Cryptographic Failures
In this post, we will understand basic cryptographic failures and introduce public and private encryption keys.
Introduction
Source: owasp.org
The first thing is to determine the protection needs of data in transit and at rest. For example, passwords, credit card numbers, health records, personal information, and business secrets require extra protection, mainly if that data falls under privacy laws, e.g., EU’s General Data Protection Regulation (GDPR), or regulations, e.g., financial data protection such as PCI Data Security Standard (PCI DSS). For all such data…
- Is any data transmitted in clear text? This concerns protocols such as HTTP, SMTP, FTP also using TLS upgrades like STARTTLS. External internet traffic is hazardous. Verify all internal traffic, e.g., between load balancers, web servers, or back-end systems.
- Are any old or weak cryptographic algorithms or protocols used either by default or in older code?
- Are default crypto keys in use, weak crypto keys generated or re-used, or is proper key management or rotation missing? Are crypto keys checked into source code repositories?
- Is encryption not enforced, e.g., are any HTTP headers (browser) security directives or headers missing?
- Is the received server certificate and the trust chain properly validated?
- Are initialization vectors ignored, reused, or not generated sufficiently secure for the cryptographic mode of operation? Is an insecure mode of operation such as ECB in use? Is encryption used when authenticated encryption is more appropriate?
- Are passwords being used as cryptographic keys in absence of a password base key derivation function?
- Is randomness used for cryptographic purposes that was not designed to meet cryptographic requirements? Even if the correct function is chosen, does it need to be seeded by the developer, and if not, has the developer over-written the strong seeding functionality built into it with a seed that lacks sufficient entropy/unpredictability?
- Are deprecated hash functions such as MD5 or SHA1 in use, or are non-cryptographic hash functions used when cryptographic hash functions are needed?
- Are deprecated cryptographic padding methods such as PKCS number 1 v1.5 in use?
- Are cryptographic error messages or side channel information exploitable, for example in the form of padding oracle attacks?
How To Prevent
Do the following, at a minimum…
- Classify data processed, stored, or transmitted by an application. Identify which data is sensitive according to privacy laws, regulatory requirements, or business needs.
- Don’t store sensitive data unnecessarily. Discard it as soon as possible or use PCI DSS compliant tokenization or even truncation. Data that is not retained cannot be stolen.
- Make sure to encrypt all sensitive data at rest.
- Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
- Encrypt all data in transit with secure protocols such as TLS with forward secrecy (FS) ciphers, cipher prioritization by the server, and secure parameters. Enforce encryption using directives like HTTP Strict Transport Security (HSTS).
- Disable caching for response that contain sensitive data.
- Apply required security controls as per the data classification.
- Do not use legacy protocols such as FTP and SMTP for transporting sensitive data.
- Store passwords using strong adaptive and salted hashing functions with a work factor (delay factor), such as Argon2, scrypt, bcrypt or PBKDF2.
- Initialization vectors must be chosen appropriate for the mode of operation. For many modes, this means using a CSPRNG (cryptographically secure pseudo random number generator). For modes that require a nonce, then the initialization vector (IV) does not need a CSPRNG. In all cases, the IV should never be used twice for a fixed key.
- Always use authenticated encryption instead of just encryption.
- Keys should be generated cryptographically randomly and stored in memory as byte arrays. If a password is used, then it must be converted to a key via an appropriate password base key derivation function.
- Ensure that cryptographic randomness is used where appropriate, and that it has not been seeded in a predictable way or with low entropy. Most modern APIs do not require the developer to seed the CSPRNG to get security.
- Avoid deprecated cryptographic functions and padding schemes, such as MD5, SHA1, PKCS number 1 v1.5 .
- Verify independently the effectiveness of configuration and settings.
⚠️ You Have Been Warned
This program is for educational purposes only. If you attempt these techniques without authorization, you are very likely to get caught. If you are caught engaging in unauthorized hacking, most companies will fire you. Claiming that you were doing security research will not work as that is the first thing that all hackers claim.
Let’s Understand With An Example
Crypto Basics
- Launch WebGoat.
- Navigate to ‘Crypto Basics’ under ‘Cryptographic Failures’.
- Save the private RSA key as ‘private.key’.
devendrashirbad@dz-owasp:~$ cat private.key
-----BEGIN PRIVATE KEY-----
MIIEuQIBADANBgkqhkiG9w0BAQEFAASCBKMwggSfAgEAAoIBAQC7UQSTDHzGqWyPBEbYlV/EBpe59IIePOPDpCRZXXVQ5YDWtPFkpwTEKh6RkABqmglCm8bbEC5EiBfYJgTHS2tyJgfmCarr2dbzSXpNuX1+5exPy7raxy4VW+6WzTWLkSJNQZedeYlG4O9j5tb+EMfSisd7uPX88hbQw70pfWve1L8A7jEFls4+3+JOdHh5idd4D1Ki/vm+mo8aUHHxXP8p4H+7SGQeIQ8WJ6RbW8M69S5RroRUQIwW6DBEk25+fntZdzTHbB6rlaZCQBKDd/yOqlqPx8of6Gk8Y9sRLU0B6EPhfLUjMFZxYzwBbs8nbZuMmYVxUhh4hbd/USPM1shjAgERAoH/QRg3VowZwPuhNSzPLdez7fA4bvTTGKPfBTQtEOxZ4jGjKI6TXZdn0xzE45VuMKEGsXE2C7i1B9R6RRcshTL/k2V76RPO+TrKHlVOaVDoqEaiR7+ALl+gz5bL2KmK2LJR4shBqWcqYHM8QUxH7qWvx22e+wnVItkcFZRplXv57nKTINGKDvvfeSDHDzmraglik3ltSmqbGENoJVEqoBFf1JAaUMLMhy+AYPs9Q/Zmte4Mnyq6jFpTc8p4AzJliiI3ieuTlsRuSPlrcezMCkVN/JyVtHVrQsZ6KpTWwaQTtOKlnZicAdZmhuJINNqqww8OCtARHwJlYIODwvICf5rhAoGBANKk1gzYIM4s54pfYSJx1ZSwiF5jPZXLyogGBJ9sisj3kRyjq+vuucMvPxzpJsUrOSmSRlxiNodlxzQ6mXLI2xkxHf3C/oYqSIFpT1qyJ2eec9VWPIAYX0MaU2fPzf4pkEsfQc9bTmVlghKXXYfhZ5/11BFslwwrVHSDgu4XoHrRAoGBAOOmUoDmV+BWFAXJQ2LEkpZzJ4kWR/RQU2QOPuyG4DcZ+Ldd4T+iZJslKuUl+J0q4QHCuIh3fhiMmFwGHEuEz5ZWzVGl6a3QpL7/G/oBF9EwoUPEQWdgDK1A3XvwJn4jKRrZZb+FQvtZEgL3TrU4uKkuUrgVf3yUIXso1HfaA/TzAoGBAJSwlxggFygfsn/K2ydfaZYiQiSCSZbqNJxAe7vUJbsJGyNGWz0g+5jWDm7CsfSW+yxnQLmuvRRH1+ih1bpvqbdt9w16lYvhnJeVoW0ydisGb+HihQ8gQz5s75SSr4Y7dOm7tfvH+xplxTpMun4IhWHas9AQap8tpQbza3rjgFaxAoGAQvSu2p4Z2JHJp1lQDf2UhppW7BWcsUTNO4u4J3L2pstnRP1+fCC0LaGFFjhYLjnJtTlFVVBSQ3SlSD4IUnJbLDelzLhTybXWGg7L/jyOiNIRUCqp0xw/9ri5nOxHjoLP2rhpOFRe/qG6AN9TYnoYMcJUkH7LJKQJ2O3kI0AfSAsCgYAEPM4SjLg0vRPtE4fbIo0c7gnGp2W8JgAf0arLmApyuuGFs6ENwuF7R+t9rKh+WsqQgKKRXAys/fGfRj4StorqhfnWxlFA5XRcUJym1xu50rkSvGjW6Pn4H7L8vTp6Lqc7p3Yb8V+e+tvcRlIpSqxywmOU2JEXMavxHAWrcqNGjA==
-----END PRIVATE KEY-----
- Generate the public key from the private key.
devendrashirbad@dz-owasp:~$ openssl rsa -in private.key -pubout -out public.key
writing RSA key
devendrashirbad@dz-owasp:~$ cat public.key
-----BEGIN PUBLIC KEY-----
MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAu1EEkwx8xqlsjwRG2JVf
xAaXufSCHjzjw6QkWV11UOWA1rTxZKcExCoekZAAapoJQpvG2xAuRIgX2CYEx0tr
ciYH5gmq69nW80l6Tbl9fuXsT8u62scuFVvuls01i5EiTUGXnXmJRuDvY+bW/hDH
0orHe7j1/PIW0MO9KX1r3tS/AO4xBZbOPt/iTnR4eYnXeA9Sov75vpqPGlBx8Vz/
KeB/u0hkHiEPFiekW1vDOvUuUa6EVECMFugwRJNufn57WXc0x2weq5WmQkASg3f8
jqpaj8fKH+hpPGPbES1NAehD4Xy1IzBWcWM8AW7PJ22bjJmFcVIYeIW3f1EjzNbI
YwIBEQ==
-----END PUBLIC KEY-----
- Determine the modulus of the RSA key as a hex string.
devendrashirbad@dz-owasp:~$ openssl rsa -in public.key -pubin -noout -modulus -out modulus.txt
devendrashirbad@dz-owasp:~$ cat modulus.txt
Modulus=BB5104930C7CC6A96C8F0446D8955FC40697B9F4821E3CE3C3A424595D7550E580D6B4F164A704C42A1E9190006A9A09429BC6DB102E448817D82604C74B6B722607E609AAEBD9D6F3497A4DB97D7EE5EC4FCBBADAC72E155BEE96CD358B91224D41979D798946E0EF63E6D6FE10C7D28AC77BB8F5FCF216D0C3BD297D6BDED4BF00EE310596CE3EDFE24E74787989D7780F52A2FEF9BE9A8F1A5071F15CFF29E07FBB48641E210F1627A45B5BC33AF52E51AE8454408C16E83044936E7E7E7B597734C76C1EAB95A64240128377FC8EAA5A8FC7CA1FE8693C63DB112D4D01E843E17CB523305671633C016ECF276D9B8C99857152187885B77F5123CCD6C863
- Calculate a signature for that hex string using the private key.
devendrashirbad@dz-owasp:~$ echo -n "BB5104930C7CC6A96C8F0446D8955FC40697B9F4821E3CE3C3A424595D7550E580D6B4F164A704C42A1E9190006A9A09429BC6DB102E448817D82604C74B6B722607E609AAEBD9D6F3497A4DB97D7EE5EC4FCBBADAC72E155BEE96CD358B91224D41979D798946E0EF63E6D6FE10C7D28AC77BB8F5FCF216D0C3BD297D6BDED4BF00EE310596CE3EDFE24E74787989D7780F52A2FEF9BE9A8F1A5071F15CFF29E07FBB48641E210F1627A45B5BC33AF52E51AE8454408C16E83044936E7E7E7B597734C76C1EAB95A64240128377FC8EAA5A8FC7CA1FE8693C63DB112D4D01E843E17CB523305671633C016ECF276D9B8C99857152187885B77F5123CCD6C863" | openssl dgst -sign private.key -sha256 -out modulus.sha256
devendrashirbad@dz-owasp:~$ cat modulus.sha256
- Encode it with base64.
devendrashirbad@dz-owasp:~$ openssl enc -in modulus.sha256 -base64 -out modulus.base64
devendrashirbad@dz-owasp:~$ cat modulus.base64
M1wm+MllT1gUTmJhVa6hAKY+PoxBmIpJ5E/GWFLiR+7MSOSxkrFjfp8nDlLuNpb9
ZbNEdFgEiA/LMHeHTdLRHBBj0lIMPZqGd8f6gpfuIJkXPC3f0H7ikLNLWq4o0OYp
ec5IcEV9C8dtD0DK5WhS8qs0k26sdyg3glXwoWN7hvX+4XaKtUhpYORip71LFqcj
q6c4RUzhoqdPkNx3s7ZNynr12mfzgxtaMRGm8LsvzmA2MA4oIWpieRlONd0uS08C
rbBYnxJJBJnm+h0cAAF3o+NBtQpa/wmUVMJ5d5MZ5xWU8YpkdiA088p5EfyT9fCy
HnhChQsCeJwZatmhFoKzqA==
Take Away(s)
- Cryptography is used for defense-in-depth for data-at-rest and data-in-transit.
- Stronger encryption generally means more security and more computing power (i.e. compromise with system performance).
- Your data is as safe as your encryption keys. Protect them and recycle them periodically.