Post on 09-May-2015
Client-side passwordEncryption
Pedro Fortuny & Carlos Amieva(& Rafael Casado “in absentia”)
Client-side passwordEncryption
No worries, James, let the sysadmin deal with the problem.
Client-side passwordEncryption
Honestly:
Client-side passwordEncryption
Honestly:
Can you trust your sysadmin?
Client-side passwordEncryption
Honestly:
Can you trust your sysadmin?
I mean
Client-side passwordEncryption
Honestly:
Can you trust your sysadmin?
really?
Client-side passwordEncryption
Honestly:
Can you trust your sysadmin?
Client-side passwordEncryption
I said really
Client-side passwordEncryption
We need
Client-side passwordEncryption
Ways to minimize data exposure to the sysadmin
We need
Client-side passwordEncryption
Ways to minimize data exposure to the sysadmin
We need
One step
Client-side passwordEncryption
Ways to minimize data exposure to the sysadmin
We need
One step
Protecting passwords from local access / MITM
Client-side passwordEncryption
The Sibyl v2.0
Client-side passwordEncryption
Client
Server
State of affairs 2013 - blind trust
Client-side passwordEncryption
Client
Server
TLS/SSL, this is SAFE, oooohh!
State of affairs 2013 - blind trust
Client-side passwordEncryption
Client
Server
TLS/SSL, this is SAFE, oooohh!
I use scrypt, I’m no fool
State of affairs 2013 - blind trust
Client-side passwordEncryption
Client
Server
TLS/SSL, this is SAFE, oooohh!
zorg:~# a=`pidof mysql`zorg:~# strace -p $a -e crypt -f
I use scrypt, I’m no fool
State of affairs 2013 - blind trust
Client-side passwordEncryption
Client
Server
TLS/SSL, this is SAFE, oooohh!
zorg:~# a=`pidof mysql`zorg:~# strace -p $a -e crypt -f
[pregnant silence]
I use scrypt, I’m no fool
State of affairs 2013 - blind trust
Client-side passwordEncryption
Client
Server
TLS/SSL, this is SAFE, oooohh!
zorg:~# a=`pidof mysql`zorg:~# strace -p $a -e crypt -f
[pid 9] crypt(“patata”,“$7$21212104040SaLt.$”)
[pregnant silence]
I use scrypt, I’m no fool
State of affairs 2013 - blind trust
Client-side passwordEncryption
Do youreallythinkhackersdo NOTusestrace?
Client-side passwordEncryption
BUTYour sysadmin is
good[assumming you have not been rooted]
(tm)
Client-side passwordEncryption
BUTYour sysadmin is
good[assumming you have not been rooted]
(tm)
Trust in me...
Client-side passwordEncryption
Can do better
Client-side passwordEncryption
Client
Server
TLS/SSL - but “trust in me...”
Client-side passwordEncryption
Client
Server
TLS/SSL - but “trust in me...”
Store “RSA(scrypt(pwd))” on the server
Client-side passwordEncryption
Client
Server
TLS/SSL - but “trust in me...”
Store “RSA(scrypt(pwd))” on the server
Sibyl
RSA channel
Use a hardware module to authenticate
Client-side passwordEncryption
TLS/SSL - but “trust in me...”Client
[Pub key]
Server
Sibyl
Client-side passwordEncryption
[Priv, Pub] RSA pair
TLS/SSL - but “trust in me...”Client
[Pub key]
Server
Sibyl
Client-side passwordEncryption
[Priv, Pub] RSA pair
only storesPUB0(hash)
TLS/SSL - but “trust in me...”Client
[Pub key]
Server
Sibyl
Client-side passwordEncryption
[Priv, Pub] RSA pair
hash=scrypt(pwd) is runon the client side
only storesPUB0(hash)
TLS/SSL - but “trust in me...”Client
[Pub key]
Server
Sibyl
Client-side passwordEncryption
[Priv, Pub] RSA pair
hash=scrypt(pwd) is runon the client side
msg=PUBi(hash)
only storesPUB0(hash)
TLS/SSL - but “trust in me...”Client
[Pub key]
Server
Sibyl
Client-side passwordEncryption
[Priv, Pub] RSA pair
hash=scrypt(pwd) is runon the client side
msg=PUBi(hash)
only storesPUB0(hash)
TLS/SSL - but “trust in me...”Client
[Pub key]
Server
Sibyl
Priv(PUB0(hash))==
Priv(PUBi(hash))Login?
Client-side passwordEncryption
[Priv, Pub] RSA pair
hash=scrypt(pwd) is runon the client side
msg=PUBi(hash)
only storesPUB0(hash)
Only the Sibly can answer this
TLS/SSL - but “trust in me...”Client
[Pub key]
Server
Sibyl
Priv(PUB0(hash))==
Priv(PUBi(hash))Login?
Client-side passwordEncryption
There is no encryptionperformed
on the server
Client-side passwordEncryption
The Sibyl can becompletely dumb
[not yet implemented]⇒ no access to the priv. key
Client-side passwordEncryption
The sysadmin has noway to MITM or whatever
Trustless pwd management
Client-side passwordEncryption
Isn’t it better to trustpeople, Charlie Brown?
Client-side passwordEncryption
Isn’t it better to trustpeople, Charlie Brown?
No, Lucy, no...
Client-side passwordEncryption
Details[...]
skip if necessary
Client-side passwordEncryption
client server sibyl
Client-side passwordEncryption
client server sibylV1=RSAi(pwd)
Client-side passwordEncryption
client server sibylV1=RSAi(pwd)
[login,V1]
Client-side passwordEncryption
client server sibylV1=RSAi(pwd)
[login,V1]
V2=RSA0(pass)(stored)
Client-side passwordEncryption
client server sibylV1=RSAi(pwd)
[login,V1]
V2=RSA0(pass)(stored)
[V1,V2]
Client-side passwordEncryption
client server sibylV1=RSAi(pwd)
[login,V1]
V2=RSA0(pass)(stored)
[V1,V2]
decrypt(v1)==?
decrypt(v2)
Client-side passwordEncryption
client server sibylV1=RSAi(pwd)
[login,V1]
V2=RSA0(pass)(stored)
[V1,V2]
decrypt(v1)==?
decrypt(v2)yes/no
Client-side passwordEncryption
client server sibylV1=RSAi(pwd)
[login,V1]
V2=RSA0(pass)(stored)
[V1,V2]
decrypt(v1)==?
decrypt(v2)yes/no
grant/deny
Client-side passwordEncryption
client server sibylV1=RSAi(pwd)
[login,V1]
V2=RSA0(pass)(stored)
[V1,V2]
decrypt(v1)==?
decrypt(v2)yes/no
grant/deny
much gorier
(alreadydone)
⚠Client-side password
Encryption
Thank you
And don’t forget tohave a nice meal
??