Comments on: Let’s talk about password storage

By: Peek Inside | TechSNAP 63 | Jupiter Broadcasting

Peek Inside | TechSNAP 63 | Jupiter Broadcasting — Fri, 22 Jun 2012 00:01:05 +0000

[...] Let’s talk about secure password storage [...]

By: Amr

Amr — Tue, 19 Jun 2012 21:41:52 +0000

The challenge is not to crack this method or not, the challenge is how to package this technique in a way that would make reusable by other websites. There should be some easy-to-use solution for how to store passwords that would make it very difficult for website to pick up quickly and use. This will make the Internet better, this is part of Mozilla’s mission.

By: Fred Wenzel

Fred Wenzel — Mon, 11 Jun 2012 19:11:54 +0000

bcrypt’s salt has a fixed length, which is why bcrypt ships with its own gen_salt function: https://github.com/fwenzel/python-bcrypt/blob/6a7fb96/bcrypt/bcrypt.py#L48

By: Chris

Chris — Mon, 11 Jun 2012 18:44:07 +0000

Why is the HMAC-strengthened password necessary? Why not just bcrypt(password, user_salt + system_nonce)?

By: Nicholas Nethercote

Nicholas Nethercote — Sun, 10 Jun 2012 23:00:54 +0000

Dan, I also don’t recall any of the BrowserID blog posts explaining things this nicely

By: Storage Organizers

Storage Organizers — Sun, 10 Jun 2012 21:25:32 +0000

MD5 is pretty loose there are free programs out there to decrypt it

By: anon

anon — Sat, 09 Jun 2012 02:00:24 +0000

Oh wow. This single post FINALLY made me understand the concept behind Persona. Somehow all the posts on the BrowserID blog (and following the Planet Mozilla since like a year) didn’t help.
Thx a lot, Dan!

By: Dan Callahan

Dan Callahan — Fri, 08 Jun 2012 21:53:59 +0000

Hi Laurian,

I’m Dan, and I work on Persona. Whether or not Persona is a single point of failure is a great question, and one that we’re trying hard to address. Fundamentally, Persona is built atop a distributed protocol that doesn’t rely on any central servers or authority.

Think of it like this: With Persona, you’ll be able to sign in to any supporting website by signing in to your email provider and passing along proof that you were able to do that. It gives you the ability to say to a website “Hi, I’m dcallahan@mozilla.com, and here’s the proof.”

To do that transaction completely autonomously, you only need a browser that supports Persona and an email provider that speaks the BrowserID protocol. But here’s where things get tricky: No browser understands Persona (though we’re working on it for Firefox 17!), nor do most email providers understand the BrowserID protocol.

So, what do we do?

As a fallback, we have a javascript library at browserid.org that takes care of Persona support on browsers that can’t do it themselves. If that site goes down, those users won’t be able to even attempt to log in to sites using Persona. We also host a service at that same site that signs credentials for users whose email providers don’t understand the BrowserID protocol. For example, until gmail.com speaks the BrowserID protocol, Gmail users will have their credentials validated by our fallback at browserid.org.

This second bit *is* a single point of failure in terms of security: if browserid.org gets compromised, then attackers will be able to masquerade as Persona users on other websites. All of our code is open source and subject to peer review at https://github.com/mozilla/browserid, and we can also mitigate the damage of a breach by closing the hole and invalidating the cryptographic keys that we’re using at browserid.org.

But remember, everything at browserid.org (soon to be login.persona.org) is a fallback. If your email provider speaks the BrowserID protocol (or if you add support to your own domain), then you’re no longer at risk by a potential compromise at browserid.org. You get to choose who you trust, and, if you want, to take direct control of the security around your identity. Awesome!

…But doesn’t that make your email provider a single point of failure? Yes, but it *already is.* If someone compromises your email address, it’s trivial to gain access to your accounts elsewhere through their “forgot password” links. The difference with Persona is that *those* sites are no longer storing any sensitive authentication information, so, say, a LinkedIn leak won’t put you at risk elsewhere.

Lastly, as to your question about having the browser proactively help users select and use better passwords, that’s an active focus of Paul Sawaya’s Watchdog project.

If you have any questions, please let me know! You can find the Identity team on irc.mozilla.org in #identity, or on our mailing list at https://lists.mozilla.org/listinfo/dev-identity.

By: Stephanie Daugherty

Stephanie Daugherty — Fri, 08 Jun 2012 21:52:08 +0000

@Laurian Gridinoc – There’s something along these lines already available in the form of a couple Firefox addons. https://addons.mozilla.org/en-US/firefox/addon/password-hasher/ is one. The idea is that the name of the site you are giving the password to is used as a salt, inherently making the password unique between sites and expanding the search space for someone trying to brute force it. Not foolproof, but it does buy you some time if one site gets hacked.
Not really a security guru or cryptographer, but from casual inspection, it probably falls somewhere square in the middle of typical passwords and cryptographically derived random passwords as far as security and resistance to brute force.

By: Laurian Gridinoc

Laurian Gridinoc — Fri, 08 Jun 2012 21:17:26 +0000

Isn’t Mozilla Persona a single point of failure? (think security and also QoS)

Why not have the browser enforce unique passwords, if I signup on Twitter with the password 12345, the browser could salt/hash/etc it.
Also when signing up to Facebook later the browser should not allow me to use a password I’ve already used on another domain.