CERT released an advisory today on DNS Amplification Attacks. These attacks are nothing new; in fact dealing with this kind of load is business as usual for the Tier1/2 providers. But I was surprised with how little apparently CERT has to offer in the way of advice to thwart the attacks.
Follow @jspilmanNote to reader: This SRP vulnerability applies only if a 256-bit modulus is being used. For example, in Blizzard’s Battle.net 2 protocol, the modulus is 1024-bit [1].
In my prior blog post, I explained how an attacker can use a dictionary attack to try to guess users’ passwords based on the recent Blizzard data breach, where they were using SRP to store the passwords. Some readers have pointed out, it is significantly slower to dictionary attack SRP than raw SHA1, so SRP at least protects users who have chosen strong / random passwords. However, depending on the bit-length of the modulus, there may be an improved technique which could allow significantly faster attacks.
Follow @jspilmanBlizzard announced today they they have suffered a major data breach, and sensitive user data was stolen from their servers. According to their statement the specific data stolen includes email address, the answer to the personal security question, and information relating to two-factor authentication. They also lost their SRP server-side verifier database, which is the database they use to verify user passwords.
And despite what Blizzard is claiming, I believe the majority of their users’ plain text passwords have been exposed as well.
Follow @jspilmanMozilla Persona, the public face of the BrowserID initiative, is a fresh, dead simple, and compelling vision for how authentication should work on the web. Unfortunately, it’s also poorly executed and fundamentally flawed. If you are considering using BrowserID for authentication on your website, the following is my personal assessment on the shortcomings, flawed assumptions, and inherent weaknesses of the current implementation as well as the overall architecture that Mozilla has defined.
Follow @jspilmanThere’s been a lot of discussion about hash collisions and birthday attacks in response to my previous post. If you have small children, you already know a birthday attack is a 140 decibel sonic weapon that spontaneously activates sometime between when cake is served and bedtime. In the course of discussing hashing algorithms however, a birthday attack is whole different matter.
Follow @jspilmanNote to reader, this is the first of a two part series. You can find the second part here.
Ever get that dreadful feeling after doing a password reset, when a site kindly emails your password back to you in cleartext? Nothing is more exceedingly stupid than emailing a user their own password, and yet I encounter these sites with uninspiring regularity.
We all know passwords should be salted and hashed, with a hashing algorithm that runs relatively slowly on current generation hardware. Obvious choices are scrypt, bcrypt or PBKDF2, but this isn’t a religious debate on how to hash. What I’m interested in is, what do you do next?
Follow @jspilman