Honeywords (oh, and Snapchat’s encryption was cracked too, plus Marlinspike on Saudis)

Rivest makes another few headlines: a proposal by Juels & Rivest to add “honeywords” to the security toolbag has been making the rounds. The idea is to add more hash-encrypted passwords to your password file.

Instead of storing one (real) hashed password for each legitimate user, you store ten passwords… any of which will work, but only one of which is the user’s actual password.

The big reveal comes in some back-end checking the server does. Every time someone logs in, it informs a “secure” server about the login… including which password was used. If the person logging in used one of the “bait” passwords, alarm bells ring.

Neat aspects to the design: going to considerable effort to make the system leak no information to the adversary about which password is in use.

Not so neat: the adversary will realize “honeywords” are in use as soon as they grab the password file, and then go looking for the “secure” server they have to hack in order to avoid setting off the alarm. Also, the system is complex — it requires low-level modifications and added infrastructure that most people won’t want to deal with.

Snapchat / mobile: Turns out the software’s encryption has been cracked, in multiple ways. (http://kivikakk.ee/2013/05/10/snapchat.html) Not only did a clever engineer come up with a simple MITM, but they discovered the thing is running its encryption in ECB mode… yes, an image sending program using ECB mode for encryption. Why is this bad? Check out the Tux pic: http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29

Don’t get the wrong idea, though, none of these programs are any good: http://thoughtcrime.org/blog/saudi-surveillance/

http://people.csail.mit.edu/rivest/honeywords/

” We suggest a simple method for improving the security of hashed passwords: the maintenance of additional honeywords (false passwords) associated with each user’s account. An adversary who steals a file of hashed passwords and inverts the hash function cannot tell if he has found the password or a honeyword. The attempted use of a honeyword for login sets off an alarm. An auxiliary server (the honeychecker) can distinguish the user password from honeywords for the login routine, and will set off an alarm if a honeyword is submitted. “

Advertisements
%d bloggers like this: