Slashdot Mirror

← Back to Stories (view on slashdot.org)

Storing Credentials for Secured Resources?

Posted by ryuzaki0 on from the security-and-web-applications dept.

diverman asks: "It is very common for web applications (be them Java, Perl, PHP, .NET, or shell script) to need knowledge about credentials to access another resource. Perhaps it's a relational database login, an FTP account for transferring files, or maybe a authentication credentials to another web service. Whatever it is, most developers have likely had to write a program that needs to keep a password for later use. The big issue now is: where do you put them?" "Having passwords sitting around in clear-text isn't the wisest of ideas, and is against most security 'best practice' guidelines. Some apps and servers have chosen to base64 encode it (I believe WebSphere does this), and that's about as safe as clear-text. What I've been trying to find is a mechanism that behaves like how Apache loads properly signed SSL certs, that require a password when starting up the web server. The password could be used to decrypt a key-store for various application/resource credentials, and then make them available. Exact implementation isn't the question, as much as ANYTHING that does this at all. Are there any Apache modules that can place authentication information in ENV variables for executed apps, after decrypting them on server startup? Are there ways to have Java containers do something similar? It seems like this is something that is a very common problem, but not a very common question, with an even less common solution."

64 comments

  1. Perl module by grassy_knoll · · Score: 1

    For perl, you could use a module which contains a hash of hashes. This stores only cyphertext keyed to values ( username => 'qifhhfwqe', password => 'aiuherg' for instance ).

    In the application, you read the hash from the module and decrypt it prior to authentication.

    Sure, someone who has both the code for the application ( which must contain the decryption routine ) and the perl module can decrypt the credentials, but it does prevent someone from reading a text / base_64 file for your username / password combination.

    I'm sure other languages could impliment similar functionality; perl's just what I've been coding in lately.

    --
    A Human Right
    1. Re:Perl module by jrockway · · Score: 1

      > decrypt it prior to authentication

      And where do you get the encryption key from?

      However, it would be pretty easy to write a mod_perl module that asks for a passphrase at server start time, decrypts the database password, and sticks it in an environment variable (or the Apache->server object).

      I'm not sure what security advantage this provides, though. If your password file is only readable by root, then your system would be compromised by the time the attacker got the password. As root, you can change the database password anyway (but not if it's on a different host). You can also attach a debugger to the Apache process and read the password out of memory.

      So all in all, I don't think this is necessary. If someone that's compromised your system wants the database password or SSL keys, they're going to get them anyway.

      --
      My other car is first.
    2. Re:Perl module by Anonymous Coward · · Score: 0

      And here we have why I don't hire people who list Perl as a language on their resume. You can't decrypt a hash stupid!

    3. Re:Perl module by diverman · · Score: 1

      Yes. That was my question when I read this first reply. An encryption of values is exactly what I was proposing (whether it's ain a Perl hash or any other implementation). The real key, however, is being PROMPTED for a password on server start. Anything other than prompting would require storing it on the server, and thus compromising the notion of truly securing those secrets (ie. the passwords and credentials).

      I really wonder, however, if anyone actually has an implementation for this issue. I guess I'll continue reading the responses.

      -Alex

    4. Re:Perl module by diverman · · Score: 1

      To be fair, I believe he's referring to a Perl hash, not a cryptographic hash. I assume he's inferring a Perl specific implementation of performing a symmetric key encryption on the values of a Perl hash. However, that suggestion doesn't address the issue of the decryption key being needed.

    5. Re:Perl module by jrockway · · Score: 1

      If you didn't get a satisfactory answer, e-mail me and I'll code this module up. I don't really like the way we're doing password management at work right now, and this is an improvement. (I have to type the passphrase for the SSL keys anyway, one more doesn't make a difference.)

      --
      My other car is first.
    6. Re:Perl module by diverman · · Score: 1

      Thanks. I don't have a specific need exactly. However, the question has come up a number of times in the last few months (I work as an application security analyst), and know what would be a good idea in certain environments, but not have an existing solution. I was about to just write an apache module myself (thought it'd be an interesting project to try at least once)... but just never got around to it.

      In all honesty, I would think that such an feature/module would be something that many would benefit from. So, if you do code it, I hope you make it available to anyone in need. I really wish more Java app servers had something like this. I wonder if they have "module" support that are hooked into the server startup process.

      Anyway... if you do get motivated to code this up, I'd be happy to chat with you about implementation details to come up with a solution that would be generic enough to work for most cases.

  2. here by HawkingMattress · · Score: 1

    PasswordSafe pretty good, and has several linux ports

    1. Re:here by swillden · · Score: 1

      PasswordSafe pretty good, and has several linux ports

      Okay, so where do you put the passphrase used to secure the PasswordSafe database?

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    2. Re:here by fimbulvetr · · Score: 1

      Have you learned nothing?

      You put it in another PasswordSafe database! Duh!

    3. Re:here by gbjbaanb · · Score: 1

      How does this compare to Keepass?

    4. Re:here by HawkingMattress · · Score: 1

      In my friggin' brain.
      But yeah i confess, i didn't even read the summary before posting this one ;) this has nothing to do with what the poster is asking about. But still, passwordSafe is a must-have if you don't know about it.

  3. Most?!? by NevarMore · · Score: 2, Funny

    "Having passwords sitting around in clear-text isn't the wisest of ideas, and is against most security 'best practice' guidelines."

    MOST?!?

    Which security guidlines say it is ok and what companies are using them?

    1. Re:Most?!? by swillden · · Score: 2, Insightful

      Which security guidlines say it is ok and what companies are using them?

      Companies that build real security systems often intentionally store on-disk passwords in cleartext, just to make the point that on-disk passwords are inherently insecure -- no matter how you obfuscate them -- and to encourage the use of hardware security modules.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    2. Re:Most?!? by Anonymous Coward · · Score: 0

      I dunno. If I had to choose between passwords in the clear on paper on the users desk, and 24-character-minimum alphanumeric no-dictionary-strings passwords that the user forgot every day and had to be reset, I think the former begins to look appealing. If it's on paper, and not on their hard disk, that's usually quite safe, since the premises of the building is protected at least as well as the computer (hopefully).

    3. Re:Most?!? by pixel.jonah · · Score: 1

      I've just started considering these questions in preparation to handle some online creditcard processing.

      I had thought about the "require a password on server startup to decrypt the passwords into RAM" method, but that prevents unattended server restarts and so in the (hopefully rare) case of an unscheduled service/process restart you'd have to get onto the server and enter the password before the application would be available again. Not optimal in my opinion.

      Regarding best practices I've found The Open Web Application Security Project and the Credit Card industry's PCI Data Security Standard. Visa's implemention is called CISP.

      Both seem to recommend a multi-level security strategy with numerous barriers between the outside world and your data.

      Another thought: If you only need administrative access to the data or don't need to access it from that machine at all, using a public key encryption scheme would probably work well.

      .jonah

    4. Re:Most?!? by aminorex · · Score: 1

      I'm sure that companies who build disk encryption hardware do.

      Personally, I consider El-Gamal to be encryption rather than "obfuscation", and quite happily store authentication token ciphertext in mysql.

      Hasn't scratched yet.

      --
      -I like my women like I like my tea: green-
    5. Re:Most?!? by swillden · · Score: 2, Insightful

      Personally, I consider El-Gamal to be encryption rather than "obfuscation", and quite happily store authentication token ciphertext in mysql.

      And where do you store the decryption key? It's still just obfuscation, no matter how good the cipher is, as long as the attacker can get the key.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    6. Re:Most?!? by diverman · · Score: 1

      True, a password on restart does create an issue with unintentional system restarts. Although, how often do those occur? And do you really want your system becoming publicly available when it unintentionally reboots? You have the same issue with a signed SSL cert. Personally, I'd rather a system be unavailable on an unintentional reboot until it can be reviewed. In an enterprise environment, the server is likely part of a cluster or balanced group.

      I'm quite familiar with OWASP. I'm planning on going to play paintball with one of the founders in a few weeks. OWASP's Top 10 is a good reference for developers that don't know what web app security really is (beyond authentication and authorization). There are a number of other good resources for software security. Gary McGraw also has some good books. Defense in Depth (as OWASP and others typically call it), is definitely the way to go. Hell, if I REALLY want a secret safe, I encrypt it twice, with two significantly different algorithms, since the odds of both algorithms having a flaw is highly unlikely... but that's for the truly paranoid.

      However, OWASP, nor others actually have anything that I've seen that discusses this specific issue, other than their guidelines suggesting this would be a good idea/approach. I was hoping that SOMEONE would know of implementations that do something like this. As an application security analyst, I work with developers and try to improve their practices (along with other aspects tot he dev process). But everytime the question of resource passwords come up, I can never offer a solution that does what SHOULD be done.

      I don't follow your comment about public key encryption though. If the secrets are needed by the applications (ie. a DB login that the app/app server needs for DB access), then they would be needed by services on that system.

      -Alex

    7. Re:Most?!? by aminorex · · Score: 1

      In an encrypted keychain, naturally. It's standard best practice.

      --
      -I like my women like I like my tea: green-
    8. Re:Most?!? by swillden · · Score: 1

      In an encrypted keychain, naturally. It's standard best practice.

      And where is the password that unlocks that keychain? You can continue pushing the issue away as many layers as you like, but at some point you have to have the secret that unlocks all of the rest of the secrets, and the question remains -- where do you put that? As long as the application has to have unattended access to it, all the rest is just layers of obfuscation.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    9. Re:Most?!? by swillden · · Score: 1

      Hell, if I REALLY want a secret safe, I encrypt it twice, with two significantly different algorithms, since the odds of both algorithms having a flaw is highly unlikely... but that's for the truly paranoid.

      Bah. I'm about as paranoid as they come, and the odds of 3DES being broken is so small it's worth less consideration than a meteor smashing into the planet. In a few more years, I'll probably say the same of AES. The real issue that needs to be addressed is: Where do you put the keys?. Amateurs attack ciphers. Professionals attack keystreams.

      But everytime the question of resource passwords come up, I can never offer a solution that does what SHOULD be done.

      Although it's impractical in some cases, there's a clear answer: Get rid of the passwords, use cryptographic authetication (PK or symmetric, doesn't matter) and put the keys in secure hardware. There are numerous options with different security characteristics, but I think three of them cover the bases.

      • Smart card. Smart cards are cheap -- < $1 in large volumes, < $20 even for small quantities -- fairly strong and not too difficult to work with. They're low performance, though, so you don't want to store keys in them that are used with great frequency, especially not if you're using PK. Many cards have dedicated crypto co-processors that make symmetric crypto (DES, mostly, some have AES) fast and PK reasonable, but the communication bandwidth is low, so performance is inherently limited. They do make sense in many cases, though.
      • High-security crypto hardware. There are numerous vendors, but I'm partial to the IBM 4758. It's very secure, even against physical attack (certified FIPS 140-2 level 4), and reasonably cost-effective (< $2K). At that price, the cost of modifying the software to make use of it will dwarf the cost of the board. Performance of such devices is excellent.
      • TCPA TPM. Many servers are now coming with these built in, and they provide a very useful option because they're effectively free, have good performance and, in theory, even offer protection against trojans. If your secrets (and these can be keys or passwords) are properly bound to the boot and software configuration, installation of a trojan will result in the secrets becoming inaccessible. Depending on precisely how they system is configured, the keys or passwords will probably exist in RAM at run-time, but only if the correct software is running.

      Actually, my ideal configuration would make use of both a TPM and either a smart card or, better, yet, a more powerful crypto coprocessor. With that configuration, the real key repository could be password-protected and the password could be stored in the TPM, bound to a known-good software configuration. The TPM stuff is still in the future, though. The hardware is readily available, but really binding secrets to a system configuration requires TPM support in the BIOS, boot loader, kernel, and userland, and no OS currently available really has all of that. Linux has boot loader and kernel support, but userland needs a lot of work. Vista is suppose to have it all, but I'm skeptical.

      If anyone wants to fund a project to make a TPM-enabled Linux for such situations, let me know :-)

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    10. Re:Most?!? by diverman · · Score: 1

      I totally agree. Other solutions are likely better than sticking with passwords if you're wanting to clamp down even more. I think that there are degrees of security, degrees of due diligence, degrees of concern. A good question to ask is how secure does it need to be in order for the level of concern to be acceptable? In most cases, we are talking about business decision to weigh against the pros and cons of various measures of securing information. Much like people who argue that human intervention for a password entry at server start would not work... well, it is acceptable for certain situations where the business can accept that in exchange for the benefit.

      Anyway. The reality is that better solutions are not always an option, whether it's cost, a need to leverage existing technology or work, a need to enact improved security in a rapid period of time, resistance to change, or simply because the boss said so. So, the question is not a debate about the merits of this option against alternatives, but rather one about implementations available. Other designs may be great and worth mentioning, but they do have other costs/benefits, and may not be viable in many situations.

    11. Re:Most?!? by swillden · · Score: 1

      A good question to ask is how secure does it need to be in order for the level of concern to be acceptable?

      Absolutely. All real-world security engineering, like all real-world engineering of any sort, is about cost vs benefit. Many of the systems that I work on fully justify the greater cost, but a lot are marginal and many clearly don't justify it, even though it would be useful if the cost were only a bit lower.

      That's why I'd like to see TCPA TPMs become standard in servers, and for all of the major server OSes to support them properly out of the box. That way we can amortize the cost of the security over a large number of machines and increase the default security level, for all of those systems which could benefit from improved security but don't quite justify the increased cost of going beyond the default configs. Also, thanks to the boot-time integration, TPMs could provide a not insignificant security boost to the systems that already deploy secure hardware.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    12. Re:Most?!? by aminorex · · Score: 1

      It is true that key management always boils down to obfuscation. For example, I obfuscate the key stored on a USB flash drive by putting it in my pocket, or I might obfuscate it by putting it in a locked, armored safe. If these are the semantics of obfuscation, I am content to play the game according to your rules, now that they are clear. As long as a computer must operate on a plaintext,
      that plaintext is "obfuscated" by the physical complications of access to it. It doesn't matter whether it is inside an epoxied RSA engine or inside DRAM, or written to swap space, or displayed on a monitor over Times Square -- in that sense these are merely varying modes of obfuscation. I do prefer to use words in a way that distinguishes useful cases, however. In this way they add more information when they are used.

      --
      -I like my women like I like my tea: green-
    13. Re:Most?!? by swillden · · Score: 1

      It is true that key management always boils down to obfuscation.

      No, it isn't. There's a fundamental difference between storing the key in software on a general-purpose machine and storing it in a tamper-resistent (or even tamper-reactive) secure module. The difference is primarily in the location of tools required. In software, all of the information and all of the tools needed to extract the key are on the machine. They must be. In the case of the secure module, if the tools exist at all, they are things like electron force probes that are large, expensive and rare. For things like, say, the IBM 4758 crypto coprocessor, the tools needed to defeat the security and extract the key may not even exist.

      Anything you do purely in software on a standard computer can be reverse engineered by a single talented individual with access to nothing more than a compiler and reference materials. Anything you put in a smart card chip cannot be extracted without sophisticated physical manipulation (assuming that's the chip is configured not to give it up). Anything you put in a FIPS 140-2 level 4 certified secure module is very probably safe from anyone other than a government, and it may even be safe from them.

      There are large distinctions there.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    14. Re:Most?!? by swillden · · Score: 1

      It is true that key management always boils down to obfuscation.

      Reading something else this morning made me realize there's another non-obfuscation case that I didn't mention in my other post: That's the case where all of the information needed to recover the key is not on the machine. For example, an encrypted store like, say, PasswordSafe. It's not obfuscaction because without the passphrase which gets hashed into a decryption key, an attacker would have to break the cryptography in order retrieve the passwords. I think perhaps this is the approach you were thinking of, but I discarded it because it doesn't apply in the situation under discussion: an unattended server. Since there's no user around to provide the needed secret on demand, all requisite secrets have to be stored on the machine.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  4. Don't use passwords by forsetti · · Score: 4, Informative

    Passwords are for "Authentication". Your user has already been authenticated. You are now looking for "Identity Forwarding" or "Identity Session Management". Do not use passwords are your Identity Token. Look at technologies like Kerberos, which use your password for authentication, give you a identity token in the form of a TGT (Ticket Granting Ticket), and then allow you to request unique (and optionally forwardable) tokens for each service you are looking to access.

    In the web world, CAS provides proxy tickets, which can even be forwarded (for example, to an FTP server) as a stand-in for passwords via PAM.

    --
    10b||~10b -- aah, what a question!
    1. Re:Don't use passwords by swillden · · Score: 2, Insightful

      Your user has already been authenticated. You are now looking for "Identity Forwarding" or "Identity Session Management".

      Sometimes. In other cases, what you want to do is to authenticate the server that is making the request. The user's identity isn't relevant, and that user may not even have any privileges to use the protected service directly. Instead, the "front end" service cares about who the user is and is willing to make some requests of the back-end service on the user's behalf, so it's actually the front-end service you want to authenticate to the back-end service.

      The scenario you describe also makes sense, and also happens, but it's not the only situation that needs to be addressed.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    2. Re:Don't use passwords by starfishsystems · · Score: 1
      Absolutely right. Passwords are a way for humans to authenticate, not the only way and not even the best way. Identity is quite another matter. In an identity sense, passwords hold the same position as symmetric keys, trivial to replay if ever captured. For this reason, they're terrible as a way for systems to identify to each other.

      What you really want for identity is a token that is easy for the owner to create, easy to validate, and very hard to capture and replay. Beyond Kerberos, X.509 certificates do this very well, and PGP/GPG has similar capabilities if you prefer a nonhierarchical certificate infrastructure.

      People sometimes forget that SSL is capable of identifying both server and client. That's an example of X.509 mediating identity between parties in a session, which is often all we want. Of course these certificates can be used by other protocols as well, and unlike passwords, they don't have to be taken at face value because they can be validated through a trusted third party.

      There is also the concept of an X.509 "proxy certificate" which Globus uses for grid transactions. The idea is that your computation can be securely passed around the grid because its identity is established by its accompanying proxy cert. I imagine this is similiar to using a Kerberos ticket as a proxy, but I stand to be corrected. The problem with any proxy is that, being preauthenticated, it can get away from you, and that aspect has to be balanced against possible convenience. The usual practice with Globus proxy certs is to give them a short lifetime so they can do their work on the grid and then expire.

      --
      Parity: What to do when the weekend comes.
    3. Re:Don't use passwords by diverman · · Score: 1

      This makes an assumption about the technologies available and supported. Sure, a single sign-on, ticket-based authentication/identity management solution would be great. However, that is not always a reality. I'd even venture to say it is much less often a reality. I've known many who try to go down this path, and seem to run into problems with systems that do not support them, and then try to come up with a hack to make it work, ultimately creating vulnerabilities with their hack.

      So, while it would be nice, the reason I ask about a secured key store approach is because many applications and environments do not have the option (be it due to cost, technology, or available skillset), and a keystore solution is a bit simpler and more generic, while still providing sufficient security of the credentials.

  5. You really have little choice by danpat · · Score: 1

    If you require access to a remote resource that wants some kind of credentials
    presented, and you don't want to get a human involved, then you have little choice
    other than to store something that someone could take a copy of and use to impersonate
    your system.



    Set file permissions properly. Make password-containing config files only readable by the processes that need to read them. chmod 0400. Keep each of your apps separated in this way so that a compromise of one doesn't affect the others. This is the best you can do. Password obfuscation can always be broken.



    If your system can automatically authenticate against a remote secure resource, then someone who compromises your system can make it do it again. The only other thing you can do would be to require human intervention every time a password is required (or a collection of passwords).



    1. Re:You really have little choice by Gothmolly · · Score: 1

      chmod 0400 doesn't do jack if I can boot your machine into single user mode from CD.

      --
      I want to delete my account but Slashdot doesn't allow it.
    2. Re:You really have little choice by danpat · · Score: 1

      Which is why I said "It's the best you can do".

    3. Re:You really have little choice by Anonymous Coward · · Score: 0

      If they've got physical access, you already lost a long time ago.

    4. Re:You really have little choice by diverman · · Score: 1

      Sorry, but I completely disagree.

      What I was asking about protects much beyond using simple file permissions to protect the secrets. In your suggestion, if an application running as the web server's user (which would otherwise be needed for apps that need to read their resource credentials) were to contain a flaw allowing access to the file system, those secrets could then be disclosed. Additionally, as someone mention, a physical reboot with access to the server or a stolen hard drive, or a stolen backup tape, would result in disclosure of the secrets. Of course, if the secret is available to an app directly, it could still disclose it if badly coded, but less likely if placed in memory than the hard drive (since directory traversal vulnerabilities are still quite common mistakes by developers).

      In my original post, I am specific about the solution, and was more looking for anyone knowing about implementations. The solution is to have any secrets that applications need encrypted. The passphrase needed to decrypt them would be entered at server startup (much like with signed SSL certs). The server would decrypt and load the secrets somewhere in memory for the application to access (scoping access as needed). The app could then read that memory made available specifically to it to access the secrets/credentials. No one logged into the system (assuming normal memory protections are in place) could access the secrets, even IF they had access to the user that owned the file. Backup tapes are still safe, as is system theft, since the secrets are encrypted and the decryption password is not on the system.

      I'm not talking about password obfuscation. In fact, I specifically pointed out the lack of security with it (ie. the ever-common base64 encoding). That's why I suggest strong encryption, with a passphrase entered on server startup (ie. not stored on the server).

      If the authentication secrets are encrypted and can only be decrypted when someone enters the correct passphrase on server startup, then a compromised system will not result in someone being able to capture the secrets.

      I do think you're starting to understand my point though, since you mention having human intervention when a collection of passwords is accessed. This is what I mean. On server start, the passwords are loaded out of an encrypted file/source, loaded into memory for the processes that need them. This would only be needed on server startup though, not everytime they're needed, relying on system memory protections.

    5. Re:You really have little choice by diverman · · Score: 1

      Not true. This is the type of thinking that I hear so often and people justify choices saying it's the best you can do.

      However, if the credentials used by apps are encrypted (cryptographically strong) and the decryption passphrase is entered only at the time of server startup, then a physical compromise of the system, backup tapes, or the harddrive will not result in a compromise of your secret information. The attacker would still need to know the passphrase used when starting up the system... which is stored somewhere else... like in a notebook in a safe... or maybe on a sticky on the monitor (lame, but still better than on the server being compromised).

      I think the question people don't ask often enough (especially developers), is "Well, IF the system is compromised, what steps could be taken to keep the important stuff protected?" Steps can always be taken to ensure greater protection (never absolute, but greater).

      --
      "The only absolutely secure computer is the one that is disconnected, turned off, and never been used." - Me

  6. Uhh by The+MAZZTer · · Score: 1

    Hashes can't be decrypted (at least, the ideal hash cannot). That's why they're so secure (ideally, again). When the user enters a password, that password is hashed and compared with the stored hash. Thus the real password is never required to be decrypted or exposed.

    1. Re:Uhh by Phillup · · Score: 2, Informative

      I think when the parent refers to a 'hash' he means a perl hash, not a cryptographic hash.

      --

      --Phillip

      Can you say BIRTH TAX
    2. Re:Uhh by grassy_knoll · · Score: 1
      I think when the parent refers to a 'hash' he means a perl hash, not a cryptographic hash.


      Bingo.

      A set of key/value pairs. There's even a wikibook on the subject:
      http://en.wikibooks.org/wiki/Programming:Perl_Hash _Variables

      A hash of hashes is a multidimensional array.
      --
      A Human Right
    3. Re:Uhh by swillden · · Score: 1

      I think when the parent refers to a 'hash' he means a perl hash, not a cryptographic hash.

      And for those who don't use perl but did take some CS classes, a 'perl hash' is just an implementation in perl of the data structure commonly called a hash table.

      So the OP was proposing implementing a library that provided password lookup services. Applications would submit a keyword to the library and get back the password needed for authentication.

      I guess the goal is to make the attacker's life very easy by providing him a nice piece of code from which to retrieve all of the passwords needed by all of the application software that used the module. Rather than having to rummage around in the code of multiple apps, all the passwords would be in one place! Brilliant!

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  7. autoboot vs secure passwords by vanyel · · Score: 3, Interesting

    You either have to store passwords on the system in a way that programs can get to them, which no matter what you do, is insecure, or you have to have someone there whenever the system reboots. And if you've got a vhost server with hundreds or thousands of domains hosted...

    There are two solutions I can think of off hand:

    1. If the application allows, make the database or other sensitive resources append-only by the basic app. Further access requires the user to login with higher level credentials.

    2. Have some sort of media with "read-once" properties; when the system is rebooted (which typically triggers a reset of some sort), the read-once is reset. The necessary connection parameters can be stored here then.

  8. Obvious? by Ahnteis · · Score: 2, Funny

    Plain text. On my desktop. Named "sensitive passwords.txt".

    I'll trade a paper version for a candy bar. :)

    I am your users!

  9. Use a keypair and agent by linuxkrn · · Score: 2, Interesting

    I do this on my servers without using passwords. What I have is a keypair (ssh) that has a very long (256+ chars) passphrase. Then I have a ssh-agent running on the box. Each bash script then sources a file I create in ~/.ssh/my-agent.env that sets $SSH_AGENT_PID and $SSH_AUTH_SOCK.

    Whenever the agent doesn't have a key added, I can just do ssh-add, then enter my passphrase and it is stored in the agent. When I exit, that agent is left running and all scripts then source the env to get to the PID/Sock for my agent.

    This works for shell scripts, but you could use it in other areas too with some code. So even if someone stole the keypair, the would have to brute force the passphrase to use it. And no passwords are kept in my scripts.

    Only requirement is you add a key as soon as you reboot the box or your scripts don't work. A simple ssh-add -l will show keys and you can have the scripts exit/email error if no keys are added to the agent.

    1. Re:Use a keypair and agent by plsuh · · Score: 1

      Only requirement is you add a key as soon as you reboot the box or your scripts don't work. A simple ssh-add -l will show keys and you can have the scripts exit/email error if no keys are added to the agent.

      And there's the problem -- what if you need unattended rebooting, e.g. a box that undergoes an automated reboot to clear a problem? You won't be there to enter the passphrase for the key.

      --Paul

    2. Re:Use a keypair and agent by swillden · · Score: 1

      what if you need unattended rebooting, e.g. a box that undergoes an automated reboot to clear a problem?

      Even if you have some sort of lousy daemon that gets wedged occasionally and has to be restarted, why would you reboot the entire machine? Just restart the service.

      I could see a problem if the machine rebooted due to some other cause, though, such as a power outage that lasted longer than the UPS could manage.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    3. Re:Use a keypair and agent by diverman · · Score: 1

      That's true. Needing a password on entry is a problem if you have a requirement of allowing a system to perform unattended reboots. In many environments, however, this is not an issue. In most cases, I rather a server NOT come back on its own if it somehow reboots on its own. If I'm not rebooting it, I question the trustworthiness of the system anyway.

      Granted, it's not a solution for all... but it's good for many. This is the same problem if you're using a signed SSL certificate requiring a password for use.

    4. Re:Use a keypair and agent by diverman · · Score: 1

      Hmmm... possibly a viable solution in some situations. Thanks. I'll have to look at what ssh-agent can offer and how easily it can be utilized by web apps.

      Largely, I'm looking for options for different environments that I am likely to have to review, and be able to offer solutions that are viable with given constraints.

  10. Don't store passwords, store cryptographic hashes by Anonymous Coward · · Score: 1, Informative

    One approach is to compute a salted cryptographic hash of the user's password and store that instead of the password. A cryptographic hash is a fixed-length 'fingerprint' of some string and provides reasonable guarantees that, given a particular hash it is difficult to determine the string that created it (i.e. the original password) and that finding any string that results in the same hash is also difficult.

    When the user submits their password (over an encrypted channel!), you compute the salted hash for the submitted password and test it against the one you have stored.

    If your database of hashes is compromised, it is difficult for the attacker to find out the users' passwords, as you never stored them.

    Now let's assume that an attacker gets your database of usernames and hashes. People are bad at choosing passwords, so it would not be suprising that two people woudl have chosen the same password. The attacker might take a dictionary of words and common passwords, compute a hash for each one (or just obtain pre-computed hashes for a dictionary) and then compare those hashes to each one in the user database. If they find a match, they have found the password. If two of the hashes in the user database match, the attacker has found two passwords.

    If, before you compute the hash and store it in the database, you 'mix' (e.g. by pre-pending, appending or otherwise) a random string (called the salt, which is also stopred in the database) with the user's password, you can be reasonably confident that the attacher won't be able to easily tell that two users have the same password and will be forced to run their dictionary attack manually, by computing a hash for every combination of dictionary word and salt, for the commonly-used ways of salting passwords, which will make their life much much harder.

  11. Is ssh-agent Safe? by KidSock · · Score: 1
    ... Then I have a ssh-agent running on the box. Each bash script then sources a file I create in ~/.ssh/my-agent.env that sets $SSH_AGENT_PID and $SSH_AUTH_SOCK.

    Whenever the agent doesn't have a key added, I can just do ssh-add, then enter my passphrase and it is stored in the agent. When I exit, that agent is left running and all scripts then source the env to get to the PID/Sock for my agent.

    I do exactly this for my rsync backup. Arguably it's really the best/only way. But what would be better is a krb5-agent so that you can use the same technique with all kerberized applications and not just SSH. Of course this assumes you're just doing intrAnet stuff. For the intErnet, then I guess SSH is still the way to go.

    Also, I have to wonder if ssh-agent is actually safe. It seems to me, it would be possible for a malicous program to deduce the PID/Sock by looking at /proc and trying different sockets in /tmp.

  12. Password Hash by ricky.zhou · · Score: 1

    Why not just store the username/a hash of the password in a cookie?
    The credential check would then be a comparison of the hash and a hashed entry in a database. This way, the password is never stored in plaintext.

    Another method that I've seen involves a one time pad with sessions (stored on the server), so that no single side has sufficient information to determine the password. The only problem with this is that the password length would be revealed .

    Of course, you could then just take advantage of sessions and store it on the server side. For Perl, CGI::Session (http://search.cpan.org/~markstos/CGI-Session-4.13 /lib/CGI/Session.pm) might work.

    Ricky

    1. Re:Password Hash by Theatetus · · Score: 1
      Why not just store the username/a hash of the password in a cookie? The credential check would then be a comparison of the hash and a hashed entry in a database. This way, the password is never stored in plaintext.

      I don't think he's talking about storing client passwords; that's a separate beast. He's talking about the password his web application uses to communicate with the database or the merchant account or WebServiceFoo or... you get the idea.

      Personally I keep the passwords in an encrypted file that requires a password entry to decrypt on server startup. Yes, this means I have to ssh into a box every time apache dies or the server needs to reboot. To me, with my uses and needs, it's worth it. Whether that applies to TFQ's situation I can't say.

      --
      All's true that is mistrusted
    2. Re:Password Hash by diverman · · Score: 1

      Yes, you are right about the clarification of what I was asking. So then, my question to you... what do you use to handle the decryption and loading of passwords in memory for your applications? is it something home grown, or something out there for public use/access. I'm just surprised at the lack of solutions for this. It seems that so many applications out there still just rely on file system permissions to protect secrets, or that combined with base64 (many PHP apps come to mind).

      Anyway... I would be interested in knowing what your implementation is for this.

  13. Data::Encrypted by Anonymous Coward · · Score: 0

    Try Data::Encrypted found on CPAN (http://search.cpan.org/~amackey/Data-Encrypted-0. 07/Encrypted.pm)... From the module description:

    Often when dealing with external resources (database engines, ftp, telnet, websites, etc), your Perl script must supply a password, or other sensitive data, to the other system. This requires you to either continually prompt the user for the data, or to store the information (in plaintext) within your script. You'd rather not have to remember the connection details to all your different resources, so you'd like to store the data somewhere. And if you share your script with anyone (as any good open-source developer would), you'd rather not have your password or other sensitive information floating around.

    Data::Encrypted attempts to fill this small void with a simple, yet functional solution to this common predicament. It works by prompting you (via Term::ReadPassword) once for each required value, but only does so the first time you run your script; thereafter, the data is stored encrypted in a secondary file. Subsequent executions of your script use the encrypted data directly, if possible; otherwise it again prompts for the data. Currently, Data::Encrypted achieves encryption via an RSA public-key cryptosystem implemented by Crypt::RSA, using (by default) your own SSH1 public and private keys.

  14. It's easy. by Pig+Hogger · · Score: 2, Funny
    You write it encoded with a super secret reel (found in all package of Admiral Crunch Hacker Cereals) down on a piece of banana paper using cherry juice so it is only visible when you heat it with a hemp flame, then fold it in 64 and tie it up with a piece of wire, put it in a tiny ziplock bag, dip it in sealing wax and put it in a film canister, which you dip in tar, then wrap it securely in wax paper.

    Put it into a tiny sample jar of pineapple jam which you give to your aunt Emma (aunt Emma doesn't like pineapple jam) for her to put in the barley hopper. So, this way, nobody will know the password and be able to know, unless they read /.

  15. TPM by swillden · · Score: 1

    2. Have some sort of media with "read-once" properties; when the system is rebooted (which typically triggers a reset of some sort), the read-once is reset. The necessary connection parameters can be stored here then.

    This is a good application for a TCPA TPM -- actually, a TPM can make this solution very strong. With a TPM, keys can be "bound" to a particular system state, as determined by the value in a register that stores a hash of all of the system state fed to it. If you encrypt the passwords (or other credentials) with a key that is bound to a particular (known good) system state, then when you get to that state during the startup process you can use that key to decrypt the credentials. Then, if you want, you can hash a bit more data into the TPM state, making that encryption key inaccessible.

    An even better approach, of course, is to use cryptographic authentication to the remote services, bind the authentication keys to a known good system state, and then let the TPM do the calculations so the bound keys never leave the secure hardware. That way you don't even have to have authentication credentials floating around in RAM, and if you've done a good job of hashing the right data into the system state, an attacker can't insert a trojan which makes use of the keys, because the act of inserting the trojan will change the system state and make the keys inaccessible.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  16. Problem is retarded 'complexity' requirements by Gothmolly · · Score: 3, Informative

    Where I work, you must have a capital letter, and at least one number. You must change it every 4 weeks, and you cannot reuse any of the last 9. I consider this just on the verge of silly, but it can easily be circumvented like so:

    Pick a person's name, say, Annakin.
    Add a number or two to the name, Annakin123.
    When the password expires, change to Annakin234, then Annakin345...
    3) Profit!

    Our AD guys are constantly battling the Infosec weenies who claim we need to have even stricter passwd policies, which will result in even MORE Post-It notes underneath keyboards.

    If you share an account over which you have no control, get Passkeeper, or develop a "seed" algorithm, that knowing the code, and the seed word, and the hostname, you can derive the password, so you can easily remember it, i.e.

    Seed is "slash"
    Algorithm = seed + 3rd octet of hostname + first letter of hostname + last letter of hostname.
    (or similar, I just thought this up off the top of my head)

    Immune to all but dictionary attacks, and you and coworkers can easily derive it on the fly.
    Potential security breach? Just change the seed word.

    --
    I want to delete my account but Slashdot doesn't allow it.
  17. There are other options by jbplou · · Score: 1

    There are other ways than storing a password. For example in Windows ASP/ASP.NET you could use a domain account to run your app and then use windows integrated authentication on a SQL Server database.

    1. Re:There are other options by diverman · · Score: 1

      True. There are other ways, and other technologies. Kerberos or other token based single sign-on oriented technologies. Domain logins are fine, IF you're using all MS-based technologies. But combine a system that needs to access an LDAP resource, a PostgreSQL database, AND an SQL Server database... it gets a little tricky. Ideally, identity-session type approaches would be ideal, but is unfortunately not standardized across the board, and not always an option. Heck, just look at one of the most common Java Application Servers in the commercial world today... IBM WebSphere. When you define resources, it still just sticks the password into the XML files. I believe it does a base64 (even in WAS6). I've yet to see anything about enabling true encryption on such credentials for the resource definitions. *sigh*

  18. Re:Don't store passwords, store cryptographic hash by diverman · · Score: 1

    I think you missed the point. This is not storing passwords for the purposes of authenticating users that enter their passwords. Yes, in that case, a hash function should be used (although, why anyone would reimplement such a thing that has been implemented a billions times over is beyond me).

    The situation is not with authenticating user input credentials, but with an application needing to authenticate to remote services/resources (ie. the database connection, an FTP connection, etc). In this case the web application is the thing that is logging into another resource.

  19. Your InfoSec guys are idiots by bill_mcgonigle · · Score: 1

    Our AD guys are constantly battling the Infosec weenies who claim we need to have even stricter passwd policies, which will result in even MORE Post-It notes underneath keyboards.

    If your company has InfoSec guys, it can afford an audit to point out that they're idiots. If your InfoSec guys are confident they'll be happy for outside verification. As you say, Post-It notes. If security is really that important y'all need to be relying on multi-factor authentication, not some dork who wants attention.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  20. JBoss has something for this by diverman · · Score: 1

    http://wiki.jboss.org/wiki/Wiki.jsp?page=JaasSecur ityDomain

    A coworker who has also been looking for options on this came across this page on JBoss's site. At first glance, it seems this is an attempt to deal with the issue first mentioned. I think it's JBoss specific though. And it's just an interface. And of course, RedHat bought them, so who knows what the future of JBoss will be.

    1. Re:JBoss has something for this by diverman · · Score: 1

      Also, for anyone interested, I recently came across this discussion... while rare, it at least does look like people have raised the question before. This link is to a discussion thread from 2004. Although, they do go in loops about a solution.

      http://forum.java.sun.com/thread.jspa?threadID=554 751&messageID=2718194