Tails - Weak cryptographic parameters in LUKS1 https://tails.boum.org/security/argon2id/index.en.html #cryptsetup #parameter #dm-crypt #argon2id #weakness #crypto #pbkdf2 #tails #luks #kdf

LUKS: Alte verschlüsselte Container unsicher? Ein Ratgeber für Updates

Angeblich konnte die französische Polizei einen LUKS-Container knacken. Kein Grund zur Panik, aber ein Anlass, Passwörter und LUKS-Parameter zu hinterfragen.

https://www.heise.de/news/Alte-LUKS-Container-unsicher-Ein-kleiner-Update-Ratgeber-8981054.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege

#Argon #LUKS #Linux #PBKDF2 #Security #Verschlüsselung #cryptsetup

@Ihazchaos Hey Terri, zu dem Thema LUKS hat mein @ct_Magazin-Kollege Sylvester Tremmel (@syt) was auf @heiseonline geschrieben.

https://www.heise.de/news/Alte-LUKS-Container-unsicher-Ein-kleiner-Update-Ratgeber-8981054.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege

#LUKS #KDF #PBKDF2 #Cryptsetup

Wenn jemand ein Linux-System mit LUKS verschlüsselt betreibt, könnte es sein, dass eine zu schwache (und veraltete) Key Derivation Function verwendet wird - vor allem, wenn die Installation schon etwas her ist.

Hier gibt's mehr Informationen und auch eine (von mir erfolgreich getestete) Anleitung zum Aktualisieren der LUKS-Einstellungen von @mjg59:
https://mjg59.dreamwidth.org/66429.html

#linux #luks #verschluesselung #encryption #pbkdf2 #argon2id

#HTMLCrypt
Well, I'd call it #secure
https://www.maxlaumeister.com/software/pagecrypt/

"This tool uses the SubtleCrypto JavaScript API for its encryption. First, an encryption key is derived from the password using #PBKDF2 and a random #salt with 100,000 rounds. Then the HTML is encrypted using #AES256"

#Bitwarden will increase default client #PBKDF2 iterations to 600k

Via
https://fosstodon.org/@bitwarden/109745244073654537

Source
https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/

Wednesday Links - Edition 2023-01-11
https://dev.to/0xkkocel/wednesday-links-edition-2023-01-11-50e6
#java #jvm #jpa #springdata #graalvm #PBKDF2

On #PBKDF2 Iterations

https://neilmadden.blog/2023/01/09/on-pbkdf2-iterations/

Grundvoraussetzung ist https://t.ly/YOF_

Was ihr aber ebenfalls unbedingt ändern solltet sind die #PBKDF2 Iterationen.
Bei #Lastpass Usern die schon vor 2019 Kunden waren steht dieser Wert noch auf 5000, wenn ihr den nie selbst geändert habt. Danach hat Lastpass den auf 100100 für Neukunden gesetzt. Empfohlen wird heutzutage 310000 und mehr.
Also setzt diese wenigstens auf 310000 siehe Bild

Und nutzt sichere Masterpasswörter!

Many of you have been asking for my thoughts on the #LastPass breach, and I apologize that I'm a couple days late delivering.

Apart from all of the other commentary out there, here's what you need to know from a #password cracker's perspective!

Your vault is encrypted with #AES256 using a key that is derived from your master password, which is hashed using a minimum of 100,100 rounds of PBKDF2-HMAC-SHA256 (can be configured to use more rounds, but most people don't). #PBKDF2 is the minimum acceptable standard in key derivation functions (KDFs); it is compute-hard only and fits entirely within registers, so it is highly amenable to acceleration. However, it is the only #KDF that is FIPS/NIST approved, so it's the best (or only) KDF available to many applications. So while there are LOTS of things wrong with LastPass, key derivation isn't necessarily one of them.

Using #Hashcat with the top-of-the-line RTX 4090, you can crack PBKDF2-HMAC-SHA256 with 100,100 rounds at about 88 KH/s. At this speed an attacker could test ~7.6 billion passwords per day, which may sound like a lot, but it really isn't. By comparison, the same GPU can test Windows NT hashes at a rate of 288.5 GH/s, or ~25 quadrillion passwords per day. So while LastPass's hashing is nearly two orders of magnitude faster than the < 10 KH/s that I recommend, it's still more than 3 million times slower than cracking Windows/Active Directory passwords. In practice, it would take you about 3.25 hours to run through rockyou.txt + best64.rule, and a little under two months to exhaust rockyou.txt + rockyou-30000.rule.

Keep in mind these are the speeds for cracking a single vault; for an attacker to achieve this speed, they would have to single out your vault and dedicate their resources to cracking only your vault. If they're trying 1,000 vaults simultaneously, the speed would drop to just 88 H/s. With 1 million vaults, the speed drops to an abysmal 0.088 H/s, or 11.4 seconds to test just one password. Practically speaking, what this means is the attackers will target four groups of users:

1. users for which they have previously-compromised passwords (password reuse, credential stuffing)
2. users with laughably weak master passwords (think top20k)
3. users they can phish
4. high value targets (celebs, .gov, .mil, fortune 100)

If you are not in this list / you don't get phished, then it is highly unlikely your vault will be targeted. And due to the fairly expensive KDF, even passwords of moderate complexity should be safe.

I've seen several people recommend changing your master password as a mitigation for this breach. While changing your master password will help mitigate future breaches should you continue to use LastPass (you shouldn't), it does literally nothing to mitigate this current breach. The attacker has your vault, which was encrypted using a key derived from your master password. That's done, that's in the past. Changing your password will re-encrypt your vault with the new password, but of course it won't re-encrypt the copy of the vault the attacker has with your new password. That would be impossible unless you somehow had access to the attacker's copy of the vault, which if you do, please let me know?

A proper mitigation would be to migrate to #Bitwarden or #1Password, change the passwords for each of your accounts as you migrate over, and also review the MFA status of each of your accounts as well. The perfect way to spend your holiday vacation! Start the new year fresh with proper password hygiene.

For more password insights like this, give me a follow!

It would be great if #LastPass breach was enough motivation to get #Argon2 standardized in the Web Cryptography APIs.
Otherwise web extensions are forced to rely on #wasm or use the much less secure #PBKDF2

I published an article on the #LastPassBreach: https://palant.info/2022/12/23/lastpass-has-been-breached-what-now/

This is very serious, no matter what #LastPass says. From the article:

“This makes it sound like decrypting the passwords you stored with LastPass is impossible. It also prepares the ground for blaming you, should the passwords be decrypted after all: you clearly didn’t follow the recommendations. Fact is however: decrypting passwords is expensive but it is well within reach. And you need to be concerned.”

Another conclusion from this article: #PBKDF2 is dead. Yes, you have that officially from me. If you still use it, feel free to go and fix that now.

Does anyone know of an open source core that implements #PBKDF2?

I checked opencores but didn't find it there...

https://opencores.org/projects?language=Verilog&expanded=Crypto%20core%2CUncategorized%2CLibrary

Where else should I be looking? #LazyWeb #fpga #fpgas

Serious Security: MD5 considered harmful – to the tune of $600,000 - It's not just the hashing, by the way. It's the salting and the stretching, too! https://nakedsecurity.sophos.com/2022/11/30/serious-security-md5-considered-harmful-to-the-tune-of-600000/ #cryptography #law&order #hashing #pbkdf2 #cnil #edf #md5

A good view on the computing power over the last 20 years.

When the standard was written in the year 2000 the recommended minimum number of iterations was 1,000, but the parameter is intended to be increased over time as CPU speeds increase. A Kerberos standard in 2005 recommended 4,096 iterations;[1] Apple reportedly used 2,000 for iOS 3, and 10,000 for iOS 4;[4] while LastPass in 2011 used 5,000 iterations for JavaScript clients and 100,000 iterations for server-side hashing.[5] In 2021, OWASP recommended to use 310,000 iterations for PBKDF2-HMAC-SHA256 and 120,000 for PBKDF2-HMAC-SHA512.

Source: https://en.wikipedia.org/wiki/PBKDF2

#crypto #pbkdf2 #hashing #cpu #power

PHP offers many strandard algorithm, mainly using OpenSSL.

AES is a simmetric-key algorithm, a FIST 197 standard since 2001.

RSA is a public-key algorithm, an industry standard algorithm used in many products;

SHA is a hash function, in particular SHA-256 or SHA-512. Don't use SHA-1 for cryptography!

PBKDF2 is a key derivation algorithm that is a very popular algorithm (RFC 2898).

#php #encrypt #decrypt #aes #rsa #sha #pbkdf2