[Opensim-dev] open sim UUID and Passwordhash

Alan M Webb alan_webb at us.ibm.com
Fri Oct 16 15:08:47 UTC 2009 

If everyone is really concerned about security, then perhaps we should 
stop using MD5?

Best regards
Alan
-------------------
T.J. Watson Research Center, Hawthorne, NY
1-914-784-7286
alan_webb at us.ibm.com



From:
"Frisby, Adam" <adam at deepthink.com.au>
To:
"opensim-dev at lists.berlios.de" <opensim-dev at lists.berlios.de>
Date:
10/16/2009 09:06 AM
Subject:
Re: [Opensim-dev] open sim UUID and Passwordhash



Just because other software may do it wrong does not mean it is secure.
 
Drupal using a plain MD5 is alarming ? since it allows for very quick 
plain lookups in existing databases (no need to calculate the dictionary + 
permuation with your fixed salt). Storing a custom salt for each user is 
essential if you wish to make dictionary attacks significantly more 
expensive. (Actually it also allows for plain collision attacks too.)
 
Consider this case:
·         Calculate Every Permutation of the Dictionary plus a couple of 
common modifications, plus your fixed salt. (this will get ~80%+ of user 
passwords).
Versus
·         Do the above, but for each user ? since the salt is changing per 
user.
 
The second will take ?n? times longer to calculate (where N is equivalent 
to the size of your database), it also works in the inverse ? if you have 
a 10 million user database, it means you need 1/10millionth of the time to 
try calculate a valid hit. It adds up. Bigtime.
 
A unique hash for the whole application helps against global world-wide 
MD5 databases, but it still does not help the above situation.
 
Frankly the storage and transmission size arguments are complete bunk. We 
are talking 128-bits extra data per user for a good salt which adds up to 
about ?jack shit? when summed over the lifetime of the application. It 
takes very little extra time, and we already stuff that data into our 
default database schemas.
 
Likewise, having a long salt versus a short salt makes very little 
difference ? because it?s the uniqueness that counts (see the two cases 
above.)
 
Short summary of the above: Do it if you have any desire to follow good 
security practices with your users. It takes almost no extra time and 
gives you appreciable benefits.
 
Adam
 
From: opensim-dev-bounces at lists.berlios.de [
mailto:opensim-dev-bounces at lists.berlios.de] On Behalf Of Impalah Shenzhou
Sent: Friday, 16 October 2009 4:37 AM
To: opensim-dev at lists.berlios.de
Subject: Re: [Opensim-dev] open sim UUID and Passwordhash
 
Thanks for the info Melanie.

Adam, I consider Drupal, for example, a CMS with a decent security and it 
only uses md5(plain_password) to store user passwords. Some php frameworks 
(for example Code Igniter, Cake php...) use, but not mandatory, an unique 
hash for all the application.

A random hash for every user improves security, you're right, but 
increases the data sent between DB and servers for every authentication. I 
prefer not to overload data transmission for something I think is 
overprotection. Maybe for 10 or 100 users there won't be no problems, but 
think on 10000 and each byte will count (they aren't cheap).

If you have a long, secret and unique hash for your servers, who can make 
an effective attack to you (at least in reasonable time)?

Maybe the difference could be that Drupal used to be deployed over Apache, 
and it can be protected against dictionary attacks activating some 
modules, while Opensim/UGAIM are servers "per se", basic servers.

It's my opinion, if you don't like it, I have more :-P

Greetings

2009/10/16 Frisby, Adam <adam at deepthink.com.au>
A long fixed salt doesn?t help over the simple ?:? in any practical way. 
The salt must be unique for each user for decent security.
 
Adam
 
From: opensim-dev-bounces at lists.berlios.de [mailto:
opensim-dev-bounces at lists.berlios.de] On Behalf Of Impalah Shenzhou
Sent: Friday, 16 October 2009 3:44 AM

To: opensim-dev at lists.berlios.de
Subject: Re: [Opensim-dev] open sim UUID and Passwordhash
 
This comes from UserManagerBase.AddUser (0.6.6):

string md5PasswdHash = Util.Md5Hash(Util.Md5Hash(password) + ":" + 
String.Empty);

The salt should be where String.Empty is.

I think it doesn't change in the most recent versions, so the "create 
user" method of the console (both standalone and ugaim) are unsecure by 
default.


Anyway, I agree with Melanie and Adam that the salt is needed for 
improving security, if not a random salt every time you create an user, at 
least a long and secret unique salt.

Greetings

2009/10/16 Frisby, Adam <adam at deepthink.com.au>
+1 to Melanie, that code is *not* secure. It is salted with a ":" but 
that's a fixed known salt.

This is what I suggest:

$passwordSalt = md5(time() . utime() . mt_rand(0,mt_getrandmax())); // or 
any other good random source
$passwordHash = md5(md5($password) . ':' . $passwordSalt);

$passwordSalt should be unique among your database (very likely with the 
above code); if there are duplicates, then it allows dictionary attacks to 
be done, the more duplicates, the more effective it is.

Adam

> -----Original Message-----
> From: opensim-dev-bounces at lists.berlios.de [mailto:opensim-dev-
> bounces at lists.berlios.de] On Behalf Of Melanie
> Sent: Thursday, 15 October 2009 4:14 PM
> To: opensim-dev at lists.berlios.de
> Subject: Re: [Opensim-dev] open sim UUID and Passwordhash
>
> Please don't use that code. It creates unsalted hashes, which are
> not secure.
> The "" should be a ranndom salt, stored in the passwordSalt field in
> the DB. If that is blank, you're running a very insecure system
>
>
> Melanie
>
>
> Rich White wrote:
> > here is the PHP code - $password_hash = md5(md5($password) . ":"
> ."");
> >
> > an md5 hash of an md5 hash
> >
> > =====
> >
> > 2009/10/15 Márcio Cardoso <marciomaiden at gmail.com>:
> >> Good night,
> >>
> >> will be possible that someone could help me with 2 problems I have?
> I'm
> >> trying to create a stored procedure in mysql to add users, but do
> not know
> >> how UUID  is generated. anyone have any idea how this happens?
> Another
> >> problem is how is the encoding of the password.
> >>
> >> The ideal was to have access to the code that  opensim uses to add
> avatars.
> >> but I got tired of looking and nothing. I thank you for your help.
> >>
> >> Greetings,
> >>
> >> Márcio Cardoso
> >>
> >> _______________________________________________
> >> Opensim-dev mailing list
> >> Opensim-dev at lists.berlios.de
> >> https://lists.berlios.de/mailman/listinfo/opensim-dev
> >>
> >>
> > _______________________________________________
> > Opensim-dev mailing list
> > Opensim-dev at lists.berlios.de
> > https://lists.berlios.de/mailman/listinfo/opensim-dev
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
_______________________________________________
Opensim-dev mailing list
Opensim-dev at lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-dev
 

_______________________________________________
Opensim-dev mailing list
Opensim-dev at lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-dev
 _______________________________________________
Opensim-dev mailing list
Opensim-dev at lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-dev


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20091016/b1a7e70c/attachment-0001.html>

More information about the Opensim-dev mailing list