Re: [SC-L] Java keystore password storage
As a hash function with 'security' of 2 ** 80, it is completely
broken. The security is reduced to 2 ** 69. Even though it's still
alot of operations, the function is definately broken as it's actual
security is less then specified (less then that required for a
'birthday attack').
-- Michael
On 4/26/05, Edgar Danielyan <[EMAIL PROTECTED]> wrote:
> David, John,
>
> Although there were some advances on finding collisions in SHA-1 I
> wouldn't say it was broken. The attack is fairly unpractical and
> woudln't affect absolute majority of SHA-1 uses. Having said that
> there are other versions of SHA, e.g. SHA-256 which are not affected
> (at present at least).
>
> Also in addition to the password a "salt" is very often used to
> address the risk of memory-speed tradeoff (search on google would give
> many references)... In short the best practical option is to use a
> hash digest with salt and store the password hash, not the password
> itself.
>
> Regards
>
> Edgar
>
>
> On 4/25/05, David Crocker <[EMAIL PROTECTED]> wrote:
> > I'm by no means an expert in the field of security and Java, but I believe
> > that
> > the usual technique is to encode the password that the user types using a
> > 1-way
> > hashing algorithm, then store (and hide/protect) the encoded version and use
> > that as the password. If an attacker manages to read the password hash, he
> > still
> > has to construct a password that will encode to the same value.
> >
> > There are a number of hashing algorithms available. SHA1 used to be
> > considered
> > fairly good for this sort of thing, but I understand it has been broken
> > recently.
> >
> > This technique does make it impossible to recover the password; if the
> > password
> > is lost, it has to be reset to a new one.
> >
> > David Crocker, Escher Technologies Ltd.
> > Consultancy, contracting and tools for dependable software development
> > www.eschertech.com
> >
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
> > Of john bart
> > Sent: 25 April 2005 08:56
> > To: SC-L@securecoding.org
> > Subject: [SC-L] Java keystore password storage
> >
> > Hello to all the list.
> > I need some advice on where to store the keystore's password. Right now, i
> > have
> > something like this in my code:
> >
> > keystore = KeyStore.getInstance("JKS");
> > keystore.load(new FileInputStream("keystore.jks"),"PASSWORD");
> >
> > the question is, where do i store the password string? all of the
> > possibilities
> > that i thought about are not good enough:
> > 1) storing it in the code - obviously not.
> > 2) storing it in a seperate config file is also not secure.
> > 3) entering the password at runtime is not an option.
> > 4) encrypting the password - famous chicken and egg problem (storing the
> > encryption key)
> >
> > Any ideas?
> >
> >
>
>
RE: [SC-L] Java keystore password storage
David Crocker wrote: >I'm by no means an expert in the field of security and Java, but I believe that >the usual technique is to encode the password that the user types using a 1-way >hashing algorithm, then store (and hide/protect) the encoded version and use >that as the password. If an attacker manages to read the password hash, he still >has to construct a password that will encode to the same value. At issue is not the mechanical method of storing the password; it is the fundamental insecurity of storing a password such that an automated process may recover/use said password. If an automated process can recover the password, chances are very good an attacker can, and no cryptographical algorithim will solve that issue. The system is weak, not the individual components. Cheers, Chris
[SC-L] RE: Java keystore password storage
Is there something like window's DPAPI in the Unix world (solaris, linux,
etc..)?
From: "Michael Howard" <[EMAIL PROTECTED]>
To: "john bart"
<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,,<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>
Subject: RE: Java keystore password storage
Date: Mon, 25 Apr 2005 10:52:49 -0700
Oh this thorny issue again!
On Windows you can call into the Data Protection API (CryptProtectData
etc), which uses keys derived from the user's password to protect secret
data like this, or uses a machine key if you want to lock the key down
to the machine. Mac OSX offers a similar technology called Keychain
(SecKeychainAddGenericPassword etc), but these are of course OS specific
solutions.
I know of no other way that works solely with Java on all platforms...
[Writing Secure Code] http://www.microsoft.com/mspress/books/5957.asp
[Protect Your PC] http://www.microsoft.com/protect
[Blog] http://blogs.msdn.com/michael_howard
[SDL] http://msdn.microsoft.com/security/sdl
-Original Message-
From: john bart [mailto:[EMAIL PROTECTED]
Sent: Monday, April 25, 2005 12:56 AM
To: [EMAIL PROTECTED]; SC-L@securecoding.org;
[EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: Java keystore password storage
Hello to all the list.
I need some advice on where to store the keystore's password.
Right now, i have something like this in my code:
keystore = KeyStore.getInstance("JKS");
keystore.load(new FileInputStream("keystore.jks"),"PASSWORD");
the question is, where do i store the password string? all of the
possibilities that i thought about are not good enough:
1) storing it in the code - obviously not.
2) storing it in a seperate config file is also not secure.
3) entering the password at runtime is not an option.
4) encrypting the password - famous chicken and egg problem (storing the
encryption key)
Any ideas?
_
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
_
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Re: [SC-L] Java keystore password storage
Dear Michael, On 4/26/05, Michael Silk <[EMAIL PROTECTED]> wrote: > As a hash function with 'security' of 2 ** 80, it is completely > broken. The security is reduced to 2 ** 69. Even though it's still > alot of operations, the function is definately broken as it's actual > security is less then specified (less then that required for a > 'birthday attack'). I suppose we have different understanding of what "completely broken" means: http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html Regards, Edgar
Re: [SC-L] Java keystore password storage
At 7:20 PM -0700 4/25/05, Blue Boar wrote: >David Crocker wrote: >> I'm by no means an expert in the field of security and Java, but I believe >> that >> the usual technique is to encode the password that the user types using a >> 1-way >> hashing algorithm, then store (and hide/protect) the encoded version and use >> that as the password. If an attacker manages to read the password hash, he >> still >> has to construct a password that will encode to the same value. > >That only works if you're the "server", or more accurately, the process >that needs to verify the password. If you're the "client", or the >process that needs to supply the password, that doesn't help you. At the client, a password should be entered by a human. Two factor identification would involve an RSA signature made by a portable device (e.g. Smartcard) which is enabled by a password known only to the user. Obviously the channel from the human to the device must be secure, typically by using a keypad on the device independent of the programmable computer system. -- Larry Kilgallen
[SC-L] RE: Java keystore password storage
None that I'm aware of.
[Writing Secure Code] http://www.microsoft.com/mspress/books/5957.asp
[Protect Your PC] http://www.microsoft.com/protect
[Blog] http://blogs.msdn.com/michael_howard
[SDL] http://msdn.microsoft.com/security/sdl
-Original Message-
From: john bart [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 26, 2005 10:46 AM
To: Michael Howard; [EMAIL PROTECTED];
SC-L@securecoding.org; [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Java keystore password storage
Is there something like window's DPAPI in the Unix world (solaris,
linux, etc..)?
>From: "Michael Howard" <[EMAIL PROTECTED]>
>To: "john bart"
><[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,@securecoding.org>,<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]
>com>,<[EMAIL PROTECTED]>
>Subject: RE: Java keystore password storage
>Date: Mon, 25 Apr 2005 10:52:49 -0700
>
>Oh this thorny issue again!
>
>On Windows you can call into the Data Protection API (CryptProtectData
>etc), which uses keys derived from the user's password to protect
>secret data like this, or uses a machine key if you want to lock the
>key down to the machine. Mac OSX offers a similar technology called
>Keychain (SecKeychainAddGenericPassword etc), but these are of course
>OS specific solutions.
>
>I know of no other way that works solely with Java on all platforms...
>
>
>[Writing Secure Code] http://www.microsoft.com/mspress/books/5957.asp
>[Protect Your PC] http://www.microsoft.com/protect [Blog]
>http://blogs.msdn.com/michael_howard
>[SDL] http://msdn.microsoft.com/security/sdl
>
>-Original Message-
>From: john bart [mailto:[EMAIL PROTECTED]
>Sent: Monday, April 25, 2005 12:56 AM
>To: [EMAIL PROTECTED]; SC-L@securecoding.org;
>[EMAIL PROTECTED]; [EMAIL PROTECTED];
>[EMAIL PROTECTED]
>Subject: Java keystore password storage
>
>Hello to all the list.
>I need some advice on where to store the keystore's password.
>Right now, i have something like this in my code:
>
>keystore = KeyStore.getInstance("JKS"); keystore.load(new
>FileInputStream("keystore.jks"),"PASSWORD");
>
>the question is, where do i store the password string? all of the
>possibilities that i thought about are not good enough:
>1) storing it in the code - obviously not.
>2) storing it in a seperate config file is also not secure.
>3) entering the password at runtime is not an option.
>4) encrypting the password - famous chicken and egg problem (storing
>the encryption key)
>
>Any ideas?
>
>_
>Express yourself instantly with MSN Messenger! Download today it's
FREE!
>
>http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
_
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Re: [SC-L] Java keystore password storage
David Crocker wrote: > I'm by no means an expert in the field of security and Java, but I believe > that > the usual technique is to encode the password that the user types using a > 1-way > hashing algorithm, then store (and hide/protect) the encoded version and use > that as the password. If an attacker manages to read the password hash, he > still > has to construct a password that will encode to the same value. That only works if you're the "server", or more accurately, the process that needs to verify the password. If you're the "client", or the process that needs to supply the password, that doesn't help you. Ryan
Re: [SC-L] Java keystore password storage
David, John,
Although there were some advances on finding collisions in SHA-1 I
wouldn't say it was broken. The attack is fairly unpractical and
woudln't affect absolute majority of SHA-1 uses. Having said that
there are other versions of SHA, e.g. SHA-256 which are not affected
(at present at least).
Also in addition to the password a "salt" is very often used to
address the risk of memory-speed tradeoff (search on google would give
many references)... In short the best practical option is to use a
hash digest with salt and store the password hash, not the password
itself.
Regards
Edgar
On 4/25/05, David Crocker <[EMAIL PROTECTED]> wrote:
> I'm by no means an expert in the field of security and Java, but I believe
> that
> the usual technique is to encode the password that the user types using a
> 1-way
> hashing algorithm, then store (and hide/protect) the encoded version and use
> that as the password. If an attacker manages to read the password hash, he
> still
> has to construct a password that will encode to the same value.
>
> There are a number of hashing algorithms available. SHA1 used to be considered
> fairly good for this sort of thing, but I understand it has been broken
> recently.
>
> This technique does make it impossible to recover the password; if the
> password
> is lost, it has to be reset to a new one.
>
> David Crocker, Escher Technologies Ltd.
> Consultancy, contracting and tools for dependable software development
> www.eschertech.com
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
> Of john bart
> Sent: 25 April 2005 08:56
> To: SC-L@securecoding.org
> Subject: [SC-L] Java keystore password storage
>
> Hello to all the list.
> I need some advice on where to store the keystore's password. Right now, i
> have
> something like this in my code:
>
> keystore = KeyStore.getInstance("JKS");
> keystore.load(new FileInputStream("keystore.jks"),"PASSWORD");
>
> the question is, where do i store the password string? all of the
> possibilities
> that i thought about are not good enough:
> 1) storing it in the code - obviously not.
> 2) storing it in a seperate config file is also not secure.
> 3) entering the password at runtime is not an option.
> 4) encrypting the password - famous chicken and egg problem (storing the
> encryption key)
>
> Any ideas?
>
>
