Advertisement:

Author Topic: [MOD] [PENDING] Password security  (Read 24962 times)

Offline Sorunome

  • Semi-Newbie
  • *
  • Posts: 30
    • Sorunome on GitHub
Re: [MOD] [PENDING] Password security
« Reply #40 on: January 27, 2017, 11:14:46 AM »
[...]
Those are some very minor issues, did you want to resubmit a fix to the mod site?

If not I will go ahead and close the topic and if you wish to continue the process at a later time, just shoot me a PM and I'll go ahead and reopen the topic.
I went ahead, fixed them and re-submitted. However, I wanted to split it up into two mods as one part only fixes compaiblity with tapatalk, thus giving them different IDs. However the mod-side doesn't allow me to upload two archives with different mod IDs, any idea on how to fix this?

[...]


Ooo so you are still around :D. Good to see. Great work btw, thanks for taking the time out to create this mod.
I am very sure it will be useful to me and many others.
So what needs doing exactly? Are the changes you proposed that need doing on Github?

If you need any help give me a shout!
I already went ahead and fixed that stuff now, thanks. Also, those email notifications, heehee, 11 emails on this over night xD

[...]
Because there is no copyright and the mod doesn't seem to be around its stale now I guess?
[...]
I guess you mean licence? There is: https://github.com/Sorunome/SMF-bcrypt/blob/master/install.bbc#L13-L15
Quote
This mod is to be distributet using GPLv3 or later. (see https://www.gnu.org/licenses/)
The JavaScript RSA library is by "travist" and can be found here: https://github.com/travist/jsencrypt (MIT licence)

Offline Linkjay

  • Jr. Member
  • **
  • Posts: 205
  • Gender: Male
  • eh
    • My Homepage.
Re: [MOD] [PENDING] Password security
« Reply #41 on: January 27, 2017, 12:37:41 PM »
licence

You spelled license wrong here and on the GitHub. If I had a dollar for every misspelling of license...
I play games in my free time and volunteer my knowledge and support to the gaming communities of the internet.

You can contact me by these methods:
Use my Contact Script • PM me here • Add me on Steam

Offline Sorunome

  • Semi-Newbie
  • *
  • Posts: 30
    • Sorunome on GitHub
Re: [MOD] [PENDING] Password security
« Reply #42 on: January 27, 2017, 12:42:06 PM »
licence

You spelled license wrong here and on the GitHub. If I had a dollar for every misspelling of license...
Thank you, fixed it!

Offline oOo--STAR--oOo

  • Full Member
  • ***
  • Posts: 649
  • Perfectionist
    • Developing Uniquez
Re: [MOD] [PENDING] Password security
« Reply #43 on: January 27, 2017, 01:12:37 PM »
[...]
Because there is no copyright and the mod doesn't seem to be around its stale now I guess?
[...]
I guess you mean licence? There is: https://github.com/Sorunome/SMF-bcrypt/blob/master/install.bbc#L13-L15
Quote
This mod is to be distributet using GPLv3 or later. (see https://www.gnu.org/licenses/)
The JavaScript RSA library is by "travist" and can be found here: https://github.com/travist/jsencrypt (MIT licence)

Ahh, I just didn't see a typical license file within github. Cheers for updating it and yeah 11 emails, some of the posts are junk sorry about that.
You can't fool a sufficiently talented fool.

http://www.uniquez-home.com
In Design Phase!

Mods I am designing,  No refresh Collapse Categories , Poll Redesign , Pure CSS Breadcrumb , Profile Statuses, Profile Views.

Offline nend

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 1,754
  • 2 deep n2 the code
    • sicommnend on GitHub
    • SIComm.us
Re: [MOD] [PENDING] Password security
« Reply #44 on: January 30, 2017, 07:56:11 PM »
Hi Sorunome,

We have ran into a problem with your modification.

The modification must uninstall cleanly. This means that anyone that uses the modification on a 2.0.x forum should be able to uninstall it without causing any errors. If a modification can't be uninstall cleanly then it can't be approved.

Reference Link
http://wiki.simplemachines.org/smf/Customization_approval_guidelines#Installation_.2F_Uninstallation

We do have some recommendations like using another table for storing the original and new data. However I feel this may be counterproductive even with encryption.

While we can suggest a few things to overcome this hurdle it is your decision on how you want to proceed.

Regards,  ;)

Offline Linkjay

  • Jr. Member
  • **
  • Posts: 205
  • Gender: Male
  • eh
    • My Homepage.
Re: [MOD] [PENDING] Password security
« Reply #45 on: January 31, 2017, 01:38:10 AM »
Hi Sorunome,

We have ran into a problem with your modification.

The modification must uninstall cleanly. This means that anyone that uses the modification on a 2.0.x forum should be able to uninstall it without causing any errors. If a modification can't be uninstall cleanly then it can't be approved.

Reference Link
http://wiki.simplemachines.org/smf/Customization_approval_guidelines#Installation_.2F_Uninstallation

We do have some recommendations like using another table for storing the original and new data. However I feel this may be counterproductive even with encryption.

While we can suggest a few things to overcome this hurdle it is your decision on how you want to proceed.

Regards,  ;)

Dang I didn't even think about that lol. If the mod has to store original passwords then the mod is basically useless. I can't wait to see if/how this gets worked around.
I play games in my free time and volunteer my knowledge and support to the gaming communities of the internet.

You can contact me by these methods:
Use my Contact Script • PM me here • Add me on Steam

Offline Sorunome

  • Semi-Newbie
  • *
  • Posts: 30
    • Sorunome on GitHub
Re: [MOD] [PENDING] Password security
« Reply #46 on: January 31, 2017, 09:22:18 AM »
Hi Sorunome,

We have ran into a problem with your modification.

The modification must uninstall cleanly. This means that anyone that uses the modification on a 2.0.x forum should be able to uninstall it without causing any errors. If a modification can't be uninstall cleanly then it can't be approved.

Reference Link
http://wiki.simplemachines.org/smf/Customization_approval_guidelines#Installation_.2F_Uninstallation

We do have some recommendations like using another table for storing the original and new data. However I feel this may be counterproductive even with encryption.

While we can suggest a few things to overcome this hurdle it is your decision on how you want to proceed.

Regards,  ;)
What about during uninstalling i prompt a window for the admin who un-installs to set their password? Because creating a backup of the old hashes kinda defeats the purpose...

Offline nend

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 1,754
  • 2 deep n2 the code
    • sicommnend on GitHub
    • SIComm.us
Re: [MOD] [PENDING] Password security
« Reply #47 on: January 31, 2017, 12:37:32 PM »
A few ideas,

  • You can require a new password be set for every user after modification installation. By storing this data in a new column in the database you can leave the SMF user tables unchanged.
  • I am thinking that even though they wouldn't be able to log in after the uninstallation, they can however reset their passwords via email. This isn't returning the system untouched, but shouldn't cause too much problems. I believe we may be able to do it that way, but you must make it apparent that users will have to reset their passwords once uninstalled.

Considering the point in the first post, this is going out of the realm of the modification, but I wouldn't go this route if I was the attacker.

IMHO if the database ever did become compromised, this method isn't going to protect sensitive data. If I was the attacker I would simply create a new admin account in the database or use a compromised one to upload a package. I then remove the package, remove the admin account if created and remove any traces that I was even there.

Later on when a user logs in, the new code would intercept the login and retrieve the sensitive data as it would have also modified the code to make this data visible. This way I don't have to worry about figuring out hashes, I'll simply let the users give me the credentials.

So in reply to the first post, would this modification have helped? IMHO, no. Don't get me wrong it does add another layer of security, which is good, but in the given scenario it wouldn't have helped.

I hope you take that as constructive criticism as I am being a little blunt here and calling it as I see it.

Offline Sorunome

  • Semi-Newbie
  • *
  • Posts: 30
    • Sorunome on GitHub
Re: [MOD] [PENDING] Password security
« Reply #48 on: February 02, 2017, 08:13:09 AM »
[...]
You can require a new password be set for every user after modification installation. By storing this data in a new column in the database you can leave the SMF user tables unchanged.
[...]
This would mean leaving the old hashes present which defeats the entire purpose of htis mod
Quote
I am thinking that even though they wouldn't be able to log in after the uninstallation, they can however reset their passwords via email. This isn't returning the system untouched, but shouldn't cause too much problems. I believe we may be able to do it that way, but you must make it apparent that users will have to reset their passwords once uninstalled.
i haven't thought about this one yet, so I guess, since i don't break password recovery, that should work, meaning this mod actually does un-install.



I'm not going to argue about the rest of your post as I don't really want to cause a little war again.

Offline Illori

  • Project Manager
  • SMF Master
  • *
  • Posts: 46,602
Re: [MOD] [PENDING] Password security
« Reply #49 on: February 02, 2017, 08:41:35 AM »
if a user were to ever uninstall this mod, how can they get back into the system with all the passwords not being hashed to match what SMF uses by default? they should not really need to do a password reset to get back in or modify the database.

Offline Sorunome

  • Semi-Newbie
  • *
  • Posts: 30
    • Sorunome on GitHub
Re: [MOD] [PENDING] Password security
« Reply #50 on: February 02, 2017, 09:08:45 AM »
if a user were to ever uninstall this mod, how can they get back into the system with all the passwords not being hashed to match what SMF uses by default?
Any other way revolves around still storing the sha1 hashes somehow which defeats the entire purpose of this mod
Quote
they should not really need to do a password reset to get back in or modify the database.
It does uninstall, though, and users are still able to use their forum.


Perhaps it is impossible for this mod to get published here as actual security-fixes might not uninstall clean, due to changing e.g. the hash method, as used here.

Offline oOo--STAR--oOo

  • Full Member
  • ***
  • Posts: 649
  • Perfectionist
    • Developing Uniquez
Re: [MOD] [PENDING] Password security
« Reply #51 on: February 03, 2017, 01:38:13 PM »
A few ideas,

  • You can require a new password be set for every user after modification installation. By storing this data in a new column in the database you can leave the SMF user tables unchanged.
  • I am thinking that even though they wouldn't be able to log in after the uninstallation, they can however reset their passwords via email. This isn't returning the system untouched, but shouldn't cause too much problems. I believe we may be able to do it that way, but you must make it apparent that users will have to reset their passwords once uninstalled.

Considering the point in the first post, this is going out of the realm of the modification, but I wouldn't go this route if I was the attacker.

IMHO if the database ever did become compromised, this method isn't going to protect sensitive data. If I was the attacker I would simply create a new admin account in the database or use a compromised one to upload a package. I then remove the package, remove the admin account if created and remove any traces that I was even there.

Later on when a user logs in, the new code would intercept the login and retrieve the sensitive data as it would have also modified the code to make this data visible. This way I don't have to worry about figuring out hashes, I'll simply let the users give me the credentials.

So in reply to the first post, would this modification have helped? IMHO, no. Don't get me wrong it does add another layer of security, which is good, but in the given scenario it wouldn't have helped.

I hope you take that as constructive criticism as I am being a little blunt here and calling it as I see it.

Perfect criticism because you posted facts on how you would circumvent it. Critique!
I consider it an upgrade.

It doesn't matter really if it doesn't get approved, people who search for it will find this topic.
For someone setting up a new forum, its no problem to them.
Thanks for your hard work mate its appreciated!
You can't fool a sufficiently talented fool.

http://www.uniquez-home.com
In Design Phase!

Mods I am designing,  No refresh Collapse Categories , Poll Redesign , Pure CSS Breadcrumb , Profile Statuses, Profile Views.

Offline Sorunome

  • Semi-Newbie
  • *
  • Posts: 30
    • Sorunome on GitHub
Re: [MOD] [PENDING] Password security
« Reply #52 on: February 24, 2017, 06:47:00 AM »
I am going to dig this up again, i planned on not starting this discussion again, but things have clearly crossed the line.

Why would it be very useful?   It's not like sha1 is insecure...
SHA-1 is extremely insecure. And by now there is definite proof for this.
It is possible by now to easily generate different PDF files with the same sha-1 hash. https://shattered.it/
If that is possible with long documents, just think about how much quicker it is to create hash collisions with tiny passwords. You might as well be storing your passwords in clear text, i mean, what even could go wrong there?!
More sources:
https://hackaday.com/2017/02/23/shattered-sha-1-is-broken/
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html


According to hackaday even "SHA-1 is a 160bit standard cryptographic hash function that is used for digital signatures and file integrity verification [...]" It mentions nothing about password hashing for a good reason




[...]
If the issue was THAT critical, we would have forced the change into 2.0.x, since we take smf security very seriously.
So you better go change it.

If you have a time, just go ahead and re-read this topic and then think again about how seriously you actually take SMF security.
« Last Edit: February 24, 2017, 07:11:15 AM by Sorunome »

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 66,997
    • Arantor on GitHub
Re: [MOD] [PENDING] Password security
« Reply #53 on: February 24, 2017, 09:46:15 AM »
It took $183,000 worth of computing time to do this, and the net result is 150 bits of difference across a 425KB file while still maintaining a collision.

You honestly think this is still a risk in that you'd still have to try however many quintillions of permutations to crack a password, and it would still be a single individual password.

The reality is that a single proof of concept doesn't immediately make the entire security vulnerable. A single proof of collision in 6,610 years worth of processor time, and this is somehow an issue? This suddenly undermines everything? Does it? No, it doesn't.

What is far more a risk, and a very real problem, is password reuse where other sites that are already compromised with much weaker encryption could conceivably find a match that way.

And this assumes, of course, that an attacker already had your entire database anyway to even have a hash to compare to.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

Offline Sorunome

  • Semi-Newbie
  • *
  • Posts: 30
    • Sorunome on GitHub
Re: [MOD] [PENDING] Password security
« Reply #54 on: February 24, 2017, 09:51:00 AM »
[...]
What is far more a risk, and a very real problem, is password reuse where other sites that are already compromised with much weaker encryption could conceivably find a match that way.
[...]
And sha1 is exactly one of those weaker hashing methods.

Would you ever use md5 for hashing passwords? No. Why not? It is well-known that md5 sucks for passwords. The truth is, that sha1 sucks just as much for passwords, the only difference being that md5 being bad for passwords is a meme by now.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 66,997
    • Arantor on GitHub
Re: [MOD] [PENDING] Password security
« Reply #55 on: February 24, 2017, 10:19:15 AM »
No, it's not, that's the point.

Md5 has 128 bits but only 40 bits of space that can realistically be used for such matters.
SHA1 doesn't seem to have had its keyspace reduced in any meaningful way. It hasn't suddenly become less secure overnight. If it takes 6,610 years of computing time to produce one collision, where exactly is the problem?

The real risk is, and always has been, rainbow tables. Which this latest development does nothing to address, because it doesn't change the effectiveness of rainbow tables which for forums are the real problem. This change doesn't suddenly make it easier to make rainbow tables, nor does it make it quicker to find collisions in them.

And since SMF has always salted the hashes at a per user level, the argument is even more disingenuous for arguing the value of hashing.

Would I ever use md5? Back in the day before people realised how insecure it was, everyone used variants of md5. We now know better.

SHA-1 does not "suck as much as md5" for passwords, mathematically provably so. md5 can collide as frequently as every 2^40 hashes (approx every 1,099,000,000,000 hashes) owing to its weaknesses while SHA-1 still collides every 2^160 hashes (1.46E+48 hashes, so, 1 with 48 zeroes after it) as we haven't seen any proof yet that the keyspace has been reduced, but don't let facts get in the way.

By definition there are going to be collisions in hash functions because there is an infinite number of possible inputs and only a fixed size of output so you are guaranteed to get collisions. Just as you are in any hashing function. By that logic, bcrypt is also insecure. Oh snap! Or, of course, you can realise that just because there is a proof of concept proving that's it's easier to collide an SHA-1 than previously thought, that doesn't automatically mean that it applies in every case or that every possible use of SHA-1 is somehow contaminated.

On to your other question... Should SMF move? SMF 2.1 already has. Would it not be a better use of everyone's time and energy to get 2.1 out the door rather than backporting things out of it? Then everyone wins.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

Offline Sorunome

  • Semi-Newbie
  • *
  • Posts: 30
    • Sorunome on GitHub
Re: [MOD] [PENDING] Password security
« Reply #56 on: February 24, 2017, 10:25:03 AM »
Also, as to how much processing power it takes to generate hash collisions, if we are at the point where a personal computer can generate them it is already to late, you have to act sooner than that.

On top of that, botnets already exist with clearly enough computing power, so in a way, it is already kinda too late.

EDIT: so waiting until SMF2.1 is out isn't an option, as it is already too late, and even when SMF2.1 comes out, that's a major version switch, i can clearly see many forums sticking to 2.0 until the bitter end. Thus a patch for 2.0 is the only way to help such people, and the SMF team still supports 2.0 which is, well, insecure.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 66,997
    • Arantor on GitHub
Re: [MOD] [PENDING] Password security
« Reply #57 on: February 24, 2017, 10:32:35 AM »
We are not at the point where a personal computer can generate them!

And I guarantee you these botnets aren't colliding the way you think they are. Besides you need a hash to compare to... so if you haven't had your DB leaked, what exactly is the risk again?

As for the 2.1 argument, this is why 2.1 is already nearly 6 years old and not even out of beta.

Do you also argue that SMF 1.0 (uses md5 if I remember rightly) and SMF 1.1 (SHA-1) should get patched too?
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

Offline Sorunome

  • Semi-Newbie
  • *
  • Posts: 30
    • Sorunome on GitHub
Re: [MOD] [PENDING] Password security
« Reply #58 on: February 24, 2017, 10:36:19 AM »
We are not at the point where a personal computer can generate them!
That is my point, so it is not too late yet. If were were at the point it was already too late, and you have to act before it is too late!
Quote
And I guarantee you these botnets aren't colliding the way you think they are. Besides you need a hash to compare to... so if you haven't had your DB leaked, what exactly is the risk again?
Again, exactly what you said, SMF 2.0 sites are a target vector for dumping the DB to getting to re-used passwords so that people can use them on other sites
Quote
As for the 2.1 argument, this is why 2.1 is already nearly 6 years old and not even out of beta.

Do you also argue that SMF 1.0 (uses md5 if I remember rightly) and SMF 1.1 (SHA-1) should get patched too?
SMF 1.0 isn't supported anymore, so there is no need to patch that. If SMF1.1 is still supported, then yes, it should be patched. It is not hard to change the hashing method, as this mod here actually proves, so we are literetally spending more energy on arguing over it right now than actually getting the job done.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 66,997
    • Arantor on GitHub
Re: [MOD] [PENDING] Password security
« Reply #59 on: February 24, 2017, 10:39:45 AM »
So the risk is that you have to have your DB leaked so that people can break into your site?

If they already have your DB, job done?

And if people didn't reuse passwords (or better, password managers), that's not an issue either.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.