SCRAM authentication Heikki Linnakangas / Pivotal

Similar documents
SCRAM authentication Heikki Linnakangas / Pivotal

SCRAM authentication. Michael Paquier VMware 2017/12/06, PGConf Asia 2017

Authentication in PostgreSQL Michael Paquier VMware 2018/05/31, PGCon 2018

Securing PostgreSQL From External Attack

Securing PostgreSQL From External Attack

Securing PostgreSQL From External Attack

NYC PostgreSQL User Group New York. Magnus Hagander

Computer Security 3/20/18

Computer Security. 08. Authentication. Paul Krzyzanowski. Rutgers University. Spring 2018

Secure PostgreSQL Deployment

Network Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions

Password. authentication through passwords

Secure PostgreSQL Deployments

OS Security. Authentication. Radboud University Nijmegen, The Netherlands. Winter 2014/2015

CS 161 Computer Security

Strong Password Protocols

The LinkedIn Hack: Understanding Why It Was So Easy to Crack the Passwords

Attacking Your Two-Factor Authentication (PS: Use Two-Factor Authentication)

Computer Security 4/12/19

CS 161 Computer Security

Study Guide for the Final Exam

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

OS Security. Authentication. Radboud University Nijmegen, The Netherlands. Winter 2014/2015

Cryptographic Hash Functions. Secure Software Systems

Lecture 4: Hashes and Message Digests,

Network Working Group. Category: Standards Track September The SRP Authentication and Key Exchange System

Internet Engineering Task Force (IETF) Obsoletes: 2831 July 2011 Category: Informational ISSN:

Overview. Terminology. Password Storage

User Authentication. Modified By: Dr. Ramzi Saifan

Chapter 9: Key Management

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

Lorikeet Integrated Authentication

Oracle Database Security and Audit. Authentication and authorization

CS 161 Computer Security

Passwords CSC 193 WAKE FOREST. U N I V E R S I T Y Department of Computer Science. Spring 2014

Cryptographic Checksums

CS November 2018

Passwords. CS 166: Introduction to Computer Systems Security. 3/1/18 Passwords J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.

Intro to PostgreSQL Security

Hashes, MACs & Passwords. Tom Chothia Computer Security Lecture 5

COSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS

Kurose & Ross, Chapters (5 th ed.)

Test 2 Review. 1. (10 points) Timestamps and nonces are both used in security protocols to prevent replay attacks.

Authentication in real world: Kerberos, SSH and SSL. Zheng Ma Apr 19, 2005

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Securely backing up GPG private keys

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

ConnectUPS-X / -BD /-E How to use and install SSL, SSH

UNIT - IV Cryptographic Hash Function 31.1

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

PRACTICAL PASSWORD AUTHENTICATION ACCORDING TO NIST DRAFT B

Encryption. INST 346, Section 0201 April 3, 2018

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Authenticating People and Machines over Insecure Networks

User Authentication. Modified By: Dr. Ramzi Saifan

Identification Schemes

Cryptography and Network Security

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Microsoft Exam Security fundamentals Version: 9.0 [ Total Questions: 123 ]

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Security: Focus of Control. Authentication

PASSWORDS TREES AND HIERARCHIES. CS121: Relational Databases Fall 2017 Lecture 24

Framework Database Connectivity Guide. PostgreSQL Databases

Message authentication codes

Overview. CSC 580 Cryptography and Computer Security. Hash Function Basics and Terminology. March 28, Cryptographic Hash Functions (Chapter 11)

GoPrint Server Migration

Operating Systems Design Exam 3 Review: Spring 2011

Test 2 Review. (b) Give one significant advantage of a nonce over a timestamp.

Information Security CS 526

Proving who you are. Passwords and TLS

secure communications

Wireless LAN Security. Gabriel Clothier

Concrete cryptographic security in F*

Overview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation

What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.

10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms

Authentication. Steven M. Bellovin January 31,

Outline. Login w/ Shared Secret: Variant 1. Login With Shared Secret: Variant 2. Login Only Authentication (One Way) Mutual Authentication

More Attacks on Cryptography 3/12/2010

Kerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos

Operating systems and security - Overview

Operating systems and security - Overview

CSC 580 Cryptography and Computer Security

Computer Security. 10. Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2017

Authentication. Steven M. Bellovin September 26,

HW #7: Security Design Principles/Threat Modeling. CS 392/6813: Computer Security Fall 2008 Due 11/30/08. [100pts]

CNIT 124: Advanced Ethical Hacking. Ch 9: Password Attacks

Chapter 3: Hashing. Prof Bill Buchanan OBE

Managing External Identity Sources

PASSWORDS & ENCRYPTION

Offline dictionary attack on TCG TPM weak authorisation data, and solution

LDAP Servers for AAA

Integrated Key Exchange Protocol Capable of Revealing Spoofing and Resisting Dictionary Attacks

Major Features: Postgres 10

Securely backing up GPG private keys... to the cloud. Joey Hess LibrePlanet 2017

Introduction to Cryptography. Ramki Thurimella

Digital it Signatures. Message Authentication Codes. Message Hash. Security. COMP755 Advanced OS 1

BTEC Level 3. Unit 32 Network System Security Password Authentication and Protection. Level 3 Unit 32 Network System Security

Cryptography and Network Security

Transcription:

SCRAM authentication Heikki Linnakangas / Pivotal

pg_hba.conf # TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all all trust # Use plaintext authentication from localhost host all all 127.0.0.1 plain # Allow md5 authentication from example.com, with SSL hostssl all all.example.com md5 # Require SCRAM for everyone else host all all 0.0.0.0/0 scram

PostgreSQL authentication methods Password-based: password (plaintext) crypt md5 scram RADIUS / LDAP / PAM Others: SSL certificate kerberos

(Plain) Password authentication Server: Hey, what s your password? Client: Swordfish Server: ok, cool

Plain password authentication Obviously weak Password sniffing Ok over SSL With sslmode=verify-full Used by RADIUS, LDAP, PAM, BSD authentication methods!

MD5 authentication Server: Here are 4 random bytes (salt). Please compute: md5(md5(password username), salt) Client: 23dff85f7c38ee928f0c21ae710bba5d Server: Ok, cool

MD5 weaknesses md5(md5(password username), salt) Password guessing My laptop can compute about 7 million MD5 hashes per second Replay Only 4 billion unique 4-byte salts (birthday attack) Stolen hashes You don t need the original password to log in. The hash stored in pg_auth.rolpassword is enough.

Other MD5 issues Renaming a user invalidates the password Because the hash includes the username db_user_namespace cannot be used For same reason MD5 has a bad reputation

SCRAM to the rescue! Salted Challenge Response Authentication Mechanism To be precise, PostgreSQL implements SCRAM-SHA-256 Defined by RFC 5802 and RFC 7677 Challenge-response like MD5 authentication

SCRAM Client: Hi! Here s a random nonce: r=fyko+d2lbbfgonrv9qkxdawl Server: Hi! Here s my random nonce, salt and iteration count: r=fyko+d2lbbfgonrv9qkxdawl3rfcnhyjy1zvvwvs7j, s=qsxcr+q6sek8bf92, i=4096 Client: Here s my proof that I know the password: <ClientProof> Server: Ok, cool. And here s my proof that I knew it too: <ServerProof>

SCRAM More resistant to dictionary attacks The computation to guess password is much more resource intensive Configurable iteration count Longer nonces defeat replay attacks The verifiers stored in pg_authid.rolpassword don t allow impersonating the user

SCRAM-SHA-256 Relatively simple implementation < 1000 lines of code in libpq Relies only on SHA-256 hash function

Simple Authentication and Security Layer (SASL) The Simple Authentication and Security Layer (SASL) is a framework for providing authentication and data security services in connection-oriented protocols via replaceable mechanisms. Decouples authentication from application protocol (like PostgreSQL s FE/BE protocol) SCRAM is one SASL authentication mechanism

SASL Currently, PostgreSQL has a built-in SCRAM-SHA-256 implementation Would be straightforward to add more SASL authentication mechanisms Could use an external library to add support for more (e.g. Cyrus libsasl) Client can use a library that implements SASL and SCRAM-SHA-256 Java has a very generic SASL implementation, but no built-in SCRAM-SHA-256 provider

Password verifiers set password_encryption='plain'; create user plain_user password 'foo'; set password_encryption='md5'; create user md5_user password 'foo'; set password_encryption='scram'; create user scram_user password 'foo';

Password verifiers scram-sha-256:<salt>:<iteration count>:<hashes> postgres=# select rolname, rolpassword from pg_authid rolname rolpassword ------------+------------------------------------------------------------- plain_user foo md5_user md591334fcda28129398a9cdb3f551e3cc8 scram_user scram-sha- 256:pXLPIrUTzmEzow==:4096:6eee6029927f2bafd38063a6f7dcc110c13065863e641b65 a9b84157651a462d:3cad59b7017388e37ee7eb5db0e11c811f52d7008735d609204155540 d3e3b09 (3 rows)

Compatibility matrix Kind of verifier Authentication method in pg_hba.conf plain md5 hash scram verifier password md5 [1] scram [1] Will use SCRAM, requires client support

SCRAM is not encryption! SSL is still recommended SCRAM is only authentication, not encryption!

PostgreSQL implementation SCRAM-SHA-256 Channel binding not supported Unicode normalization not implemented yet Username is always passed as empty

Migrating 1.Upgrade all clients 2.Set password_encryption= scram 3.Change all user passwords

Future, short-term Implement SCRAM-SHA-256 in all the drivers JDBC, ODBC (uses libpq), Python,.Net, Ruby, Add option to libpq to require SCRAM Unicode normalization

Future, long-term Allow storing SCRAM verifier in LDAP Zero-knowledge proof SRP

Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback