Smalltalk › Pharo › Pharo Smalltalk Developers

[Pharo-dev] Recommendation for password encryption?

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

23 messages Options

Mariano Martinez Peck

Re: [Pharo-dev] Recommendation for password encryption?

Ahh another question, sorry. With this cipher a "salt" would make almost no sense since I already need a key?

or it make sense to put a "salt" together with the string to ecnrypt?

Thanks

On Mon, Jul 15, 2013 at 5:39 PM, Mariano Martinez Peck <[hidden email]> wrote:

Blowfish is a 8 byte block cipher so for shorter strings I'll need to pad
the byte array, and for longer strings I'll need to make it use cipher block
chaining:
(https://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29)

Ok, I imagined something like that. Thanks for the explanation.
For my usecase, I think this is not the more critical thing since I would use a 8 character password for sure :)

If you change #decryptString:with: to:

Blowfish class>>decryptString: aString with: aKey
|decryptedData |
decryptedData := (self new ecbDecrypt: aString asByteArray with: aKey
asByteArray ).
^String fromByteArray: decryptedData asByteArray .

Then this workspace code should work:

| enc encryptedString dkey decrString |
key:='mySecretKey'.
enc:=Blowfish encryptString:'12345678' with: key.

encryptedString := enc asByteArray asString.
Transcript show: ' encrypted: ', encryptedString; cr.

decrString:=Blowfish decryptString: encryptedString with: key.

Transcript show: ' decrypted: ', decrString; cr.

Thanks!! That worked. Now...there is no problem with the encoding then?
Because I would need to store/retrieve the string from a file stream...so I didn't know if I should use a TextConverter or not.

Thanks in advance,

But with the password 'test' it will always fail because I'm not yet padding
the byte array to a multiple of 8 bytes before encrypting it.

Thanks for your patience

Paul

--
View this message in context: http://forum.world.st/Pharo-dev-Recommendation-for-password-encryption-tp4698499p4698789.html

Sent from the Pharo Smalltalk Developers mailing list archive at Nabble.com.

--
Mariano
http://marianopeck.wordpress.com

--
Mariano
http://marianopeck.wordpress.com

NorbertHartl

Re: [Pharo-dev] Recommendation for password encryption?

Am 15.07.2013 um 22:42 schrieb Mariano Martinez Peck <[hidden email]>:

Ahh another question, sorry. With this cipher a "salt" would make almost no sense since I already need a key?
or it make sense to put a "salt" together with the string to ecnrypt?

That is up to you. That is what I was trying to explain to you. You always need a key/secret to encrypt. A salt is just a little more of information that diverses that outcoming value of a hash. A hash is a one way calculation from an input string to an output string in a uniform way. Meaning the same input with same algorithm is always the same output. One way to test a cryptographic string is using rainbow tables. These are big tables consisting of the outcome of hash calculations (fast compare vs. slow calculate). By adding a salt you make it harder to have these tables because you still need to calculate or need to expand the tables of results. But as a salt is an input to the hashing function it only works if the salt is included in the input _and_ the output. Meaning you need to add the salt to the output. In the unix passwd file for instance the first two character of the password hash is the salt. You take it from encrypted string and encrypt the password with the salt to get the output you can compare with the encrypted string (the string with salt stripped off). So in any algorithm you can add a salt and prefix the output with the same salt. The difference between algorithms is how expensive they are to calculate. The best algorithm takes an awful time to compute. In this case if you send the right password it takes an acceptable amount of time to verify (one calculation) but if someone tries to brute force your password it will take way too long to make it feasible to try.

To encrypt something between two parties some information needs to be shared. If the algorithm use is shared you need to tranfer the password in cleartext to the second instance and the second instance can encrypt it the same way and compare. Sharing a secret between the parties you can transfer the encrypted string because the other part can decrypt the string and can compare the password (but you have to transfer the secret somehow).

In an asymmetric environment where there is a key pair where everything one key encrypts the other key can decrypt you just can share the other key to the second instance and you are able to transfer an encrypted string.

So whatever you do you need to decide what approach to use and what information is best to share. If you look on SSL you have everything in combination. First there is an asymmetric key exchange (expensive) that is used to exchange a shared secret. After the negotiation the network will be encrypted using the shared secret which is much less expensive saving CPU cycles.

Norbert

On Mon, Jul 15, 2013 at 5:39 PM, Mariano Martinez Peck <[hidden email]> wrote:

Blowfish is a 8 byte block cipher so for shorter strings I'll need to pad
the byte array, and for longer strings I'll need to make it use cipher block
chaining:
(https://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29)

Ok, I imagined something like that. Thanks for the explanation.
For my usecase, I think this is not the more critical thing since I would use a 8 character password for sure :)

If you change #decryptString:with: to:

Blowfish class>>decryptString: aString with: aKey
|decryptedData |
decryptedData := (self new ecbDecrypt: aString asByteArray with: aKey
asByteArray ).
^String fromByteArray: decryptedData asByteArray .

Then this workspace code should work:

| enc encryptedString dkey decrString |
key:='mySecretKey'.
enc:=Blowfish encryptString:'12345678' with: key.

encryptedString := enc asByteArray asString.
Transcript show: ' encrypted: ', encryptedString; cr.

decrString:=Blowfish decryptString: encryptedString with: key.

Transcript show: ' decrypted: ', decrString; cr.

Thanks!! That worked. Now...there is no problem with the encoding then?
Because I would need to store/retrieve the string from a file stream...so I didn't know if I should use a TextConverter or not.

Thanks in advance,

But with the password 'test' it will always fail because I'm not yet padding
the byte array to a multiple of 8 bytes before encrypting it.

Thanks for your patience

Paul

--
View this message in context: http://forum.world.st/Pharo-dev-Recommendation-for-password-encryption-tp4698499p4698789.html

Sent from the Pharo Smalltalk Developers mailing list archive at Nabble.com.

--
Mariano
http://marianopeck.wordpress.com

--
Mariano
http://marianopeck.wordpress.com

Henrik Sperre Johansen

Re: [Pharo-dev] Recommendation for password encryption?

In reply to this post by Mariano Martinez Peck

On Jul 15, 2013, at 10:42 , Mariano Martinez Peck wrote:

> Ahh another question, sorry. With this cipher a "salt" would make almost no sense since I already need a key?
> or it make sense to put a "salt" together with the string to ecnrypt?
>
> Thanks

No. Salts (and one-way hashed passwords) only make sense when you're the one authenticating login credentials, not when you're the one tasked with providing said credentials.

There is *no* good way of securely "remembering" passwords for a client, other than (as Norbert said) restricting access to the place the password is stored using permissions.
As such, you could just as well store the password in-image, and keep it in a restricted location/run as separate user with access to that location.

Keeping a blowfish key in a separate file, used to decrypt some in-image value to get the actual password, only buys you safety against
1. Someone gaining access to the image, but not the file
2. Reading cleartext passwords from the process memory directly.

For 1), it should be obvious that it is mostly a moot point, if you place the image in a similarly restricted location anyways.
For 2), I *think*, no modern OS lets you read another users process' memory (on purpose *) unless they have root access/logged in as same user, in which case, well, you're already screwed.
Sure, there might be exploitable bugs that lets an attacker read memory of other processes, but such usually have a high fix-priority.
It also means, in order to never end up keeping the plaintext password in memory for prolonged durations (and vulnerable to being read), you have to re-read the file every time you provide the password, so the image must be run as a user with access to the files location anyways.

A usable alternative exists if you already use client-side credentials for your app, provided manually when a user signs in.
Then, in addition to salt + hashed password value for your users, you can store the db-passwords encrypted with a symmetric cipher (like blowfish) using the users password as key.
At login time, after authenticating, you then also decrypt the db-passwords, and keep them available while the application runs.
This of course, is still vulnerable to potential memory dumps, but you never store the passwords in an easily reversible form if an attacker ever gains access to the files.

If introduced to an existing application , it also means you'd have to keep the db-passwords around in plantext for awhile, to create encrypted values for users on first login (if non-existing), after that passwords should already be available in memory for calculation of new encrypted values when changing passwords/ adding new users. (due to those being allowed to do so, being logged in already)

If it's a non-deployed app, the encrypted value for some super-user can be calculated before deployment, and the data required to decrypt the db-passwords never kept on disk in production.

Cheers,
Henry