• Home

  • Documents

  • The OWASP Foundation Secure Password Storage Verify Only Add Salt Slow Down (or) HMAC/Isolation
10
The OWASP Foundation http://www.owasp.org Secure Password Storage Verify Only Add Salt Slow Down (or) HMAC/Isolation

The OWASP Foundation Secure Password Storage Verify Only Add Salt Slow Down (or) HMAC/Isolation

Tags:

Embed Size (px)

Citation preview

Page 1: The OWASP Foundation Secure Password Storage Verify Only Add Salt Slow Down (or) HMAC/Isolation

The OWASP Foundationhttp://www.owasp.org

Secure Password Storage

• Verify Only• Add Salt• Slow Down (or)• HMAC/Isolation

Page 2: The OWASP Foundation Secure Password Storage Verify Only Add Salt Slow Down (or) HMAC/Isolation

The OWASP Foundationhttp://www.owasp.org

Page 3: The OWASP Foundation Secure Password Storage Verify Only Add Salt Slow Down (or) HMAC/Isolation

The OWASP Foundationhttp://www.owasp.org

md5("password123!") = b7e283a09511d95d6eac86e39e7942c0

md5("86e39e7942c0password123!") = f3acf5189414860a9041a5e9ec1079ab

http://www.md5decrypter.co.uk

Page 4: The OWASP Foundation Secure Password Storage Verify Only Add Salt Slow Down (or) HMAC/Isolation

The OWASP Foundationhttp://www.owasp.org

1) Do not limit the type of characters or length of user password within reason

• Limiting passwords to protect against injection is doomed to failure

• Use proper encoder and other defenses described instead

• Be wary of systems that allow unlimited password sizes (Django DOS Sept 2013)

Page 5: The OWASP Foundation Secure Password Storage Verify Only Add Salt Slow Down (or) HMAC/Isolation

The OWASP Foundationhttp://www.owasp.org

2) Use a cryptographically strong credential-specific salt

• protect( [salt + password] );

• Use a 32char or 64char salt (actual size dependent on protection function);

• Do not depend on hiding, splitting, or otherwise obscuring the salt

 

Page 6: The OWASP Foundation Secure Password Storage Verify Only Add Salt Slow Down (or) HMAC/Isolation

The OWASP Foundationhttp://www.owasp.org

3a) Impose difficult verification on [only] the attacker • HMAC-SHA-256 ( private key, [salt + password] )

• Protect this key as any private key using best practices

• Store the key outside the credential store

• Build the password-to-HMAC conversion as a separate web-service (cryptographic isolation).

Page 7: The OWASP Foundation Secure Password Storage Verify Only Add Salt Slow Down (or) HMAC/Isolation

The OWASP Foundationhttp://www.owasp.org

3b) Impose difficult verification on the attacker and defender (weak/slow) • PBKDF2( [salt + password], c=10,000,000 );

• Use PBKDF2 when FIPS certification or enterprise support on many platforms is required

• SCRYPT([salt + password], work factor 10, .5 GB ram)

• Use SCRYPT where resisting any/all hardware accelerated attacks is necessary but enterprise support and scale is not

Page 8: The OWASP Foundation Secure Password Storage Verify Only Add Salt Slow Down (or) HMAC/Isolation

The OWASP Foundationhttp://www.owasp.org

Password1!

Page 9: The OWASP Foundation Secure Password Storage Verify Only Add Salt Slow Down (or) HMAC/Isolation

The OWASP Foundationhttp://www.owasp.org

Google, Facebook, PayPal, Apple, AWS, Dropbox, Twitter

Blizzard's, Valve's Steam, Yahoo, Chase, RBS Bank

Page 10: The OWASP Foundation Secure Password Storage Verify Only Add Salt Slow Down (or) HMAC/Isolation

The OWASP Foundationhttp://www.owasp.org

Forgot Password Secure Design

Require identity questions Last name, account number, email, DOB Enforce lockout policy

Ask one or more good security questions

https://www.owasp.org/index.php/Choosing_and_Using_Security_Questions_Cheat_Sheet

Send the user a randomly generated token via out-of-band email, SMS or token

Verify code in same web session Enforce lockout policy

Change password Enforce password policy


OWASP Day - OWASP Day - Lets secure!

OWASP Day - OWASP Day - Lets secure!

Internet
New Proofs for NMAC and HMAC Security without …cseweb.ucsd.edu/~mihir/papers/hmac-new.pdfNew Proofs for NMAC and HMAC: Security without Collision-Resistance Mihir Bellare ⁄ June

New Proofs for NMAC and HMAC Security without …cseweb.ucsd.edu/~mihir/papers/hmac-new.pdfNew Proofs for NMAC and HMAC: Security without Collision-Resistance Mihir Bellare ⁄ June

Documents
COM 5336 Cryptography Lecture 9 Hash, MAC, HMAC

COM 5336 Cryptography Lecture 9 Hash, MAC, HMAC

Documents
Owasp Mosc2010 - Tour of Owasp Projects

Owasp Mosc2010 - Tour of Owasp Projects

Documents
OWASP Top 10 Schulung › ... › 2018 › OWASP_Top_10_Homepage.pdfEntwicklung der OWASP Top 10 OWASP Top Ten - 2010 OWASP Top Ten - 2013 OWASP Top Ten –2017 A1 –Injection Flaws

OWASP Top 10 Schulung › ... › 2018 › OWASP_Top_10_Homepage.pdfEntwicklung der OWASP Top 10 OWASP Top Ten - 2010 OWASP Top Ten - 2013 OWASP Top Ten –2017 A1 –Injection Flaws

Documents
OWASP @ ISCTE-IUL, OWASP e OWASP Portugal

OWASP @ ISCTE-IUL, OWASP e OWASP Portugal

Documents
Review OWASP 2014 - OWASP Perú

Review OWASP 2014 - OWASP Perú

Software
SHA and HMAC

SHA and HMAC

Documents
Verified Correctness and Security of mbedTLS HMAC …appel/papers/verified-hmac-drbg.pdf · Verified Correctness and Security of mbedTLS HMAC ... that its output is pseudorandom—using

Verified Correctness and Security of mbedTLS HMAC …appel/papers/verified-hmac-drbg.pdf · Verified Correctness and Security of mbedTLS HMAC ... that its output is pseudorandom—using

Documents
Distribution of public keys and hmac

Distribution of public keys and hmac

Engineering
Verified Correctness and Security of mbedTLS HMAC-DRBG

Verified Correctness and Security of mbedTLS HMAC-DRBG

Documents
W74M Authentication Flash - Winbond · 2018-05-25 · Flash Counters that are HMAC-signed by individual secret keys. System utilizing each Monotonic Flash Counter can not only verify

W74M Authentication Flash - Winbond · 2018-05-25 · Flash Counters that are HMAC-signed by individual secret keys. System utilizing each Monotonic Flash Counter can not only verify

Documents
Differential Power Analysis of HMAC based on SHA-2, and ...SHA-2 family [16]. We use the term “HMAC-SHA-256” to denote the HMAC algorithm that uses SHA-256 to instantiate h. 2.2

Differential Power Analysis of HMAC based on SHA-2, and ...SHA-2 family [16]. We use the term “HMAC-SHA-256” to denote the HMAC algorithm that uses SHA-256 to instantiate h. 2.2

Documents
Using MachXO3D ESB to Implement HMAC SHA256

Using MachXO3D ESB to Implement HMAC SHA256

Documents
OWASP – Top 10 · • OWASP Code Review Guide • OWASP Testing Guide • OWASP Top Ten Project . OWASP – TOP 10 • OWASP Top 10 Web Application Security Risks for 2010 are:

OWASP – Top 10 · • OWASP Code Review Guide • OWASP Testing Guide • OWASP Top Ten Project . OWASP – TOP 10 • OWASP Top 10 Web Application Security Risks for 2010 are:

Documents
Message Authentication Code & HMAC

Message Authentication Code & HMAC

Education
OWASP Testing Guide - OWASP Summit 2011

OWASP Testing Guide - OWASP Summit 2011

Documents
Django HMAC Documentation - Read the Docs

Django HMAC Documentation - Read the Docs

Documents
Message Authentication Using Proxy Vehicles in Vehicular ... · Hash Message Authentication Code (HMAC) to verify the in-tegrity of messages, which helps to cut down the transmission

Message Authentication Using Proxy Vehicles in Vehicular ... · Hash Message Authentication Code (HMAC) to verify the in-tegrity of messages, which helps to cut down the transmission

Documents
New Privacy in Android 11 and OWASP Mobile Security · 2020. 8. 21. · OWASP Flagship Projects Tool Projects OWASP Amass OWASP CSRFGuard OWASP Defectdojo OWASP Dependency-Check OWASP

New Privacy in Android 11 and OWASP Mobile Security · 2020. 8. 21. · OWASP Flagship Projects Tool Projects OWASP Amass OWASP CSRFGuard OWASP Defectdojo OWASP Dependency-Check OWASP

Documents
IPsec and Quality of Service - Cisco · crypto ipsec transform-set combo ah-sha-hmac esp-aes esp-sha-hmac crypto ipsec transform-set client esp-aes esp-sha-hmac comp-lzs! crypto dynamic-map

IPsec and Quality of Service - Cisco · crypto ipsec transform-set combo ah-sha-hmac esp-aes esp-sha-hmac crypto ipsec transform-set client esp-aes esp-sha-hmac comp-lzs! crypto dynamic-map

Documents
OWASP The OWASP Foundation

OWASP The OWASP Foundation

Documents
Symmetric encryption, DES, AES, MAC, Hash algorithms, HMAC

Symmetric encryption, DES, AES, MAC, Hash algorithms, HMAC

Documents
Graphical Password authentication using Hmac

Graphical Password authentication using Hmac

Technology
Balanced HMAC Designs - dot.state.tx.us

Balanced HMAC Designs - dot.state.tx.us

Documents
The OWASP Foundation OWASP Top 10 2010 Kuai Hinojosa Software Security Consultant at Cigital OWASP Global Education Committee OWASP

The OWASP Foundation OWASP Top 10 2010 Kuai Hinojosa Software Security Consultant at Cigital OWASP Global Education Committee OWASP

Documents
OWASP Joomla! Vulnerability Scanner - OWASP-MY

OWASP Joomla! Vulnerability Scanner - OWASP-MY

Documents
IPv6 Ready Logo · • Support Authentication Algorithm HMAC- SHA-256 in RFC 4868 (Using HMAC-SHA -256, HMAC-SHA-384, and HMAC- SHA-512 with IPsec) (Section 5.2.8, and 6.2.8) •

IPv6 Ready Logo · • Support Authentication Algorithm HMAC- SHA-256 in RFC 4868 (Using HMAC-SHA -256, HMAC-SHA-384, and HMAC- SHA-512 with IPsec) (Section 5.2.8, and 6.2.8) •

Documents
EIGRP/SAF HMAC-SHA-256 Authentication

EIGRP/SAF HMAC-SHA-256 Authentication

Documents
OWASP Day IV•180 blog monitorati OWASP-Italy Day IV – 6th, Nov 09 OWASP 11 OWASP Top Ten

OWASP Day IV•180 blog monitorati OWASP-Italy Day IV – 6th, Nov 09 OWASP 11 OWASP Top Ten

Documents