Slashdot Mirror

← Back to Stories (view on slashdot.org)

OAuth, OpenID Password Crack Could Affect Millions

Posted by Soulskill on from the letmein-123456 dept.

CWmike writes "Researchers Nate Lawson and Taylor Nelson say they've discovered a basic security flaw that affects dozens of open-source software libraries — including those used by software that implements the OAuth and OpenID standards — that are used to check passwords and user names when people log into websites such as Twitter and Digg. By trying to log in again and again, cycling through characters and measuring the time it takes for the computer to respond, hackers can ultimately figure out the correct passwords. This may all sound very theoretical, but timing attacks can actually succeed in the real world. Three years ago, one was used to hack Microsoft's Xbox 360 gaming system, and people who build smart cards have added timing attack protection for years. The researchers plan to discuss their attacks at the Black Hat conference later this month in Las Vegas."

4 of 304 comments (clear)

  1. Who doesn't hash/encrypt passwords? by MankyD · · Score: 5, Insightful

    "On some login systems, the computer will check password characters one at a time, and kick back a "login failed" message as soon as it spots a bad character in the password."

    If you do almost any sort of reasonable hashing or encryption algorthm on a password, this becomes a moot point, since the place that fails to match in the string will change. Are there still sites out there that don't do this? Really?

    --
    -dave
    http://millionnumbers.com/ - own the number of your dreams
  2. Re:Add a random delay by Enleth · · Score: 4, Insightful

    No, a random delay just makes it harder for an attacker to determine the nect correct character. The exact theory behind eliminating the random factor eludes me, but several smart people found a way and it's supposedly correct.

    I think the proper way is to "pad" the time so that it's constant. Say, if the password checking algorithm can take from 50us up to 600us, pad it to 1500us (safety margin!) with as much precision as posiible. There might be other code paths to pad, too, such as the one that fires when there's not even such a user, but you still want to display the "wrong password" message, as some systems do.

    --
    This is Slashdot. Common sense is futile. You will be modded down.
  3. Re:Or do not have variable delays at all by Anonymous Coward · · Score: 4, Insightful

    Absolutely not. There is valuable computation done when hashing passwords. There isn't when you continue comparing passwords well after you know they don't match, when you could just as easily yield the CPU to other processes.

    You've been proved wrong. Try to argue the point next time, rather than throwing up strawmen.

  4. Re:Seriously? by disambiguated · · Score: 4, Insightful

    Compiler-optimized code on a 64 bit machine compares 8-bit characters 8 at a time. This guy is trying to force a context switch (upwards of thousands of instructions) to save 4 or 5 instructions. It doesn't save CPU (because of the context switch), it increases the latency, it's harder to code, and may be still vulnerable! sweet.