Storing passwords in a Hashed format - java

In my application, users create data then use their secret key to calculate a hash. The data with the appended hash are sent to the server.
The server recalculates the hash using the private key it has listed for the user.
Now, on the server's side, I obviously can't store the secret key in plain-text. However, I also can't do a one way store using Hmac, because then, when I recalculate the hash on the data, it will give a different response.
What is the best way to store user's secret password on the server side?

The best way is what you are doing now. I mean the password is never stored either as plain text nor in encrypted reversable form. I did not exactly understand your problem but if you want to make the system truly secure find solution for your problem without using user's password in plain form.
But if you indeed need this I'd recommend you at least to store passwords in DB encrypted. The encryption password should be also hidden somehow to make potential hacker's work harder. But note: once you do it the system becomes breakable and all depends only on the hacker's professional skills and motivation.

Related

AES encrypt/decrypt with stored key?

I am currently programming a password manager.
The passwords are stored in a database. But now I want to encrypt the passwords in the database. I don't know anything about encryption, but I came across the AES algorithm.
Encrypting/decrypting in a single class with a string works. However, when I want to transfer this to my PW Manager, a new key is generated each time, which is why I can no longer access the stored passwords. So I think I need to store the key somewhere so I can encrypt and decrypt the passwords over and over again, right?
If I am wrong, please correct me :)
My questions now are:
1. How and where can I store the generated key?
2. Does it even make sense to save the key? Or are there better methods for this?

Best way to password protect a Java console application

I am looking for a best-practice or standard method to password protecting a console application. I have researched various methods and would like some feedback on my approach.
I have decided to hash my password using Argon2 so that I only have to store the one-way hash. Everything is working as expected. The question I have is where do I store the hash? Should it be hard-coded? Should I store it in a separate file and read it in? What is the most secure way to approach this? At the end of the day I am writing this application to learn and would very much like to learn to do it the correct way. Links to any relevant reading material would also be appreciated. I continue to google...
EDIT: So what would the potential drawbacks be if I stored program password as hash in a file. The user would have to know the password to use the application. Then let the program password that is protected by the hash be the encryption key to secure the sensitive information? Even if the source code and/or hash file is manipulated, the sensitive data would not be readable since the correct password is used as the key...what am I missing?
First of all, Argon2 is a fine key derivation function for turning passwords into encryption keys.
However, if you are using the Argon2 hash as an encryption key, then don't store it on disk, obviously. If you store the encryption key next to the encrypted data you might as well not encrypt at all. One could even argue that it's worse, because it gives a false sense of security.
Properly encrypted data is useless without the key, so you don't have to protect the application itself. Just ask for the password if and when you need to encrypt or decrypt something. You can consider keeping the hash in memory for a while so you don't have to ask for it repeatedly, but don't persist it.
This is exactly how GPG works, for instance. It doesn't store any password hashes anywhere. Instead it stores private keys encrypted and just asks for the passphrase if it needs to decrypt a private key.

Securing Password on Java Program

I have a program where the username and password is hard coded. So I want to pass that Executable JAR file to colleagues working in the same network. I want to secure the Password and don't want to reveal it to anyone. Is there a way where I can pass on the JAR File and keep my password secure without anybody coming to know about the password.
Maybe if there is a way of storing some password in a file and keeping it on a server and every time, the JAR file tries to run, it picks up the pass from the remote file?
Your headline and the content of your question are somehow contradicting. A hardcoded password ain't secure in the very first place.
I would recommend a different design: create some kind of service that allows access without a password; for example based on the network address of the client. That service would then be the only piece that really needs to know this password. And come the day that have to change something (like the password, or the actual software you are using) ... there will be only one thing you need to change.
Meaning: configure your JAR to trigger some RESTful service for example ... which in turn internally calls whatever application needs that username/password.
You could use a salted hash (hashing a random number + the password). It would ask them for a password and would hash the password and salt and compare it to the stored one. This is very weak security but is at least better than comparing it to a hardcoded password.
The hash function should be cryptographically secure, like SHA256. If you're not familiar with cryptographic hashes, it takes data of any size and mangles it down to a small fixed size fingerprint (MD5 is 128 bits, SHA1 is 160 bits, SHA256 is 256 bits, etc)
Here are examples of md5:
md5("abc"): 900150983cd24fb0d6963f7d28e17f72
md5("not secure"): 116e54e126621ed4070b2f30ebc07fec
So instead of storing the password "not secure" in your file, store the hash "116e54e126621ed4070b2f30ebc07fec" instead.

Changing encryption algorithm

Does anyone know good tutorials to change PBEWithMD5AndDES encryption algorithm to AES for a Java application? Specially , I want to know what precautions I should take while changing this algorithm to more secure one. Any important test cases to check before and after algorithm changes. Another question is since I have used PBEWithMD5AndDES , most of the user passwords are encrypted using that algorithm. So if I change my algorithm to AES , how do I make sure that decryption of passwords happen with old algorithm while I can still use new algorithm for any new encryption.
Normally you wouldn't encrypt a users password, you'd just hash it with a salt instead.
Migrating from one encryption system to another is going to be a bit of a pain, as I see it you have two options:
During the upgrade process decrypt then re-encrypt all the passwords
Add a flag indicating the encryption method used. All existing passwords will obviously be set to the current standard. New users will be set to whatever method you choose and you can migrate other users when they change their password.
If you've already got data encrypted in format a, and you want to start using another encryption scheme, b, I can think of two ways to accomplish this:
Decrypt all of your data and re-encrypt it using `b`. This approach would be good when you can take your data store offline and "fix everything at once."
For each item you attempt to decrypt, try to decrypt it using `b` first. If that fails, decrypt it using `a`. The next time you try to encrypt something, make sure you use `b`. This approach could be used when you can't take your data store offline, but you want to encrypt all of your data using another algorithm. All of your data will eventually be encrypted using the other algorithm.
There's really no problem changing algorithms. What you need to do is decrypt the cipher text and then encrypt the resulting plain text with the new algorithm. That's straightforward. If you are going to perform this transition over time, I would suggest creating a new database table that keeps track of whether a particular entity (based on unique id) has been transfered to the new algorithm. If it has, then you simply use the new algorithm to decrypt it and you can forget about it, if not, then you use the old algorithm to decrypt it. Regardless though, all new encryption should be performed with the new algorithm.
Now, there's a second issue here. Why are you bothering to decrypt passwords? Just save the hash of the password and forget about it. If you are able to decrypt passwords, you introduce a potential vulnerability. If a malicious user can get a hold of your key you use to encrypt those passwords, then they could access the plain text of the password. Not only could the user then use that information to compromise your system, if your users use the same username/password combination for other sites, those accounts would be compromised as well. You should only store a hash of the password (SHA is a good one, don't use MD5) and then when the user attempts to log in, you hash the input and compare the two results. You have no need to know what the plain text password is.
you may look into ESAPI - java http://code.google.com/p/owasp-esapi-java/
ESAPI 1.4 was using PBEWithMD5AndDES, but in 2.0 they introduced AES
check their mail chain here
you may check the difference between the two implementations
PBEWithMD5AndDES is a method of taking a user's password and from it deriving an encryption scheme that can be used to protect further data. It is not a method of verifying a password, nor of encrypting one.
If you are only interested in password validation, then decrypt the passwords and replace them with a secure hash and in future match the hashes. You will also need your password reminder service to a password reset service.
The question is where is the password you are passing into the PBE algorithm coming from? If it is a fixed password for your application, then you just need to replace it and perform some kind of rolling upgrade. As an observation, if you are storing encrypted data as text, either hex or base-64 encoded, there are characters that cannot appear in the text output and which you can hence prepend to indicate a newer encryption scheme. For example the : character does not appear in base-64. That will allow you to identify what has been upgraded and what has not.
If the passwords are coming from the user, then each user has their own password derived cipher. In this case you can only re-encrypt whatever data has been encrypted with the user's cipher when the user provides their password.
The most direct replacement is going to be along the lines of PBEWithSHA256And256BitAES. Unfortunately, this is not supported by Java 6, so you will need a 3rd party JCE library such as Bouncy Castle. Bouncy Castle offers PBEWithSHA256And256BitAES-CBC-BC, which would be a suitable replacement.
The process of upgrading the cipher is a challenge. Whatever data has been encrypted with DES can only be decrypted with the user's password. I assume you do not have access to the passwords. This means you can only re-encrypt the data when the person who knows the password provides it. You are going to have a long period of time when your system contains a mixture of ciphers, so you need a way of identifying what is converted.
If we are talking about files, you could change the file suffix, or the folder they are stored in. If we are talking about BLOBs in a database, you could add an extra column to the database table to say what the encryption method is. If neither of those are possible you could add some form of header to the data to indicate that it has been encrypted in a new way. That's slightly risky as your existing data has no header and there is an outside chance it will match the new header by accident.
It may also be advisable to keep a list of which users have not yet had their data converted so you can prompt them to convert.

Hide Password Content in Source Code

Does anyone know how to hide the password contents in the source code of a j2me program? i.e. so people cannot see "DBT" as password who read the source code.
public void validateUser(String user, String Password) {
if (user.equals("N0203251") && Password.equals("DBT")) {
switchDisplayable(null, getContinue());
}
}
As other have said. Store the hash, though you still need to use a strong password or an automated guesser will find the one you're using.
But, be warned:
If your attacker has access to the source code he/she/it can alter the stored password hash or just remove the password check.
So this method is of little use unless you can verify the integrity of the code being run, which is hard.
When it comes down to it, you've written a back door into the program. That's a Bad Thing - don't do it.
Like others have said, you can do better by using a hash, but a couple critical things are left out. When someone guesses the password, they'll know the password for every installed copy of your software. Since the password is hard coded, nobody will be able to change it or revoke it, so you'll have inserted a back door in the program that nobody can eliminate. And if you rely on that password ofr any communication with other resources, you can't ever change it - at least, not without significant additional work.
What you should really do is place the password in an external location, such as a hardware security module, or password file, or database table. Then, implement a full password change and rotation mechanism - honestly, this should be pretty much the same mechanism you use across all your passwords.
You could store the hash (MD5 / SHA1) of the password instead and compare this with the hash of the supplied passwords.
Make sure you calculate the hash externally to avoid having the original password mentioned anywhere in the executable.
Use a function that hashes the password - keep the hash of a password in the source, not the password itself.
A quote from that page:
A related application is password
verification. Passwords are usually
not stored in cleartext, for obvious
reasons, but instead in digest form.
To authenticate a user, the password
presented by the user is hashed and
compared with the stored hash. This is
sometimes referred to as one-way
encryption.
If you are storing the application on the user's mobile device, the best you can do is try to obscure the password. I would recommend doing some sort of hashing algorithm (maybe SHA1) or a key derivation algorithm like PBKDF2 and storing the result rather than comparing against the plaintext password.
Storing the hash instead the password buys you absolutely nothing. Since it is now the hash being used to authenticate instead of the password, reading the source code (or reversing the object code) will reveal the hash and allow the attacker to authenticate.
The answer to these questions is always the same. You can't achieve any measurable security if you use hard-coded client-side secrets no matter what you do. The best you can do is obfuscate enough until you get a warm fuzzy feeling that it is good enough.

Categories

Resources