin recovery button and that really just sets Morgan's account into a particular State and sends email to Morgan um about the road to recovery and effectively Morgan is creating a new account but it's with her old email address and identifying information she gets a new account key and look she saved it this time and uh she chooses a master password and so now a new public ke pair has been generated and created for her but she still can't get in until the team owner confirms her recovery or completes the recovery um and this is because it's the completing the recovery in which the new owner sends the appropriate Vault keys
or encrypts the appropriate Vault keys with Morgan's new public key and so now back in she gets some tips to not have to go through this again save your emergency kit write down your master password join things in new
clients you know now so one of these things with these emergency kits and these account Keys is it's actually the user's responsibility to get the account key from client to client um okay but I'm have to be done out of um it's not handled by us it's what the QR code is for so they can either manually type it in and so here you'll see her um setting it up in um uh uh within one password on an iPhone at a c account scan QR code and here uh when you're actually logged in on the web uh the um the get the apps link uh includes the QR code it really scans fast I did not speed that
one up um everything but the master password is filled in here she types in a brilliant master password and the servers unreachable because um uh all this demo construction was done on B5 local.com instead of actually our real server so it was just Local Host on that thing okay and now it's time for a nap um and now all right I tried to show the QR code scanning a little slower okay I'm not really an expert on iMovie in case you didn't notice okay um so the questions that we have um is uh will our users understand that the account key is a secret um you know they're not going to be reading everything on those pages um
will they understand that it is their secret so remember when you're given a license code for example when you're given a license code um that's actually a secret that matters to the software vendor it doesn't hurt you if that secret if a license code you're given by the vendor leaks um but this is a secret that they need to protect for their interests um and is there more that we can do to prevent the risk of catastrophic data loss now we haven't actually counted um but so far we're actually doing pretty well from what we get into custom customer support the people who are losing account keys are people who are just testing things out of the free
system who don't actually have who who don't who actually haven't put data into the system so the the overwhelming majority of I'm locked out help me and we have to say tough um have been harmless so far um we also find that almost all of them are from people who've only used the web client so we really are I mean there are other reasons as well but we're really trying to push people to use the native apps but we see this new kind of secret that we're asking people to deal with as quite possibly the most as at least one of the most difficult problems or challenges that we face as we've rolled out this
one password Service as opposed to just the local apps um and you know we like to think that we try to make it easier for people to behave securely um you know and so usable security is Central to what we do throughout but we Face tough questions with this so and um that's where I'm going to leave [Applause] it Jeff is an expert at asking questions at passord conon so uh now I'm hoping there are people in the audience who have questions for
Jeff Jeff uh here would it work if you have a company with 20 or 100,000 people and that many accounts would this work with them do you have any experience do you know how that would go 20 I mean it certainly works with 20 it works with hundreds are you interested in a customer new customer with 100,000 users that's the question um it's a pretty big license yeah yeah no no no we we yes yes it'll work just fine um they he's he's improving Jesse he really is improving not one of the sales people you know I mean the line of course is we're all in sales the line is it sales well wither policy Focus okay so um I don't know
what the largest um uh company we have is but um but thousands we know works and it should scale very nicely so it's built to do
that hey um I was going to ask have you had any uh feedback from users who are um surprised that they're under this hierarchy so you have a hierarchy of of a team owner and then these users who can effectively be be overridden by whoever's above yeah um we haven't actually so so we haven't actually had reports from users from sort of individual non team owners and managers saying wait I didn't know that my team owner had all this power but just because we haven't had that yet doesn't mean it isn't something that we're that we're worrying about it is I don't know if I got the negatives in there it's this is a question that
bothers us um so is it clear to Morgan that China has these Powers now cryptographically chaina the team owner has everything but we all Al have access control mechanisms um so that China is not actually seeing the data is not getting the data to decrypt from Morgan's Vault um obviously we'd prefer to have all of these assurances done completely cryptographically instead of having to rely on authentication and access control but but we do have that but in principle it would be possible for China to let's say get the cashed data off of Morgan's computer chain would have to be digging into because of course the keys that China has access to aren't actually exposed to her in the UI she'd have to
do some digging to get them her client has them uh that is a line of attack back um but there is some confusion uh one of the problems if I may go on a little bit more about this one of the problems we face is when somebody leaves a company is their personal Vault theirs or is it the company and each organization has a different View and so we are actually working on trying to um we we're working on trying to have a way so that if an organization says the stuff in the personal vault is the person's personal thing that that data can be transferred to a personal account for somebody who is leaving a team but
this is a work in progress but yes these are difficult issues our view was to try to leave it up to the organizations but we really can't we have to enable the organizations to do what makes sense for them yeah I have a question um I want to make sure I understand how you're generating the K are you actually using the the account key plus the master key in like a secret sharing scheme or something to get that or are you rather using the account key initially to authenticate and like pinning that somehow okay uh secret sharing would be really cool and that was the original goal uh but mostly it's just we we we
both are used in deriving it it's not actually secret sharing uh we it's an it's the details of the kdf are in the white paper um it's a little bit messy because we left a hole for where we wanted secret sharing to go in so after you do some key derivation stuff on both they actually get EXO and then some stuff after that um so so yes it really is two secret key derivation not one key for one thing and another key for the other okay um Whoever has the microphone should talk first is there a way to have more than one team owner or can everyone in a team be an owner yes um and this is something that
we encourage um is that um is specifically this um is if you have more than one team owner you've got got more than one person who's capable of doing recoveries if let's say a team owner gets you know hit by a boss or loses their account key or forgets their master password so it's actually for teams it's another one of these quests we try to say set up another owner organizer um in our original beta we actually had a more complicated set of roles uh so we had what was called The Recovery Group um but we just merged that with owner and organizer because it was confusing people um but underlyingly we actually have the ability to specify a
Recovery Group which is a group of individuals who are who who are the ones who are getting these Vault keys and have the power to to initiate recovery so there's more granularity under the hood than is actually exposed uh to the users so when you sign a new team member uh is that all done excuse me is that all done on the client computer of the team owner so um the invitation uh the invitation for a new team member is um is constructed by the CL cent of the team owner um the email uh the email notification goes through us um but the invit but the invitation URL is that is constructed by the client
um and I suspect I'm not actually answering your actual question so basically you said that you enry the key with the new team members public where do you do that you do that on your server do you do that on client of the owner oh sorry so once you confirm somebody who's joined in um right so once you've con so when an owner confirms somebody who's who joins in what they are doing on their client is um is encrypting let's say the shared vault key to the public key of the new member and follow up to that reason kind of into it is have you considered open sourcing at least that part of the code
to be audited to make sure that's repeat the question so okay so so then the followup is um is have we considered open- sourcing that code so that people can actually see that this really is happening client side considered it yes we haven't done it yet um uh I'm sure we've got all these normal end user license things that say oh reverse engineering is bad just you know reverse engineer it check it out okay so Jeff was Jeff of course is going to be around here and there's also Jesse if you anybody and well everybody should say hi to Jesse um that's my opinion so once again thank you Jeff and
uh now we're going to take a break again uh until 5 uh and at 5 we will have Kirk hay from Rapid 7 to come here to do a talk and to release a new tool for all of those of you who like to crack passwords and so I expect to see absolutely everyone back again at 5 o' enjoy
what
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e
e e
hey um so I was going to talk about my BFF today unfortunately my BFF wasn't able to be here uh if anybody wants to come up I'll talk about you for the next half hour how about that you know no no um no um my BFF is a tool I wrote and uh it's kind of sad but over the last six months or so I've probably spent more time with this tool than I have with my actual BFF U but I guess that's just uh the uh information security uh industry right um so like I likely uh announced I'm I'm Kirk I'm a husband I'm a father have two great kids at home a beautiful
wife at home I'm also a geek of course probably like everybody else in here uh I'm a security consultant for rapid 7 doing penetration testing um I've created a few different open source tools back hack might be one of the more uh popular if you will uh it's a Android uh application file system analysis tool for non-rooted devices so you can actually access the file system and and uh it's great for showing risk to customers but it's also great for giving your wife unlimited lives and Candy Crush um actually the reason I wrote it um she stopped playing pretty quickly after that she she said it got boring um uh I've been in it for about 13 years
the last four in penetration testing specifically I also blog on the community uh site for Rapid 7 so you can check that out if you want um so today we're going to talk about different authentication methods we'll start off there this is kind of the more basic stuff uh you'll see the kittens and uh at least one dog in there um I didn't want to offend either side I don't want to choose a side on the kitten versus puppy debate although I am a dog person more um we'll then we'll then go into uh techniques for attacking authentication specifically passwords uh that's why we're here we're going to talk about uh web application login forms uh my BFF is
a tool for attacking login against web applications currently um it will be expanded to other protocols as well um we'll talk about kind of tools that are out there for web application testing and and guessing uh their strengths and weaknesses and then I'll talk about my BFF we'll get into deep uh into that how that works the different modules uh what you can do to um add into it if you want I'll do a quick demo on its functionality and then we'll talk about mitigations for these kinds of attacks uh since you know the we really want to be able to protect against those um so different authentication techniques first one up biometric you know it's
something that you are you have fingerprints uh retinal scans voice recognition facial recognition uh Biometrics kind of about 10 years ago I was working for a company we wanted to implement Biometrics it was just technology wasn't as good then uh it was also very cost prohibitive but something changed in the last two years or so anybody know what that is it's kind of bringing Biometrics to mainstream that's right iPhone um Android phones if you have one within the last two years most likely as a fingerprint reader mine doesn't um it's old but um Biometrics is great uh makes it very easy to log in and we're seeing more than just logging into your phone with Biometrics now a lot of Bank apps
and stuff are starting to implement those Biometrics which is great this C is actually used in Biometrics to log into its computer right here um if you didn't know cats have a unique forehead print it's kind of like a zebra and they can authenticate that way that was totally made up just kidding around uh the other thing we have is a pin uh personal identification number it's usually four digits could be longer uh we use it to log in phones we use it to log in uh when you want to get money from the ATM you have to use your PIN uh don't do that here I wouldn't trust any ATMs not with all of you
people around um but PIN numbers are great log into your phone with it uh you could also use pins in second Factor if you think about it right your RSA tokens your Google Authenticator uh essentially that's a pin it's a unique ID that you have and and that's what I think pins are best for best uh used for is a second Factor not not a primary um if it's four numbers you only have about 10,000 uh possibilities and it's pretty easy to brute force and uh figure out and lastly we have usernames and passwords by far the most common you use it to log in everything computer your bank account uh different web applications uh different protocols we
use it everywhere and so usernames are easy to get right how do we get usernames anybody us we just asked the users we just asked the users we uh we could scrape LinkedIn for the data I find more and more on tests that uh companies are putting their entire directory structure all the uh employees on their websites um not sure why but they think it's not a a risk and that's fine if that's what their decision was but it makes my job very easy um and in the worst case scenario when it's hard to find we just use census data we run against some kind of timing attack against some kind of service and and
gain a bunch of usernames um passwords become a little harder um realistically people are pretty predictable with their passwords right so those are usually pretty easy to guess um but that's we have a couple different ways to figure out what those passwords are once we have usernames first is Brute Force like this kitten it used Brute Force to get through this wall just kept pounding in one spot until it got through uh brute force is as many passwords as we can throw at an account until we get in um simple password spraying uh here's the puppy um password spraying is kind of the inverse of brute forcing right we're instead of brute forcing a password
against the user we're brute forcing users against the password um I'm going to try thousands of usernames against one password and likely I'm going to get in and that's going to do um one major thing which is prevent account lockout um and to understand the account lockout we'll look at online versus offline online uh any service that's that's authenticating and checking with the database real time they usually have a account lockout policy and so we want to use password Sprint we don't want to lock out accounts that's going to cause deny service and we're not going to get in we want to get in right so uh if we're an online service such as a web
application um we're going to use password spraying on that whereas offline there's no risk of account lockout but we need something for offline guessing anybody know what that is hashes right so how do we get hashes there's numerous ways but once we get that hash uh we can use brute force whether it's dictionary attack or pure Brute Force trying every single combination possible and there's some tools that we have to try those things um like I said we're going to focus on web applications and so that's online so we'll focus on password spraying for the most part um web application login forms are very straightforward and simple they all are common they all have three common
components you have your username your password and a submit button it's essentially all there is um the username field the password field uh they can change names they can be completely whatever unique whatever they want um but this is essentially what uh a web app login form looks like uh this is one I created in probably 30 seconds so um the submit button is going to take whatever is the username a password as a payload and submit it to the the form to the page it's going to and that'll do a check on the database and return a valid or invalid uh response so we have different tools to to check on this first up is burp Suite
um I highly recommend burp Suite if you don't have it go get it um but it's very manual that's that's the only problem with burp Suite um I need to review the traffic I need to figure out what the username field is what the password field is and then once I run Intruder now I need to go back and look at what's an invalid versus a valid response um that's okay for one-offs but if you're doing that test after test after test on this different or the same web apps uh it it comes it's a little bit of a pain uh so there are scripts uh written different languages but these scripts are specific to uh one kind of application right uh
there may be a citric portal that you're trying to get into and you can run a script and it'll tell you if it's valid or invalid uh but if that Citrix portal uh changes which there's multiple different versions and every couple years Citrix seems to change all their code well now I need a new script and it could be a pain so so I created my BFF um what is my BFF it's a Brute Force framework um it's modular so we can just easily add new modules um for different web applications or even different protocols um it's intelligent what I mean by that is I don't want to have to pick out and choose what the username
field is what the password field is what the valid response is I don't want to have to put all that in um I just wanted to figure out what kind of application is pointing at a youl find out what what application is call the right module um and and just give me the information and it goes beyond just brute forcing and that's kind of the secret sauce on this um and and I'll get into that more in a little bit uh currently we have I have about five modules uh there's some of them up there so for each module first we're going to fingerprint we're going to find out what kind of application this is uh
this could be many different ways it could be a URL um it could be a string within the body of the response from that page could be a cookie value um anything that separates that application or that protocol apart from others we'll fingerprint off and then we'll call a module and in the module first thing is the payload like I said that username password can be different it could be username it could be user underscore name it could be jcore username it could be user.name could be user could be something totally different um so we create that payload and then once we do that we're going to do a connect test and this is where scripts at this Point
stop uh we're going to tell you if it's valid or invalid and that's great but I want more um and so lastly we're going to do something cool with that um to explain that about six months ago when I was starting to create this tool I was on an external engagement for a customer and doing my testing and enumerated about 3 or 4 thousand usernames uh off of a flaw they had on one of their apps apps and then I needed to do password guessing right so I ran through with my favorite password season and year right so at the time it was spring 2016 how many use that password yeah um hopefully not but it's a very
very very common password um that we see everywhere so I have about 15 valid Accounts at this point after using that and they have a Citrix portal I love Citrix because I can escape it pretty easily um and once I escape the Citrix sandbox now I have internal access and get to you know destroy the internal Network um so I tried with the first account and the response that from the page was there's no applications assigned to this user so all right try another one try the second one no valid appli a assigned to this user third one what do you think that was no valid okay fourth fifth six I got to the seventh or eth and I said
this is ridiculous um there's got to be a better way to do this so I ended up scripting out the whole thing ran through all 15 and every single one didn't have any applications um so at this point I'm like it's kind of sucks um but now I have a script run that script and using my second favorite password company name 1 two 3 4 and ended up getting three or four with that and one of them actually had applications so uh get in escape the Citrix environment get internal access end up owning the entire domain um they had multiple domains and took all that over uh so it was very successful on my my part um and that's what I mean by
going Beyond so each module is going to do something different and that's going to depend on the module on the web application or on the protocol uh for the Outlook web access and ow uh and Office 365 we're going to parse the email we're going to look for sensitive information we're going to print that out for you we're also going to pull out all the contacts and uh save that off uh for the Citrix we list those apps out so now I can tell if it's a Internet Explorer browser a third part application or a full Windows desktop and I can decide which one I want to attack uh for Juniper we do something cool before the authentication uh often
Juniper has multiactor enabled but we can usually bypass that uh depending on how it's set up so we'll attempt that bypass we'll see if that works and if it does then we'll do our brute forcing against that and so each module is like that something different so so we'll go into a quick demo um just a little bit of uh that and it might be if it's a little small I can zoom in on it uh for you but to start off we're going to just run python my BFF we're going to pass it the host now the host has to include the protocol that you're going to use in this case htps and the uh IP or the host name that
you're going to attack uh the capital u is for user list and so this list has a few users and the P lowercase p is for a single password again one of my favorite passwords to try um this this particular app actually failed um it's a small business server and so if you don't know uh small business servers uh when you go to the initial web page it redirects you to a virtual host which is remote uh remote web workplace where you can remote control all the systems inside um for the for this I want to tack o which is SL o so we're going to um rerun this clear this out and we'll rerun this
using a vhost option uh the vhost option is going to um we're going to to add in the ow so we can specify that specific uh host and after we run this we'll see that it finds that it's an Office 365 or owwa server and then it tries password guessing um we'll find that user 3 was successful with spring 2016 we then search for sensitive emails looking for keywords such as password in there we find that there's some password helps uh in emails from the domain admin and um it's kind of sad that the domain admin actually has the same password um so good job there um and you'll notice at the bottom we we take any contacts and
we add it to a file under Temp and then contacts Dash and then the username and that splits that out so now we can use this information to do other attacks such as uh such as uh fishing attacks or or just trying to email through that um or more password guess and things like that now the second uh module last year I found a uh zero day in a HP site scope application s scope is a um application that allows you to monitor your system uh servers network from this web console and so they had a exploit in that and so this is the uh module for that so we run my BFF again this time the host is
actually it's the service is running a port 8080 so uh once we uh put in the URL we add the port and um it's not a separate option it's all within that host um the module is going to call a met exploit module that will then exploit and get us a shell um through this DNS Tool uh lookup where we have command execution and in this case we're going to use a lowercase U we're going to try one user and one password admin and
password and we'll run this and we'll see it's successful it's going to call that Metasploit module it's going to run through um once it loads up we get our meterpreter shell and we'll run get uid to see who it's running as and we see it's an authority system which is which is great now we have access to go beyond uh with that
so the my BFF is is going to be available today right after this presentation uh it'll be located on the Moose Dojo GitHub page so uh go check that out I'll be adding more modules as I go uh currently we have I have plans for uh WordPress uh Cisco vpns and a couple other web apps as well as uh SMB FTP tet um SSH and other protocols as well so a lot of cool things coming and each one of them is going to do something different right that's the whole point of this is I I don't want just to know if this is uh if if the username and password's correct I want to be able to have it do
something with it um and who knows what else and so if you have ideas let me know I'd love to talk to you about that and so we have password attacks how do we protect against that right what what good is knowing that you can get attacked on your passwords if you can't do anything about it the first thing is we want to detect detection is key um organizations that can't detect these kinds of attacks or or attacks against them are going to fail and so if you can put in place Brute Force detection and whether that's uh password spraying or brute forcing against accounts within if it's a Windows domain it's all it's easy
easy it's all built in you can just enable that kind of those kind of thresholds in that monitoring um so it's all right there second is multiactor authentication as long as you're implementing it correctly uh and there's not a bypass like the Juniper uh often has um this drastically reduces my ability to attack your system um I need that second Factor now so now I need to social engineer an employee or I need to um some other way gain access to that second factor and then lastly strong passphrases are key um if your password's long complex I'm not going to be able to guess it easily and I'm not wanting to Brute Force to lock out your account so it's going to
make things much harder for me um so that's everything this is my contact information uh both my uh personal GitHub as well as the mo Dojo where my BFF is um if there's questions love to take them um if not we can talk later love to meet you guys
mod how many metlo modules do you have integrated with this is it just the one or yeah so for uh for metlo modules it's just the one it's the HP site scope that I've written um it'd be easy to add as modules go but um yeah that's the only one we have currently um do you have like an optional switch to specify like an RC file uh I don't um currently it writes out the RC file and then calls that RC file to to run everything thing um those are things that might be worth looking into and adding though so okay so we're going to move on to next speaker so I have to cut it off
there uh just want to remind people also about the one of the manner rules of of pass conon we are doing this for good so any tools and any techniques being released and mentioned here at the conference use them for good if you use them for evil I will tell you two things number one I do not believe in violence number two I really know a cool party trick and that is I can delete your social security number okay so Thank you Kirk really interesting and the tool is available [Applause] online and we will have our next speaker on stage in like that looks like Evan maybe in uh two minutes
e
e
e
e
e
e
e e
each buy their own expense and discuss passwords um or anything you know ux authentication PIN codes uh password resets Chinese passwords stuff like that if anybody wants to discuss cars football women or anything else go somewhere else please not interested um and and by that I'm going to introduce Evan Johnson he's been working at L pass before now he's a cloud Flair and again another talk I'm looking forward to uh a little bit about password managers Evan thank you
hello cool okay so my talk is called evaluating a password manager but uh it should say lots of password managers and how people should evaluate them um it's kind of a supposed to be a give people a holistic view on password managers so about me I work at cloudflare as a security systems engineer um so I wear a lot of different random hats there I'm kind of the company's de facto appsc person um besides that I like hunt vulnerabilities in our products and our infrastructure and everything and then I I kind of either fix them or come up with plans to fix them or um push them off on someone else who can fix them and
um and I've kind of been working on the website it too as well I've uh since we were just talking about accounts and account management I rewrote all of the account management stuff for the cloudflare website and how it does sessions how it does uh all these different cryptographic tokens like curf tokens and stuff um and I also wrote um passg go which is a password manager written in go and it's command line based uh the whole reason I wrote it was cuz uh I wanted to password manager with more modern crypto for some systems systems things I do like I use it for protecting my SSH keys and um and whatnot oh and I
I previously worked at last pass uh as an engineer I worked there for a year and uh wrote a lot of code so if you use last pass and you like it uh I helped with that okay so uh so trigger warning we're going to talk about password managers and the reason I put this slide is because uh password managers online are super polarizing if you've ever read a hacker news or Reddit thread or Twitter Thread about people talking about password managers It generally goes nowhere and it's um it's just kind of a lot of people arguing uh and basically everybody in those threads is an expert and they should be the one Speaking you you are on the right place
now so uh uh so a lot of people love last pass they loved key pass they loved one password they hated they hated all those same things different people hate last pass different people hate key pass key pass x uh and that's not what this talk is about this talk is supposed to be really General and something that can that's unbiased and you can kind of step back from from what you like and what you don't like and kind of be able to evaluate um what is good and so I'm not going to be throwing bad password managers under the bus yet and we'll we'll talk about that um okay so about the talk we're going to
Def uh I have a couple goals so I want to define the properties that all password managers that regular people should have this talk is mostly geared towards regular people um point out some things that are really good that password managers that some of them do and uh and talk about some technical details about some of them as well we'll dive into a little technical stuff and so uh which password managers so uh if you're unfamiliar which maybe you are or you're not if you're in this room um one password is like I would describe it as the Apple Juggernaut of password managers it's uh it was for a long time considered really Apple Centric and uh
but great password manager last pass uh windows and Linux people liked it these two are probably the oldest the two at the top last pass and one password and last passes also got really p uh got really popular the Android ux was really great for uh they really did well on Android and Linux and windows and uh kind of not Apple for a while and then there's dash lane dash lane is pretty pricey and they've uh they've raised a ton of venture capital I think I just checked before this talk and it was like 52 million they've raised a series C which is an absurd amount of money for password managers um keeper which is
from um it I first heard of it at last pass and it kind of got it start on mobile I think and it uh it's it kind of uh developed from there and they took off from mobile then there's keypass keypass X these are the whole keypass Environ uh like ecosystem really confuses me and I don't fully understand it uh there's lots of them and then password box rest in peace they got end of life they got bought by Intel a couple years ago and they just got end of life pass uh is a command line password manager written by uh this really good systems programmer guy it's written in bash it's get backed and gpg
based and then so I put these two at the bottom these are the most interesting uh Excel spreadsheets and password journals these are things people might be using that uh we want to all we want to compare all of these together um so this is kind of a generic design diagram of the it might be hard to see highle parts of a password manager so I put four of them and there might not be four of them and maybe some of them are more tightly coupled than others you have the cloud servers where if it's if the password manager syncs you have servers that the password managers or the passwords are stored on then you
have uh kind of the backend core of a password manager uh so if you use one password there's a thick client there and last pass it's all extension based and this is the part that talks to these servers and gets down the passwords and decrypts them and then you have uh the application core integration I just this is the UI the part all the features that are built on top of this decryption all the all the junk that gets decrypted all the features that you see and then I don't know why I put this last one it's not really a part of the password manager just the application that the password goes into that's where
that's a final resting place for the the password uh goes into hopefully the correct application uh and like I said some might some password managers might have all four of these some might not uh so the first part is the servers and this is going to be missing from things that don't sync and the important thing here when you're evaluating a password manager it the first is really obvious that your passwords should not be on the server in plain text and there are actually some like Enterprise password Management Solutions where it is in plain text and uh it's uh not just Enterprise these these are like really big business like 100 million in Revenue doing password
password uh management at that I I've heard of and it's kind of insane um but what else should be encrypted here it's uh everybody kind of does it different all the password manager so the big two things that generally differ is some password managers don't encrypt URLs and some other ones don't encrypt usernames and the uh I don't think there's a right answer here about whether or not that's good or bad or I think it's could there's room for improvement for both of them but I don't really see a a huge reason why uh why having everything encrypted or I I'm not sure how to weigh this and uh so I came up with two tick
boxes for uh evaluating what's stored and it's whether it's encrypted which pretty much all password managers encrypt um uh what they have on their server and then whe the passwords that are on the server and then whether or not the the they encrypt all site data so if a URL is if a URL isn't encrypted then they wouldn't get that second tick box here um the password manager wouldn't so what else is on this slide all right and you generally have a backend part of an application that does all this heavy lifting of fetching encrypted blob data and uh decrypting it and uh this is pretty boring uh that all it does is kind of consume a API get a
bunch of data prompt you for your password and decrypt it uh and um uh sometimes uh well so this is where all most of the crypto lives so it'll uh all the crypto primitive choices live here and uh I guess that's significant because all the crypto lives there and the all the features that users see um autofills passwords contains all the bells and whistles contains user interface uh so the this might manifest itself in different ways like autof uh most password managers will have an autofill feature where you just press a button and it paste your password in or uh maybe not paste maybe it'll just uh modify the Dom on a HTML page and uh that all lives here and all
the flows of generating a new password and saving it and uh and then communicating with this backend process that then talks to the API to save this new encrypted blob that's that all starts at at this layer user facing uh and then one of the most important features that you'd see from um that Usery is security details about their passwords so if they're reusing a lot of passwords if they're um weak passwords are everywhere in their password Vault uh good password manager managers will tell users that they have bad password hygiene and uh they'll they might be really loud about it okay so what what actually matters uh and I think this breaks down into two things what features should all
password managers have and what are security critical and need actual technical eyes to look at and and uh and kind of evaluate and I think the first one is more about usability and the second one is security because that's kind of all there is in in this in this world okay so what should they have high level really fast um the the most important features that I came up with is password manager or password generator to create to create different kinds of passwords if a password manager doesn't have that it's pretty bad just uh duplicate password finder security finding security details like we mentioned if you have duplicate passwords if you have weak passwords your password manager should notify
you um strong crypto this is a interesting one which we'll talk about in a minute but your password manager should be should have strong crypto just having crypto doesn't doesn't really help uh it has to be strong and and uh not all not all password managers are vetted as as such and I think you won't have you won't have as big of a problem with the big names that I listed at the beginning but there are hundreds of password managers and once you get out in the weeds and you may find something that works for you it's kind of scary if if nobody's actually looked at the technical details under under the hood and then import export uh you should be
able to jump ship if you hate your password man manager um and the most important one that I think in 2016 is a password manager having mobile good mobile um user experience and um what did I put on this slide password managers with a mobile yeah so in in 2016 like so many users are mobile first and that's is getting more and more prevalent and uh if if you're if you just download uh keypass XYZ and it's somebody just forked key pass and made some changes and it you can't actually use it on your phone even if it's really cool and open source it it like is not going to help you that much uh and
so uh so here is like a Snapchat signup screen and I pick Snapchat because I kind of picture Snapchat as kind of the next well it's already arrived the next uh social network like uh and I also picked it because at the beginning of Twitter people were like this is really stupid and it kind of became something really big and so people signing up on Twitter they might choose a stupid password like that my first password on Snapchat was really horrific I'll tell you but uh but like who knows Snapchat might be really important like a year from now people might be getting their news from from news Clips on Snapchat who knows and so
if you if a password manager can't reach their mobile users that's like that's really bad uh and uh also just outside of password managers authentication on mobile devices is just atrocious uh people have tried like Federated credentials in apps like Pokémon go came out and they had the Google The Google sign up and besides the fact that like the you could sign up with your pre-existing Google account uh uh and besides the fact that the permissions were uh way too permissive on what you actually allowed Pokemon go to do it's it was just bad ux like you had to completely re-enter your username and password it you didn't get anything for free so password managers are the best
we have in Mobile ux right now uh so this is the this kind of shows off on Uber who uses the agile bits uh the one password they have a way for apps to integrate with a password manager and I feel strongly that this is if your password manager does not have this option if you use iOS so obviously it's different for Android but on on iOS if if you're not taking your password manager serious ly and you and you are working at a password manager company like this is super important this little uh it's in the red not my email blurred out but the the little uh lock icon uh that will allow you to just click that
and paste your password into the password field and or it's not paste um I'm I'm not sure about the details but it it allows you to get this this icon and utilize a password manager for from inside of an app uh and the other thing in Mobile is browser support and uh while while most apps have not figured this out uh most password managers have figured browser support out and pretty much all of them will will support uh different uh pretty much all password managers support this way to be presented in a in a Safari browser uh which is good and so the the important reason why I mention uh mobile and really focus on mobile is I think
it's the way to win an argument on the internet since that's the only place good import good important arguments are fought uh with people who use um people who use Excel spreadsheets and and password journals and stuff I got it an argument with somebody on uh slack Channel and uh this guy said he all of his passwords were too sensitive for a password manager and he could never trust software and he kept an Excel spreadsheet or he kept something that he wouldn't he refused to tell me because it was too high security and I was like first of all this is just absurd but second like uh the mobile case the mobile case just I feel like completely
trounces his argument because uh because who knows where this guy will be he might not be at home when he signs up for Uber or for Snapchat and um if he if he doesn't choose a good password that's like bad password hygiene and his his system fails um so uh the scary part of password managers is go to the Apple App Store and type in password manager and there are like hundreds of results and who knows who knows what these things are doing okay so what what what features actually need security evaluation and uh I think after last week we all know browser filling logic needs security evaluation uh uh integration with the between the
browser extension and the and what whatever background uh no integration between uh like what the user is doing and the how the user interface talks to the the backend system that decrypts all the passwords because in in Dashlane and and one password it's uh they talk over a websocket and uh and it's not tightly coupled like different password managers all have a different software architecture where some are more monolithic where uh you might it might only be extension based but some really rely on this thick client on your machine uh crypto Primitives so uh this is all came from browser world and crypto Primitives don't exist that well in JavaScript so basically everybody body just copies and pastes in uh crypto
their crypto Primitives that they need and who knows who's looked at these I have no idea and then HTTP headers random uh regular appsc kind of things uh so how to dive in and look under the hood we're uh so the the parts you're going to be looking at is the API the crypto the browser extension and if you are an absc person and you've always wanted to learn about how to dive in we're about to look at it quickly so um here is an example of how you could examine the API for last pass and how it works so uh for last pass password box most of the monolithic extensions where they don't have this uh client on the machine
last past does now but uh all the logic still in the extension you can just go to uh this extension screen in Chrome Chrome extensions and load up the background page and start diving in uh that's you have to click a that there's a check box in the top Corner that says enabled uh you have to click that then you can click back around. HTML and you can start uh diving into the technical details of how the extension communicates with the API for for a lot of extensions actually and here is uh my last pass Vault and um you can see all the once you click background. HTML it'll pop up a a chrome debugging window
and there's a network tab you click the network Tab and you can see all the requests that are being made and uh you just click on them and you can see all the technical deta details it's amazing uh and apps that don't do that this it's a little harder to kind of dive in and reverse engineer because uh you have to reverse engineer a thick client instead you uh who knows like maybe they do uh H like public key pinning inside their their thick client and it's a little harder to dive in this is really nice because Chrome gives you a debugger it's amazing uh next is examining the crypto and uh pretty much all password managers use
have pretty similar crypto Primitives that they've chosen uh most of them have chosen like asbc um and similar encryption and uh pbkdf2 Shaw one for deriving a key and I think this is mostly because of difficulty getting Primitives into the JavaScript world where they might need them and um whatever but this uh I think that the best practice now is to use an aad Cipher and uh it's really hard one challenge that you kind of realize when you're working as a software engineer on a password manager is let's say tomorrow you wanted to switch from asbc mode to a different crypto primitive let's say you wanted to go way back and way weaker and pick Dees which we don't use
anym and please don't ever use and uh it's really hard because you start you can't just flip a switch and everybody's passwords are encrypted with something different moving moving forward is is not easy once you've chosen A Primitive it's really sticky uh why who said why why is it sticky uh just be just because so you encrypt all your all your passwords you have a thousand passwords in your Vault and uh we chose let's just pick something really weak Dees and we want to move to AES and you would have to download new code from whatever update process the extension has and the client has and that all your things have to be decrypted and encrypted again or you can
wrap them uh and that's that's kind of weird where you start encrypting a cipher text and uh it's it's just kind of a not an easy process let me just addal answer to that is that remember that people are synching data acoss different clients and that
[Music] yeah it's it's it's not easy and so uh now we want authenticated encryption and pretty much no password managers uh have authenticated encryption just because of this problem like if it was easy everybody would do it but uh it's not and so examining the browser exension thanks this is Tavis uh ormandy he found a really bad bug in last past last week and he's looking at more now more password managers so I put his face
up uh and so uh finally uh examining the browser extension uh so the part that he found the bug in is in last pass was their autofill logic and this is um fairly easy to dive into uh because of chrome Dev tools again just right clicking on a page and clicking inspect element and then you can click the you pop open the developer tools then you can click sources and then uh content scripts which is right here and then you can just browse JavaScript all the JavaScript fill logic this is one passwords fill logic last pass fill logic right next door it'll format everything for you it it'll uh it's really easy to dive in and start reading
their code and evaluating it and so out of this talk um I kind of came up with an idea where if you've ever heard of uh the eff and a lot of people have created scorecards for things like encrypted Messengers and uh uh and whatnot I want to come up with a password manager scorecard where there is uh a lot of properties that I Define and password managers either get a green check or a red check or red I don't know what that's called actually a red no uh and uh I think this would be really useful just uh to have something where non-technical users can kind of come see and get a non-biased way to evaluate a password
manager that suits their needs and uh I want to I got this idea while I was working on this talk and so I have not made it but I want to publish it in the next couple weeks and work on this um so maybe you'll see it I hope you see it uh but I plan on publishing it soon so does anybody have questions sure so for those of us who work with users all the time oh for those of us who work with users all the time where will you publish it uh so I have no idea I wanted to work uh at cloudflare our PR people have good contacts and I was hoping to get it
somewhere that it might get visibility I plan on putting it on my Twitter on ejc exore and uh Hacker News or something I don't know Hacker News in my Twitter are places that you might expect to see it so do you know of a personal password manager that syncs where you can run your own server uh yeah so uh pass pass which I mentioned at the very beginning the website for it is password store.org it is get backed and it's if you like gpg and command line uh the reason the reason I recommend pass is because there's kind of been an ecosystem built around it where uh you can use a IOS app to to access your
passwords as well and it's it uses git as the back end and so you can just host a git server and have your passwords last one oh um Jeff Goldberg from agile bits makers of one password at the risk of pushing of pushing um selfs serving criteria I was a bit surprised at the extent to which you downplayed the not having the URLs um encrypted particularly if that is actually stored or available to The Operators of the system I mean uh now for a long time I mean I understand the technical reasons why it's difficult to get those encrypted um and when we made the transition to a new data format in which we actually managed to encp that we have
been hammered by our users for making that transition too slowly so um so what I'm going to do I'm going to ask both Evan and Jeff to join me for dinner and I would put them on the upside sides of the table uh no no no no and I don't think you need to and anybody who wants to come and watch I'm more than welcome to do that but now uh I will have to say again thanks Evan yep thank
you and we will move pretty much directly on to our last talk
okay so while Mark sets up his laptop um there are also events uh later this uh this afternoon and evening uh you have them in your program uh if anybody as I said if anybody would like to meet up for for for some food or drinks or anything I will go down to the pub 365 at approximately 7:30 if you want to join in please feel free to come down there and look for us okay 7:30 down at the PB 365 very easy thank you see you later [Laughter]
yep what do you need do you have what kind of output do you have he has HDMI and you need HDMI to DGA yeah we do that's the then you would eventually have to run into the sticker Ops room and ask them if they have I mean I know we have adapters for anything but they are not necessarily in this room
hi clov nice to see you yeah getting started already huh yeah [Laughter] hi yeah I mean seriously you're I am every single day that I don't geted didn't get a hacked drink
man of many adap well this is this is their stuff
thankfully one calling for one
this shows up I you that one
to go to display properties from the desktop and see if that monitor shows
up yeah detect right
there oh you not have it in all the way oh there got it hey there we go then go
there and it's backward
all right you're all set okay okay okay okay so again this is Mark berett our last speaker uh for today uh he is the author of The Very Acclaim book perfect passwords I was actually considering to bring it here to Las Vegas to have it personally signed I still have it at home mark uh and uh again uh Mark came with this talk uh have have you actually been tormenting your family over this oh yeah okay a big time so I think this going to be very uh interesting to listen what you have actually be done and doing so Mark feel free to get start all right okay um I'm Mark brunette I guess hi Mark I I do
stuff and I talk about stuff so but on my first slide here I'm going to read my intro okay so this talk is about passwords and killing passwords and really the mess we've made with the whole passwords thing because although we like to think that we have played a part in making the world more secure mostly what we've done is alienate users we've made them log into everything over and over and over and over and over we tell them to make sure the password is really strong but don't write it down and of course don't forget it be sure to add some special characters or sometimes when it's a bank don't include special characters Banks uh We've bombarded users
with I gotta change my screen here um
we bombarded youed with a NeverEnding supply of policies captas remember me boxes I'm behind now and of course you don't check the remember me box even though it is everywhere and of course us are retaliated how they know best with memes and you know we can't blame them because we created them we recreated those monsters and they are monsters but I have got this little analogy here actually I just saw this video and I thought got to find a way to work it
in we are all losing okay now I don't know I don't know if you notice it's kind of quick but um I watch around this I'm going to zoom zo in and and slow it down but watch around this area because there was something just kind of went by real quick [Laughter] there you probably missed on the first time so all right so we've been doing passwords for several decades now and you think we've we pretty much got it figured out right but but let's let's look at what we've accomplished and let's let's kind of do a report card here password policies seemed like a good idea but you know it turns out we we really don't know what
works I mean users have bad password so hey let's force them to have good passwords but that kind of end up with not enough requirements too many requirements strange requirements no no two identical consecutive characters and I don't know if if you know me on Twitter I complain about lot of stuff short password explanation policies for policies I mean come on failed um user education you know they're still confused we've as much as we've we've tried they're they still suck at passwords they still hate passwords they still want to kill passwords they're always trying to find some some way to work around their passwords so we get a fail on that too password managers hey now uh I know
we've talked a lot about password managers and it's kind of an important thing to a lot of people here a lot of person here um but you know we got to face it they're just a temporary fix they're really not a long-term solution they're kind of tacking on to tacking onto this problem we have a passwords and we're trying to fix passwords by having password manager but um yeah Hardware tokens hey now Hardware tokens we doing for decades now I mean we've been trying to get it right and we've we've tried a lot of different things but the thing is have you ever tried to get someone to use a hardware token who isn't in the security business
or unless you know the company forces them to you know it just doesn't happen and then there's that now Biometrics hey users like those fingerprints I scanners voice matching you know movies have been doing it for years it looks cool seems really secure I mean you got it if I mean if it's something really secure they're going to voice match right um but you know we still haven't figured out how to make it we really haven't made figured out how to make it secure and we haven't figured out how to make it Anonymous and we haven't figured out how to make it work everywhere videos yeah oh oh I don't have sound I just realized it has cool okay sounded like
that kind of jeez all right so the way this started is until this this particular topic STS and tell had me write an article a few months ago and and they've seen they've seen lot of my tweets and stuff and they thought hey wouldn't it be cool if we got we wrote an article about killing passwords and and they thought you know let's get a bunch of equipment let's let's let's try it out on my family you know and kill Pastor see if see what really works and yeah that didn't go so well but um I got I got a um some wearables stuff some some U keys I had a bunch of those laying
around uh uh I scanner uh fingerprints scanner and a password manag i' used Intel Shi in this one the experiment was really fun for me but um you know I I did it for a few weeks I got all my I got all these things hooked up you know got everyone in my family hooked up I got you know I had this interesting we have this pretty diverse thing in my family I got my I my wife you know well I that's another story my three of my boys I got four um and my father-in-law oh especially I especially my father-in-law I'll just let you guys just I don't know if you can see those
but you got to read something my father-in-law put tape over his webcam transparent Scotch tape I'm amazed at despite my best efforts my father-in-law's ability to fill his computer with every Spy were known to man my father-in-law today told me he needs to get a copy of Harvard Graphics then I realized he was serious I'm just going to say the world is not secure until my father-in-law can go 90 days without getting some kind of infection on his laptop no every hack today wasn't because of the passwords I released seriously people are like my father-in-law okay my SSID used to be not found my home GRE blocked and my Plex Ser broken my father complains that
nothing works at my house well I have so many stories what's that so anyway I've got a pretty diverse uh group to pull from needless to say my father-in-law got the Cat book which is you know password manager cats password manager disguise is a book about cats anyway it's really interesting though because I got I got this stuff I mean I got this you know I got one of my my sons to use ybi keys I it's kind of a hack but I I got him to you know use them for all his different passwords um some of were static statically uh hardcoded passwords but you know the whole thing was to kill passwords at
that point my wife got her this uh you know this uh Fitness tracker and um the thing is though you know once she found out that it was worth how much was worth she she wanted to sell on eBay so that didn't last um the you know and it was just like I I it lasts about three weeks and then you know I you see I it all end up back in on my keychain again they just kind of they just kind of gave up on it but why can't we get people to to use this stuff I mean why is it so hard I mean I couldn't even get my own family to do it
and I would think I'd like to have some kind of influence over them I mean what do we need to do to get user participation here wait oh Hey listen just do them all okay
so it's got to be usable I mean it's it's if it's not usable I mean obviously it's got to be usable but you know it's got to it's got to have um it's got to be easy to install it's got to be it can't have a lot of terminology you know crypto terminology it can't be uh frustrating to oh yeah that's that's thing with my wife she gets really frustrated with stuff so if it doesn't work like the first two times she's ready to give up on it so it's it can't be frustrating um needs to be flexible needs to work across a lot of different platforms now we get there's a lot of cool
authentication stuff it only works on Windows or it only works on your mobile so you know it's got to work on different platforms it's got to be compatible with a lot of different authentication Technologies I mean Windows hello is nice but it there's a lot of stuff you can't use it you can't use a Ubbi key to log into Windows hello um it's got to uh it's got to be invisible to user and you know they just really got to feel like they're not even using it I mean that's that's the biggest problem with passwords they're they're far from V invisible they they're they're struggling with them all the time I mean just just monitor the the the keyword
password on on Twitter and you see all it's kind of funny but you see all kinds of complaints about passwords um and it's got to be uuus I mean if your bank uh sends you one token that only works with their with their website I me what's the point of that it's got to be something that you can you can use on all the different websites or all the different systems or or if it only works on websites but not the OS or vice versa I mean it's got to be something that that works across different systems so with this in mind you know I I decided to take it to the extreme okay it didn't work with my family but I
thought I'd try it myself I mean I'm I'm I'm pretty brave so I I got all this stuff together I add a few more things my keychain I got this you know here's that the the I it TR ER and um you know I I install it all in my system my system really doesn't boot very well anymore but um but I I installed it all you know and it um you know I tried it out it's like what you know what what are we doing wrong here I mean what am I why isn't this so hard to figure out and just to be clear we aren't going to be killing passwords anytime soon you guys know
that I'm just going to skip that one so let's talk about password managers I said there are temporary fix they're just kind of a crutch to get us through to make passwords usable for now I mean it may be 10 years maybe 20 years but they're really not going to last it's it's not a long-term solution here um I mean we don't know our own Secrets I mean we we create these these we don't even create the secrets the it generates the password for us it manages the the secrets for us it enters in for us but it's not it just kind of breaks the whole security model breaks the whole concept of having a secret because yeah
we have this this master password but that's not really way this is going to work um and we just got to look at that look at passwords there're are transition there to get us to this place where we can you know we truly have a seamless system where we're you know we're doing more than just typing in static passwords you know a tool is type type in static passwords for us uh sorry but to get that to get to that place we're going to have to get operating system support we're going to have to get browser support and I know that where's my question yeah he he thinks that browser shouldn't be involved but you know you got to have
the operating syst you got to have the OS it's got to be have a trusted platform to run the browser and the browser's got to have that trust authentication platform to log into your websites and if we don't have the browser involved if we don't have the operating system involved we're not going to get to that I mean it's just we have to the only way we're going to do that is to get every component integrated and so who's going to do that no I'm serious who's going to do that I'm asking for volunteers no okay so what you have and we've been doing this for a long time we've got we've we've tried magnetic stripe cards
we've tried smart cards token generators all kinds of Technologies and that's what users want they want something that's easy something just plug in or or you just be near your computer unlocks it um if it if you lose it you you've got this thing log in if you lose it you grab another thing and that's your thing and and you leave it to log in and you lose that thing and you get another thing so you know that's that's that seems like a great solution but you know Hardware is a the classic trade-off between Hardware is a classic trade-off between security and convenience and you know what what seems great for users really doesn't work well for security so
and vice versa but
you missed that let me do that again for you so around 2005 uh a lot of websites realized they need to do um they need to thing make things more secure so we started like PayPal and eBay and some banks they started Distributing these these uh Vasco go tokens you know you push a button it gives you six-digit code and actually I really like these I mean I I've had these for 10 years and the battery the works I still use them on my PayPal account but I guess they really kind of sucked for the for the companies cuz they just you know they kind of it got to where they PayPal just kind of hid that that feature for a
while um it must have been a major uh sport headache so we kind of what's that exactly nobody used them but me and like you probably and like some other guy so Bluetooth now Bluetooth is interesting because you know we people are always trying to I mean Bluetooth seems like the perfect way to do this you know you don't even have to touch it it just go near your computer it unlocks it but it's not exactly secure I mean you it's always on you know it's easily spoof it's visible I me within 30 feet or more if you have a if you have a um I mean it's sometimes I've seen people do up to
100 ft this thri antenna um vulnerable to man the midle attached I think there's going to be a talk at def about that but we keep you know we keep everyone keeps going back to this these uh Bluetooth stuff and the protocol is insecure there's just really no fixing that unless unless we fix the protocol but one thing you do is you treat it like it's an insecure Network and we know how to deal with insecure networks I mean you you have proper key exchange you have um certificates you can have uh pin certificates you you don't just detect the presence of of a of the the Bluetooth Mac as you you you you exchange you do a proper uh challenge
response you exchange a timebase or digitally sign time baates uh token but no one does that that's a problem uh this this tractor I Ed for my wife uh what I I just end up using some software fact I there we go using some software uh this Rost it's kind of cool you you have all these different things you've got USB flash drive all Bluetooth Bluetooth key pkcs number 11 security module yub Keys uh you can plug in all these things and then you can log in with Windows uh really nice I did that with my wife integrated with a couple other things Tasker and some stuff on her on her um a phone and you know it
worked good until like I said eBay you know my wife okay know I'm not going to on that you you know all the stories about my wife and eBay yeah um it's not nailed down it's going on eBay yeah right I used to have these defcom badges you know like from five and six but you know those go for a lot of money on eBay it turns out uh so track uh these fitness trackers are actually kind of cool because you think about they've got first of all it's something you have you know you got possession there you also got GPS on some of them you've got biometric markers I mean this one's got a heart rate sensor you know there's
done uh authentication through heart rate it's got microphones on it you could do voice voice authentication it's got galvanic sensors you know it's I mean basically got a lie detector test on here um on a watch but I mean there there's a lot of different uh possibilities I mean you could you could if you really want to make that work I mean um wearables are really interesting thing and and it was you know it's pretty transparent uhu Microsoft Tred to do uh do it with their um their thing what's it called what's it horable called band yeah there we go band um and you know but just basically you push a button gatekeeper now this one's
kind of interesting I actually kind of like this one this a little thing right here you got a USB dongle and then you just put on your keychain you walk up your computer it's really accurate like you can say uh how far you want to be from your from your computer you can say like 3 feet or 5 feet or 15 ft and it's really you get within 3 feet and it it you know it locks and when you walk away it unlock or other way around um you can choose how you want to log in if you want to log in with just the gatekeeper or with uh a pin or whatever I it just really cool I
actually kind of had fun with that one but then I saw this thing says enter your Windows password ENT enter your Windows password below this enables you to log in your to your P whenever someone asks your Windows password you know that's a bad sign when when when authentication so I saw this and I saw this and it was just bad I mean I don't know if you can see here my pen you know and the encrypt it you know and there's the all the code for encrypting it and yeah it was just bad I mean it was kind of sad because that was kind of cool anyway I've worked with I've been working with them and they're they're
they're improving that but it's you know there's a lot of potential there some some way we can go with that you know it's a Bluetooth device that's pretty seamless for the user yub keys right I mean we all like Y kees how many people here have yub key all right how many people have four yubik [Laughter] keis one two three what's that on which one
the four
oh well it's it depends on how I mean what kind of crypto you're talking about because there are I mean the the UK key is writable uh and you can you can put in you you can write your own Java modules in there um so I guess it depends on what you're using for but you know it's it depends on how you're how you're using it um and I I think I think the Ubbi is probably the closest to to getting a real hardware token that's usable it's cheap U u2f standard I got a few of those u2f tokens this one here it just kind of folds out and tapes over and I got for $5 on Amazon widespread
adoption a lot of people well I should say widespread adoption Among Us um really easy to use you know put in push a button uh the it's got the the U key itself got the OTP smart card Channel response other stuff but we still can't get people to use them I mean I gave my son three Yu keys for all those different you know six different passwords that because you know it's about how he had I still couldn't give him use them for that um I have my one of my sons I my 10-year-old I he actually still uses his UB key yeah you know logging into he's the only one of all my family who actually uh survived
the whole thing he uses his yub keq to log into Gmail but but we can't get people to use them I mean that's about the easi as you can get right NFC RFID got a ring here it's got two little NSC tags on it and oh hey I got on the back of my back of my I got a another NFC tag back of my wallet I got NFC tag so I can yeah swipe my wallet and in the bathroom I can swipe and launch my apps I need on my phone um um yeah some some do yeah the the Nano I believe or yeah I think I don't know one of those RFID is cool the RFID
thing you know I mean I I mean I got these these little scanners I put on my my computer oh you just seen my computer with such a mess you know all the stuff I had stuff taped on there CU I had a so I got NFC and RFID and so it's kind of I I actually got another one for my garage so I can open my garage door with that and it worked great great for that but I don't you know thing is you can't change it it's just a code I mean it's spoof it's easily copied you can't turn it off so it's not like like Bluetooth I mean at least Bluetooth you
can kind of secure it by I only turn on when you need it you need a reader I've got you know those readers but I don't even know what that is oh so I used event ghost in Windows I used uh that Roost thing I used Tasker and kind of got all the stuff integrated it worked out pretty well it's really cool but it's just not secure at all I mean it might work for home users and that that be I don't know just don't do this I mean unless you got some foil gloves or something CU you know once someone I mean it's spof I someone scans it and you've lost it you got to like
what you pull it out and put a new one in I you can't really change it I that's worse than your fingerprint mobile devices some uh some based on Google off I me there's a lot of them some are proprietary some use algorithms some use push not Uh custom algorithms some use push notifications some use a combination of that those things they're really common they're easy to use everyone's got some kind of mobile device uh people are are more willing to protect it and they're going to noce when it's gone it's not going to be gone for long um the problem is it's REM uh they're vulnerable to remote attacks you could you could have some
bad app that someone installs they they're slow to replace so you can't just go get a new one um on the plus side there is a lot of support for Google o I mean I I've probably got 340 on my uh Google Authenticator and it's just constantly growing um so I'm not going to go that's you guys get that so oh I forgot about it yeah so that's that's what I call them what can be chopped off um I kind of ran out of Graphics so I started using some stock photos so I guess thing is with uh fingerprints finger oh here's my fingerprint scanner it's a little tiny one the problem with fingerprints and this is
the authentic they had a they had a problem where they were storing the the password encrypt see what the way some of these things work is and the the reason why I said that was bad news when they a bad sign when they ask you for your password they'll they'll encrypt your password and then have some logic in the program that that authenticates you and if you pass the authentication then they decrypt your password and use that to log into Windows um and so that just means that your password stored somewhere and most likely it's got a hardcoded key somewhere or it's based on your PIN um I mean it's really cool it's built into Windows you know but the thing is
you can't log into website with your fingerprint I you don't have you know there's not really much you can do with it I just log in Windows and that's about it maybe you're and your mobile phone as well um and oh Iris now irises are interesting I like this one the best that camera is just kind of weird I think ah this was my personal favorite um because it just worked really well it was just really seamless it's almost as as worked almost as well as the uh the
Bluetooth
yeah okay so let me oh you can't it says looking for you making sure it's you it logs me in so it's kind of it's kind of cool um but man those pictures it's kind of freaky but you know it's it's just I mean if we could get this something like that to work uh um I mean like I said we get the the OS support we get the browser support and we get the application support but the thing is we're not going to walk in not going to log into any websites with this so really not much I should have got a better picture I guess but uh you know there's really not much you can um
do with it other than just I mean oh you can play asteroids it's kind of cool you can you look at the asteroid and it blows it up some games but it's not much you can do with it other than that it's I it would be nice if if we could get that more commonplace but they aren't really cheap there's about $180 for this um it has been a up so there are catering people waiting outside to take over the room so I have to ask Mark to speak very five minutes five minutes okay I can do that yeah thank you us the
conclusions oh you give it away the interesting question is essentially is his family still alive that's that's my main concern face voice fix don't ask for passwords if if you ever do use a like any kind of biometric or or you know alter authentication it ask for your password there's several of them that did that um it's just that you know they're they're storing it somewhere uh oh and there's there's this thing I mean you've got like last pass you can use yub key but if you lost lost your ubik key device click here to disable Ubbi key and then over here it says use uh email verification instead so it's not I mean it's just kind
of I why not just email verification in the first place I mean it's not you're not any stronger than that that weakest link there so expanding modalities um oh wait I'll go back to fix fixing it is you start strong work backwards we we you you allow a lot of different um allow support for a lot of different uh types of authentication don't I mean these a lot of these uh like last P for example at list you know these these certain uh two Factor authentication things you can use you know if if if they're not you know they're not obviously not going to be available on every device for for every person I mean
not everyone has fingerprints I mean you know it's just you got to have flexibility based on where the user is what kind of device they using um where they're logging in from and other factors that you know that could make it potentially suspicious so you kind of take away you know is this suspicious you kind of take the score away then you add on uh with this the stronger authentication Factor determined to get you back up to where you need to be you know to a certain score to uh to pass them um and here's some kind of interesting things that you could look at where you where where you are when are you there where you were which device you're
using who you know who's with you but I hear some you probably don't want to use um something you forgot something you lost anyway something you ate how you bleed so I thought you guys might want to you know use that hashtag and kind of carry that on but H rules-based authentication uh that's one thing I like to see I I like to see some kind of I mean with uh with like within Windows hello for example you can log in with a fingerprint or with your face or you can log in with your PIN code or password but it would be nice to say you know I want to log in with three of these three out of four or
I want to say you know these times I want to log in 3 out4 if I want to say if there's been more you know certain conditions I it would be nice to have a rules-based uh setup that you can decide that we could decide let us have five different ways to authenticate and you have to about three of them uh artificial intelligence there's there's a lot of potential there for for understanding when to require multiple factors or or you know three or four factors for authentication identifying devices um some of the password managers do that already um smarter variables that would be really cool okay B you okay and then there's this that's it I guess we don't have
questions we have questions have time for questions while they're setting up I I was told they are really eager to get get in here but again you know Mark will be around so please do ask him questions outside uh for dinner or tomorrow uh tomorrow I I hope you enjoy the first day tomorrow we start at 10:00 the first talk tomorrow is about creating targeted word lists with a new tool that will be released and it's targeted wordless against Americans I think that's kind of a nice thing being Norwegian so I'm looking forward to that talking that tool as well have a great evening everyone
Related talks
51:51
32:48
33:48
54:33
31:06
20:51