I'm not the most experienced programmer especially when it comes to desktop applications.
Just an experiment that I am working on is taking a password, hashing it with MD5, then displaying the hash. No problem there.
Now, I know virtually nothing about data structures and how things are stored on the stack. But the aim is for this program to securely handle the password and the MD5 hash so it doesn't leak out into memory and could be potentially recovered.
I've read a number of posts about this, but they all are more concerned with actually storing the password in memory to be retrievable.
Here is the relevant code:
String pass = new String(passwordField.getPassword());
pass = Hashing.md5().hashString(pass, Charsets.UTF_8).toString();
hashField.setText(pass);
And to put it into perspective, link to a screenshot of whats going on:
http://imgur.com/CbNuGtE
As far as I know, I'm retrieving the input from the password field correctly, but I've read storing them as strings is a no-no.
Then I need to display the MD5 sum securely.
Then upon exit, overwrite the data?
Related
I am looking for a best-practice or standard method to password protecting a console application. I have researched various methods and would like some feedback on my approach.
I have decided to hash my password using Argon2 so that I only have to store the one-way hash. Everything is working as expected. The question I have is where do I store the hash? Should it be hard-coded? Should I store it in a separate file and read it in? What is the most secure way to approach this? At the end of the day I am writing this application to learn and would very much like to learn to do it the correct way. Links to any relevant reading material would also be appreciated. I continue to google...
EDIT: So what would the potential drawbacks be if I stored program password as hash in a file. The user would have to know the password to use the application. Then let the program password that is protected by the hash be the encryption key to secure the sensitive information? Even if the source code and/or hash file is manipulated, the sensitive data would not be readable since the correct password is used as the key...what am I missing?
First of all, Argon2 is a fine key derivation function for turning passwords into encryption keys.
However, if you are using the Argon2 hash as an encryption key, then don't store it on disk, obviously. If you store the encryption key next to the encrypted data you might as well not encrypt at all. One could even argue that it's worse, because it gives a false sense of security.
Properly encrypted data is useless without the key, so you don't have to protect the application itself. Just ask for the password if and when you need to encrypt or decrypt something. You can consider keeping the hash in memory for a while so you don't have to ask for it repeatedly, but don't persist it.
This is exactly how GPG works, for instance. It doesn't store any password hashes anywhere. Instead it stores private keys encrypted and just asks for the passphrase if it needs to decrypt a private key.
In my application, users create data then use their secret key to calculate a hash. The data with the appended hash are sent to the server.
The server recalculates the hash using the private key it has listed for the user.
Now, on the server's side, I obviously can't store the secret key in plain-text. However, I also can't do a one way store using Hmac, because then, when I recalculate the hash on the data, it will give a different response.
What is the best way to store user's secret password on the server side?
The best way is what you are doing now. I mean the password is never stored either as plain text nor in encrypted reversable form. I did not exactly understand your problem but if you want to make the system truly secure find solution for your problem without using user's password in plain form.
But if you indeed need this I'd recommend you at least to store passwords in DB encrypted. The encryption password should be also hidden somehow to make potential hacker's work harder. But note: once you do it the system becomes breakable and all depends only on the hacker's professional skills and motivation.
My app needs to encrypt some data (a user session token). Most examples I see around have a method that generates a Key using a passphrase and a salt, like:
public static Key generateKey(char[] passphrase, byte[] salt) {
...
}
My understanding is that we have three options for generating the passphrase:
Have the user enter it every time the app starts (annoying to the user).
Hard-code the passphrase into the app itself. More convenient for the user, but someone can find out what your passphrase is given your app binary.
Randomly generate a passphrase, but then we have to store the generated Key on disk. Now we've just shifted the problem to having to store the key securely on disk, which also seems impossible. If the attacker finds the generated key, big problem.
Option #1 won't work for me. Options #2 and #3 seem inherently flawed, unless I'm grossly misunderstanding how to go about this (hoping that I am). What's the recommended way to do this if we can't go with #1? Do we put in a bunch of obfuscated hoops for an attacker to jump through and hope for the best?
Thanks
"Do we put in a bunch of obfuscated hoops for an attacker to jump through and hope for the best?" Basically yes. The size and number of the hoops being how hard you want to make it.
If you are not using a server, then whatever you do to obsfucate and encrypt your data is reversible. However, you can make it REALLY hard. For example, a technique I used to protect some video assets.
Replaced the first 1024 bytes of the header (it's MP4) with 1024 bytes taken from the middle of one of the apps image assets. I tried several repairers, all of which failed to automagically recover the file - although it can be done manually. Then...
Encrypted the file using a private key which is 256 bytes taken from another image asset.
When the key is extracted, it's hashed through an algorithm which does all kinds of otherwise non-sensical maths to mangle the key.
Used a pre-compile obsfucator.
I've tried myself to reverse engineer this, even knowing how it's done, and it's so hard as to make the effort not worth the result.
There are numerous discussions on SO which summarise as; If you simply want to stop copying, make it difficult (cost vs reward) but otherwise sleep easy because there is ultimately nothing you can do. If the data is commercially sensitive, then a server coupled with system level security (e.g whole device encryption and no root) is required.
You store the salt along with the encrypted data, it is not secret information. You can derive the key on either something the user enters, or some sort of a device property: (hashed) IMEI, MAC address, etc.
Basically, think who are you protecting your data from and why. Since the user needs this, there is not much point trying to protect it from them. If you store this in a private file, other apps cannot read it on a non-rooted phone. If you want to protect it on rooted phones, encryption might help, but as long as the key resides in the app, or is derived based on something on the device, it is only making it harder, not impossible to recover.
Android does have a system-wide keystore service, but it has no public API and is subject to change. You could use that to protect your key(s), if you are willing to take the risk of your app breaking on future versions. Some details here: http://nelenkov.blogspot.com/2012/05/storing-application-secrets-in-androids.html
Does anyone know how to hide the password contents in the source code of a j2me program? i.e. so people cannot see "DBT" as password who read the source code.
public void validateUser(String user, String Password) {
if (user.equals("N0203251") && Password.equals("DBT")) {
switchDisplayable(null, getContinue());
}
}
As other have said. Store the hash, though you still need to use a strong password or an automated guesser will find the one you're using.
But, be warned:
If your attacker has access to the source code he/she/it can alter the stored password hash or just remove the password check.
So this method is of little use unless you can verify the integrity of the code being run, which is hard.
When it comes down to it, you've written a back door into the program. That's a Bad Thing - don't do it.
Like others have said, you can do better by using a hash, but a couple critical things are left out. When someone guesses the password, they'll know the password for every installed copy of your software. Since the password is hard coded, nobody will be able to change it or revoke it, so you'll have inserted a back door in the program that nobody can eliminate. And if you rely on that password ofr any communication with other resources, you can't ever change it - at least, not without significant additional work.
What you should really do is place the password in an external location, such as a hardware security module, or password file, or database table. Then, implement a full password change and rotation mechanism - honestly, this should be pretty much the same mechanism you use across all your passwords.
You could store the hash (MD5 / SHA1) of the password instead and compare this with the hash of the supplied passwords.
Make sure you calculate the hash externally to avoid having the original password mentioned anywhere in the executable.
Use a function that hashes the password - keep the hash of a password in the source, not the password itself.
A quote from that page:
A related application is password
verification. Passwords are usually
not stored in cleartext, for obvious
reasons, but instead in digest form.
To authenticate a user, the password
presented by the user is hashed and
compared with the stored hash. This is
sometimes referred to as one-way
encryption.
If you are storing the application on the user's mobile device, the best you can do is try to obscure the password. I would recommend doing some sort of hashing algorithm (maybe SHA1) or a key derivation algorithm like PBKDF2 and storing the result rather than comparing against the plaintext password.
Storing the hash instead the password buys you absolutely nothing. Since it is now the hash being used to authenticate instead of the password, reading the source code (or reversing the object code) will reveal the hash and allow the attacker to authenticate.
The answer to these questions is always the same. You can't achieve any measurable security if you use hard-coded client-side secrets no matter what you do. The best you can do is obfuscate enough until you get a warm fuzzy feeling that it is good enough.
Suppose there is a String variable that holds a plain text password.
Is there any possibility of reading this password using a memory dump. (Suppose using cheat engine.) I am puzzled with this JVM thing. Does JVM provide some sort of protection against this. If no what are the practices that I need to use to avoid such "stealing".
A practical threat would be a Trojan; that sends the segments of the memory dump to an external party.
As already noted, yes, anybody can extract the password, in various ways. Encrypting the password won't really help -- if it's decrypted by the application, then the decrypted form will also be present at some point, plus the decryption key (or code) itself becomes a vulnerability. If it's sent somewhere else in encrypted form, then just knowing the encrypted form is enough to spoof the transaction, so that doesn't help much either.
Basically, as long as the "attacker" is also the "sender", you're eventually going to get cracked -- this is why the music and video industries can't get DRM to work.
I suggest you pick up a copy of Applied Cryptography and read the first section, "Cryptographic Protocols". Even without getting into the mathematics of the actual crypto, this will give you a good overview of all sorts of design patterns in this area.
If you keep the password in plain text in your application then someone can read it by playing with memory dumps regardless of the language or runtime you use.
To reduce the chance of this happening only keep the password in plain text when you really need to, then dump or encrypt it. One thing to note here is that JPasswordField returns a char[] rather than a string. This is because you have no control over when the String will vanish. While you also have no control over when a char[] will vanish you can fill it with junk when you are done with the password.
I say reduce as this will not stop someone. As long as the password is in memory it can be recovered, and as the decryption has to also be part of the deliverable it too could be cracked leaving your password wide open.
This has nothing to do with Java - the exact same problem (if it really is one) exists for applications written in any language:
If the executable contains a password, no matter how obfuscated or encrypted, everyone who has access to the executable can find out the password.
If an application knows a password or key temporarily (e.g. as part of an network authentication protocol) then anyone who can observe the memory the application is executing in can find out the password.
The latter is usually not considered a problem, since a modern OS does not allow arbitrary applications to observe each other's memory, and privilege escalation attacks typically rely on different vectors of attack.
If the program knows the password, anybody using the program can extract the password.
In theory you could just hook it up to the debugger... set a breakpoint...and read the string contents