PresentationPDF Available

Rock Salt: A Method for Securely Storing and Utilizing Password Validation Data

Authors:

Abstract

Rock Salt™ is a method for storing and accessing password verification data on multi-user computer systems that resists remote attacks. Along with commonly-employed measures that limit the number of unsuccessful attempts to login or otherwise verify a password, it allows users to choose relatively simple passwords with full security. The secret component cannot be easily leaked or exfiltrated by malware, does not require periodic backup and is isolated in a way that allows it to be protected by conventional security measures, such as safes, alarm systems and video surveillance, from attackers who somehow gain access to the computing facility.
Rock Salt: A Method for Securely Storing
and Utilizing Password Validation Data
Arnold Reinhold
BSides LV/Password 2016
August 2, 2016
Diceware.com
My efforts to improve password security
Survey of PGP passphrase usage
Diceware
CipherSaber
HEKS
Random characters to mnemonic generator
Diceware now available in 17
languages
Instructions: Chinese, Esperanto,
Finnish, French, Italian, Japanese,
Polish and Spanish
Word lists: Catalan, Danish, Dutch,
English, Esperanto, Finnish, French,
German, Italian, Japanese, Maori,
Norwegian, Polish, Russian, Spanish,
Swedish and Turkish
Diceware™ sentence generating matrix
Dummies author
Including E-Mail For Dummies
Hillary got a copy for her 50th birthday:
With Chelsea’s departure, the First Lady who mastered
Game Boy has resolved to overcome her phobia of
computers. Her chief of staff, Melanne Verveer, lately caught
her thumbing through a book called Internet E-Mail for
Dummies.”
Hillary Clinton’s E-Mail Trouble Started in 1997, Lily Rothman, Time, March 3, 2015
My bad!
Today’s problem: Protecting user
passwords in the enterprise
Rock Salt targets enterprise scale systems
many users, server farms, e-commerce, etc.
Not addressed: passwords used to generate
cryptographic keys
GPG, PGP, disk encryption, Wi-Fi PSK, password
managers, Bitcoin wallet
Pick systems with key stretching, argon2 if possible
Use Diceware, 6 or 7 word passphrase
Write it down
Enterprises must store password
validation info for each user
Passwords aren’t going away
Can throttle attempts, but offline…
Databases in use are hard to protect
Password databases frequently stolen
Encryption of password validation data
is not so simple
Database security breaches
Ashley Madison 37M
Anthem Health Ins. 80M
OPM 4M Form-86s, all US spies
Home Depot 56M
Sony 100TB data
RSA — keys to the kingdom
Staples 1.6M
Adobe 130M
Target 70M
South Carolina DoR 3.6M
TalkTalk (UK) 4M
Only two types of companies…
Existing methods for storing password data
are inadequate
Simple hashing
Salted hash
Computation intensive hash:
PDKDF2
Memory intensive hash:
HEKS, scrypt, argon2
Expensive for large, mega-user systems
Weakest password can compromise system
Keyed hash – single point of failure
An arms race exists between
protectors and crackers
Crackers are winning
Moore’s law
Gaming technology (GPGPUs)
Bitcoin mining: FPGAs, ASICs
Botnets
Cracking is massively parallel
The problem I’m trying to solve
AMD RX480
Are we asking too much?
Most people are unable or unwilling to use passwords strong
enough to be stored safely with current methods
15 random character minimum
I push Diceware but…
People often reuse passwords
damage from one database compromise extends to other systems
Users shouldn’t be responsible for fixing this problem!!! babab
a
Enterprise databases present extra
security challenges
Must be accessed by multiple applications
Encryption meaningless since decryption keys must be present for use
Password databases need to be backed up
And synchronized
Adds additional vulnerability
Volume of password information is small
200 million user names + hash + salt < 10 GB
Exfiltrates in seconds
Attackers don’t need the entire file
Alternatives are cumbersome
Two-factor and biometric
Adoption has been slow
Typical user has dozens of password-protected accounts
A dongle for each impracticable
Little or no interoperability
NIST is depreciating SMS OOB TFA
Without secure password storage two factor becomes one
factor
Rock Salt™ — A new approach
Similar to conventional salted hashing, or keyed
hashing
Uses very large static key (VLK) to transform
the salt
Hard to steal
Makes physical security feasible
Very Large Key (VLK) concept
Key much larger than expected volume of
data to encrypt
Cipher keys << OTP << VLK
Paradoxical
Provable security
Macroscopic secret
can be physically defended
Short leaks inconsequential
Very Large Key (VLK)
Random or pseudorandom
May be many terabytes – SSD modules
Large enough for physical security to be effective.
Compare with ordinary keys that fit on a t-shirt or leak
via side channels
Deniable stenographic file systems e.g.
Normal salted password verification
Look up stored_hash, salt in database
Does hash (trial_password || salt) =
stored_hash?
If yes, allow access
If no, don’t
Rock Salt™ password verification
Look up stored_hash, salt in database
Send salt to Rock Salt Server
RSS uses salt as DRNG seed to pick bytes from
VLK. Assemble and return as the Rock_Salt
Does hash(trial_password || Rock_Salt) =
stored_hash?
If yes, allow access
If no, don’t
Rock Salt Diagram
Typical RSS:
Rock Salt Server (RSS)
VLK module
Physical security
Install VLK in locked safe, Faraday cage
Alarm system and video surveillance
Tamper detection -- SSD erase
Two person integrity, no-lone-zone
Custom bulky modules, keyed form factor
No need for routine access
Two or more identical units for backup, trust, disaster recovery
Tempest/Nonstop, FCC Class B, UL 768, TL-30
Uses “Data Guards”
Specialized hardware wedges to limit data flow
Traffic level needed for password verification << data rate
needed to exfiltrate VLK
Small leak of VLK is unlikely to compromise any password
Simple, auditable software
Secure link to password verification server
If password verification server can be compromised, all bets are off
Alternative: separate database for password verification
Secure enclave (1337Mark)
Complicates backup and
synchronization of databases
Bigger attack surface
Small data leak can compromise some
accounts
Passwords can be short enough for
typical users
Companies must still limit or throttle
failed login attempts
Users only need to avoid obvious
passwords
e.g. info from Facebook account
old AOL style, e.g. “fence%radio”
“bababa” – Good enough
Potential attacks
Physical security violation
Insiders – use two person integrity (TPI)
Malware requesting and recording Rock Salt hashes
Secure link between password server and RSS
Keep count of requests, statistical tests
Add canary password values or salts
Easy to guess passwords.
Use dictionary
Offer two word plus symbol passwords
Require minimum password complexity, but much less than current
approaches
All password systems vulnerable to this attack
Advantages
Dependable, engineered, first-principle security
No more arms race
Rock Salt secret is large enough to be physically protected
Quantum computing resistant
Less burden on users
Minimal changes to existing password management software and
database
Password data can be safely backed up using organization’s
existing practices
Easy transition
Fallback plan if needed
Reduced risk and liability for enterprise
Limitations
Too cumbersome for small or personal operations
Use KDF such as Argon2 instead
Not a solution for passwords used to derive a
cryptographic keys
Can’t use password records to share credentials
with another organization
Not a good idea anyway
Gaining the confidence of enterprise customers
may be hard
Business problem
Hard to sell — customers bet their life on it
Better mousetrap
Best offered by large established company
How to go forward?
Patent applied for
Create company?
Venture funding
Build prototype?
Lead customers?
Publish
Road show
Rock Salt is not elegant
But it works and nothing else does, AFIK
Questions?
Diceware.com
Diceware blog
Peerlyst
Image credits
Wikimedia File:Halite 3.JPG — Parent Géry
Wikimedia File:Dice - 1-2-4-5-6.jpg — PierreSelim
Email For Dummies cover — John Wiley
Wikimedia File:LinkedIn Headquarters Mountain View.jpg — LPS.1
Two kinds slide – HBS Club presentation 6/7/16 NP
RX 480 GPU — AMD
Rock Salt™ images — A G Reinhold
Mark Zuckerberg — Presidência do México
Security guards -- 1stcommercialcredit.com
DVD crypto tee shirt — usblog.kaspersky.com
Dual dial Safe — norfolksafecompany.com
Launch control center — www.atbforum.com
Raiders of the Lost Ark knife fight scene — Lukasfilm
Yoda: Allowed access you are not — zendovo.cz
Star Trek Access Denied — serverfault.sk
Teensy 3.2 pcb — pjrc.com
Arnold – USS Jeremiah O’Brian docent
ResearchGate has not been able to resolve any citations for this publication.
ResearchGate has not been able to resolve any references for this publication.