How to save passwords more secure?!

Sun Jun 22 07:24:46 EDT 2008

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi.

I kind of felt I had to answer this one too, despite the many answers
already made.
> I am writing to you because of something I would consider a
> more or less security vulnerability. It is nothing, that is
> exploitable remotely or that I would consider an exploit at
> all, but I would like to talk about it with you because it
> could be designed a better way.
I'll do my best.
> The passwords for the accounts are saved in cleartext, which I
> would consider insecure.
See the link someone has provided. Any program that has to store
passwords and be able to use them later has to be able to decrypt
them. So if that program can decrypt them, any other program can. It's
just basic maths. More on this later.
> The program can be found here:
> http://wired-security.net/releases/others/pidgindump.rb.txt ...
>
> With some simple ruby routines and regex you can get the passwords
> of the accounts.
I'm pretty sure there's a ruby XML parser that would allow for a far
more elegant solution. I'm pretty sure the whole thing could be
written with a bash grep/sed one-liner (with less fancy ouptut, i admit).
Also, as a general unrelated thing, rather than :
if(stuff)
do morestuff()
else
output("error : stuff")
You might want to do :
if(!stuff)
output("error : stuff")
esle
do morestuf()

It makes code reading much much easyer and requires less comments to
understand.
> This is nothing problematic until the following point: A users computer
> gets compromised by a virus. The virus could simply read out all the ICQ
> UINs and can be quite sure the other ICQ user (those the UIN belongs to)
> has granted access to OUR user to write messages. So the whole concept
> would
> end up in a worm, that uses those two files (accounts.xml / blist.xml) to
> get victims. The worm could silently establish a connection to the ICQ
> network and send instant messenges to the other users. They will most
> likely
> trust them and maybe follow a link to download the worm or to a webpage
> attacking the victim via exploits or whatever the worms authors fantasy
> is capable of.
Yes indeed. Nothing is problematic until you have a virus. Then you
have a problem : the virus.

Now, let's say we encrypt those passwords with any modern symetric
block cypher. We have to be able to decrypt them in order to be able
to use them right ? So, let's store the key in another file.
Now, from the attacker's point of view, what does it look like ?
Fairly simple : copy/paste pidgin's sourcecode from password
decryption, put it in the worm. Pidgin is open source. If pidgin can
decrypt the passwords, so can the worm. The worm could even be written
as a pidgin plugin, so it wouldn't have to care about how to retrieve
the passwords.

Yes, msn/trillian/aim might encrypt their passwords. But they can be
recovered to.
Just give a look at this : http://www.nirsoft.net/utils/mspass.html

So the idea is, simple encryption will protect you from your little
sister, not rom a guy who can copy/paste code and compile it. Or
rather, not from someone who can use a search engine and run code
written by someone else. The idea behind cleartext passwords is that
it actually prevents social engineering attacks, because you won't
give your cleartext passwords to anyone, whereas you'd be less worried
about encrypted passwords (this is _why_ we have cleartext).

The thing is, if you can't trust your computer, there's not that much
you can actually do. Even if there was a "totally unbreakable password
storage system", one could still use get the passwords. How ? well
they're in memory. And most operating systems offer ways to access
another process's memory, typically debug APIs (ptrace(),
OpenProcess()).

> So my question is: Isn't there a more secure and better way to save
> passwords
> (and if possible the buddylist) to ensure, that an attacker having access
> to
> the victims computer can't simply read them out?
Actually, there is a "better-but-still-not-perfect" way.
> Just a suggestion: Would it work to make something like a hash algorithm
> (maybe
> use an existing like SHA-512) or what I would consider even better: How
> about
> having a master password, that decrypts the passwords?
Hashing is impossible, since we have to be able to re-use the password
afterwards.
Now, you've got an interesting point, about master passwords. And the
cool thing is : we're working on it.

There is a Google Summer of Code project that aims at exactly that :
not storing passwords as cleartext. The idea is to rewrite part of the
password-related API so password managment can be handled by a plugin.
Once this is done, we can easily write a plugin that uses window's
protected storage, KWallet, Gnome-Keyring, or whatever password safe
to store passwords, with or without an additionnal "master password"
protection. We're also planning to include a standalone plugin that
will allow master password protection.

More (well, at least some) info can be found here :
http://developer.pidgin.im/wiki/GSoC2008/MasterPassword

A general idea when talking about cryptography and information
protection is "if you can't trust your computer, you're in trouble".
Let's look at the pgp design : we've got a secret key we want to
protect at all cost. It's even encrypted using a key derived from a
passphrase. Now, what happen's if your computer is compromised and
someone ptraces the pgp version you're using ? What happens if someone
replaces the pgp version you're using ?
Well, they'll just get your key. Sames go with ssh btw. There are
patched version of the openssh client that will steal password or
passphrases. Pgp and ssh assume you're typing your stuff on a trusted
machine.
So yeah, if you don't/can't trust your machine, don't type or store
sensitive information on it.
>
> Thanks for your attention,
You're welcome. I hope I answered most of your questions.

- -- Vivien

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIXjZ930k75O5OLaURAvWAAJ49iLwV8sJ34OKggcNdOcfwCUjTTgCgs5Qm
ABOAqBQrw8yheQ1cgC/KdxQ=
=rsPs
-----END PGP SIGNATURE-----