Thursday, April 05, 2012

It all started with a hash

[ Lots of clipart available. I did my own this time. ]

This is a "Thank you all!" blog post, that will also provide something useful. At least; I hope so.

Not long ago, I found myself involved in a penetration test against an episerver installation. Working with my security colleagues @jabjorkhaug and @KluZz, we got access to some password hashes and their respective salts. Unfortunately the hash and salt values didn't look like those shown in the episerver patch for JtR by Johannes Gumbel in 2008. And here our quest began.... :-)
I'm not going to repeat the full story here, you can read it in this thread at the hashcat forum.

For starters: a BIG thank you to atom at for helping out and providing sample code to crack the standard episerver - or more correctly the .NET <= 3.5 SHA1 hash/salt format.

Also a BIG thank you to @skradel at @TeamZetetic for 1) first identifying the hash format , and 2) writing a great blog post on .NET and the various options for password encryption/hashing available. Last but not least; Team Zetetic with @skradel even made source code and binary code available for free for a .NET library that makes it easier than ever to utilize PBKDF2 or bcrypt for your password hashing needs. You'll find the relevant links in their blog post.

I was truly impressed with the response received from episerver, more specifically: Steve Celius. Great talks on the phone and by e-mail, highly appreciated! I wish other vendors would be equally interested in cooperation with the internet community. I hope and believe that we learned from each other, and that this will aid episerver in improving their customers security (and satisfaction!) even more.

Thank you also to @klingsen for telling us that .NET 4.x will default to SHA256 instead of SHA-1. Although better, the overall recommendation should still be to use PBKDF2 as a minimum, and bcrypt as the "best"solution available within .NET.

As always; thank you to Alexander (Solar Designer) at Openwall for the interest and support; I hope and believe this will be sufficient to remove the now non-working episerver code from the JtR JUMBO patch, and eventually create new code for episerver (.NET) SHA-1 and SHA256 hashes with salt.

So what did we achieve in <= 2 weeks?
More than I thought possible, and in a truly positive way. We identified the hash format used by episerver on top of .NET. We got sample code for cracking it. episerver cooperated in a positive way rarely experienced with many companies. We identified old and now defunct code from the JUMBO JtR patch.We got good .NET information, source code and a binary build for implementing PBKDF2 and bcrypt easier and faster within .NET. episerver can benefit from this - Anyone doing data encryption and hashing in .NET can and should benefit from this.

... And in the middle of all this, I discovered that @paulrobichaux on his blog referred to a recent blog post I did about STARTTLS (RFC3207). Now he's a Microsoft MVP on Exchange, so naturally I made a comment for him with a little challenge, and his response couldn't be better! Really looking forward to that article - I do know the basics on configuring STARTTLS support in Exchange, but I haven't looked at the more advanced stuff such as algorithm/keylength options that I hope and believe are available in there somewhere...

In summary: Two great weeks. I'm happy. :-D

No comments:

Post a Comment

All comments will be moderated, primarily for spam. You are welcome to disagree with my posts of course.