Secret-in.me. A pentester design of password secret manager

Size: px

Start display at page:

Download "Secret-in.me. A pentester design of password secret manager"

Norma Waters
5 years ago
Views:

1 Secret-in.me A pentester design of password secret manager

2 Who am I? Security engineer Working at SCRT France!

3 Password manager Password A string Secret Information shared by very few people You have to remember You should find a way to share it. To authenticate yourself Only the concerned people should access it. Others can't guess Very hard for human mind. Try to remember 4csVIus9TG82BXRedA5B5gAZjHKm7dNa Multiple services => multiple passwords Impossible to do with your mind Try to remember 235 random strings...

4 Password manager Company's headache : managing access authorization Multiple equipment Employees in and out SSO/LDAP binding KEEPASS Linked to the Active Directory Not easy to share Centralized management Centralized management One private password by employee Work with any services Multiple access to the service One private password by employee Access log rely on the service One access to the service Service should support SSO! Useless access log on the service

5 Password manager Pentest time Pick your favorite vulnerability WPAD + weak password Outdated software Default passwords... SSO/LDAP binding KEEPASS Identify user using keepass Wait for the keepass to be unlocked KeeFarce Do it for every users

6 Password manager What's a good secret manager? (from our point of view) Secret encryption with standards => Obvious Open source => To check claimed security Limited dependencies => Reduce trust surface Cryptography not written by us => Crypto is hard Double authentication standard => Obvious Sharing possibility => Needed in company Logging possibility => Needed in company Browser integration => Easier to use

7 Secret-in.me TADAAAA! Started in 2015 after Gandi 15 years anniversary Improved a lot more recently

8 Secret-in.me Reduce trust surface "We don't want to install new client software" Maintenance, backdoor We trust the browser (I hope you do) W3C wrote WebCryptoAPI Browser can do cryptography! For now, only Blink (google chrome and chromium engine) support every standards. You only have to trust your browser and secret-in.me Unfortunately not if you want a pretty UI...

9 Secret-in.me Storage JSON is easy to transport Write it on file anywhere (like keepass) Use a server to save it for you Cryptography is done client side Compromised server can't read your secrets Compromised network can't read your secrets Using server can add privileges and logging dimension Read only, Read/write, Read/Write/Share Who, what, when

10 Secret-in.me How it works Cryptographic layer

Registration Username SHA256 Passphrase PBKDF2 SHA256 256 bits random salt 100 000 + (random%255) iterations Derived Key Wrapping with

11 Registration Username SHA256 Passphrase PBKDF2 SHA bits random salt (random%255) iterations Derived Key Wrapping with AES-CBC-256 Key pair RSA-OAEP 4096 SHA256 IV + Wrapped private key Derivation parameters SHA256(username) IV + Wrapped private key Public key Insecure server

12 Server View { } "0a041b9462caa4a31bac3567e0b6e6fd db2ab433d96f6d178cabfce90": { "keys": {}, "pass": { "iterations": , "salt": "1e473abdb40125b8f07b6a f2fed862ffa4c81cbcb5db17de7aebcf48" }, "privatekey": { "iv": "ee73cf febc74d5d6f8720f4", "privatekey": "47da2b54a55198[...]9e0d64fda2db9211ad7d6394a9d7" }, "publickey": { "alg": "RSA-OAEP-256", "e": "AQAB", "ext": true, "key_ops": [ "encrypt", "wrapkey" ], "kty": "RSA", "n": "nggkuqrdlpqrggbzkmx-[...]hlt9wefh5tqrbobcffez8" } }

13 Login Username SHA256 0a041b946ef12a6... Passphrase PBKDF2 SHA256 Derived Key Derivation parameters + Public key + IV + Wrapped private key Unwrapping with AES-CBC-256 Private key "Authenticated" user Response

14 Secret creation SHA256 Title Secret ID Secret Random shared key Timestamp Encryption with AES-GCM-256 IV + Encrypted secret Public key Wrapping with RSA-OAEP Secret ID IV + Encrypted secret Wrapped shared key Wrapped shared key Insecure server

15 { } "secrets": { "0839fb4655ea32255f60e4e37fe07e207be65774d8a9255bc faeaead7": { "iv": "2e16d955f86c6589d821c7a1", "secret": "873c828e20ef4909cf[...]5640ac4b", }, }, "users": { "0a041b9462caa4a31bac3567e0b6e6fd db2ab433d96f6d178cabfce90": { "keys": { "0839fb4655ea32255f60e4e37fe07e207be65774d8a9255bc faeaead7": { "key": "98fef3afc43e7f3d[...]26b2f833b972b3d54", }, }, "pass": { "iterations": , "salt": "5dd0c60727bc84e49f0fa271bb4e7188d750e10eb0ae868df008d " }, "privatekey": { "iv": "23ddc5828a2533c1b23ca5ffa7eb4cb0", "privatekey": "6fa526a3c a8e033[...]8e9d8937c21db55b" }, "publickey": { "alg": "RSA-OAEP-256", "e": "AQAB", "ext": true, "key_ops": [ "encrypt", "wrapkey" ], "kty": "RSA", "n": "von4sq1swk9bkeqxwmkg7n[...]drk24tkxjxhj1vxldjiim" } } }

16 Secret retrieval Give me my keys List of IDs + Wrapped shared keys Give me the secret 80ae13... Private key Wrapped shared key Unwrapping with RSA-OAEP IV + Encrypted secret Shared key Decryption with AES-GCM-256 Secret

17 Secret sharing Friend username Private key SHA256 Friend ID Wrapped shared key of secret you want to share Unwrapping with RSA-OAEP Friend public key Shared key Wrapping with RSA-OAEP Wrapped shared key for friend Friend ID Secret ID Wrapped shared key

18 Secret-in.me How it works Logic layer

19 Registration / Login Username SHA256 Passphrase PBKDF2 SHA bits random salt (random%255) iterations SHA256 hashed derived key Derived Key SHA256 derived key Username: 0a041b946ef12a6... Hashed derived key 0bc12feaa12331c... Insecure server

20 Authenticated actions SHA256 Username Datas signed with RSA-PSS Action datas Datas + signature Retrieve public key from claimed hashed username Verify signature with RSA-PSS

.. Save it to the user datas Insecure server Verify TOTP token Username:

21 Double authentication (TOTP) Activation Generate 256 bits random seed SHA256 derived key XOR seed with hashed derived key... Save it to the user datas Insecure server Verify TOTP token Username: 0a041b946ef12a6... Hashed derived key 0bc12feaa12331c TOTP Token Insecure server XOR saved seed with hashed derived key Login

iterations Derived Key IV + Protected private key Wrapped protection key IV Wrapping with

22 Double authentication (Trusted device) Activation Device name Username Random protection key Wrapping with AES-CBC-256 Shortpass PBKDF2 SHA bits random salt (random%255) iterations Derived Key IV + Protected private key Wrapped protection key IV Wrapping with AES-CBC-256 Derivation parameter SHA256(Device name) Wrapped protection key without IV Insecure server

Double authentication (Trusted device) SHA256 Username Shortpass Device name PBKDF2 SHA256 Derived key Login 0a041b946ef12a6... cd0155eff6ef223.

23 Double authentication (Trusted device) SHA256 Username Shortpass Device name PBKDF2 SHA256 Derived key Login 0a041b946ef12a6... cd0155eff6ef Derivation parameters + Public key SHA256 SHA256(Hashed derived key) Hashed derived key Unwrapping with AES-CBC-256 Wrapped protection key Wrapped protection key IV Unwrapping with AES-CBC-256 Wrapped private key "Authenticated" user

24 Secret-in.me Technologies Server in nodejs to stay in JavaScript world CouchDB Database Smart conflict management Made for easy replication Client side library without any dependencies Client app using ReactJS

25 Secret-in.me DEMO

26 Secret-in.me Problem How can I save my windows password in it? I need windows access to launch my browser Solution

Secret-in.me Available on https://secret-in.me Server (redis+couchdb+api) bundled by docker-compose Library shipped in npm github.

27 Secret-in.me Available on Server (redis+couchdb+api) bundled by docker-compose Library shipped in npm github.com/secretin/secretin-lib Client github.com/secretin/secretin-server github.com/secretin/secretin-app Windows black magic github.com/secretin/secretin-windows

28 Secret-in.me roadmap Find a logo! Offline mode (in beta) React-native app for ios Improve UI:UX Add loading information Add error information Improve documentation for easy self hosting How to setup couchdbv2 with master master replication... Add application settings (auto close, secret generation options...) Obfuscate private key in memory when decrypted

A team-oriented open source password manager with a focus on transparency, usability and security.

A team-oriented open source password manager with a focus on transparency, usability and security. SCRT Who am I? Florian Gaultier Security engineer in charge of SCRT France I break things for a living,