PSA: Pick good passwords, armathentication not super-secure

What do you want to see here? Some more categories, forums, and mods? Hmm...
User avatar
Z-Man
God & Project Admin
Posts: 11220
Joined: Sun Jan 23, 2005 6:01 pm
Location: Cologne, Jabber: [email protected]
Contact:

PSA: Pick good passwords, armathentication not super-secure

Post by Z-Man » Tue Aug 25, 2015 11:08 pm

The short version: Our in-game authentication mechanism is vulnerable to brute force password guessing attempts if you log in on a server controlled by a malicious admin. They can record information about your password and later try to let a program automatically guess your password with great speed. They know how the client mangles the password; all they need to do is try a lot of passwords and apply the same mangling, then compare that with the information the server collected.

Last week, we had the first *documented* case where such an attack was used to take over a forum account. There surely were previous cases, but we only got third hand knowledge of them and they might have been people tricked into using fake "/login <username> <password>" commands. Or people promising to get you to max level on HFT. The cracked password was a not entirely random two word combination.

The system can still be secure, but you need to pick a really, really good password. Here's a not too shabby suggestion as a base:
Image
Correct the password guessing times in this comic down by a factor of 100000. That is, consider the password hash database of your authority stolen. So... better make that five words. And random improvement: Pick one or two of the words from a different language. It's important that you really pick random words and not the first words that come to your mind; then your password will be RedViolinHammerCar.

Another great source for passwords are password generators; I personally use MasterPassword. It works this way: You pick a single, reasonably good master password you can memorize. The app is locked with that password. In the app, for each site, you generate an entry. Then the program takes your master password and the site name and generates a site specific password deterministically. It's never stored, always generated on the fly. The master password also is stored nowhere, a verification hash is. Hash and master password never leave your device. Even if you lose the site database to a bad guy, it's completely worthless without your master password. Caveat: You'd think you can reconstruct the database if you know your master password... but there also is a long random salt that enters password generation (a good thing). That one you need to back up.
If you use MasterPassword, put the password length to at least 10, better 12.

As another safety precaution, if the account you now use for authentication in the game has additional important functions (Forum moderator, for example), consider using a second account for the ingame stuff. You can ask your server admins to set up aliases between the two. I ran out of email addresses to use, so I guess I'll be [email protected] for the near future :)

I'll start working on a new token based authentication implementation where no exploitable information is passed over the server ASAP. It'll be in the 0.2.8 branch, at least the server side part. The client also needs to talk directly to the authority now, I'm not sure whether the 0.2.8 infrastructure is up to that without hiccups.

Take care.

=======================

Technical bits: Authentication on servers works by sending a hash of a hash of the password over the game server to the authority. The first hash is salted, that means it's not only a hash of the password, but also a per-user fixed bit of data. The second hash is nonced, that is also mixed with a random element the server chooses and also the server's IP. The hashes are not easy to invert, nobody knows yet how to do that. We knew it was crackable by brute force, but everything bar quantum encryption is. So at the time we implemented this, we all thought this was secure enough.

Unfortunately, we were wrong. In the past years, several big sites were hacked and password hash databases were stolen and published. Many of them used non-salted hashes, so only the password entered the stored hash; those can be cracked in bulk. You do this by having a good password guessing function, letting it generate lots of passwords, generating the hash from them and then comparing them to all the known password hashes. People started using dedicated hardware (GPU arrays and FPGAs) for massive parallel attacks. After each wave and each new database leak, people understood better how your average users pick their passwords. Every time, they improved their password guessing functions, found more passwords and gained even more experience. Where we stand now, machines are really, really good at guessing passwords. They know all your schemes.

"But our hashes are salted and nonced, surely that makes a difference?" You ask. Yes, it does, but only a little. Plain hashes mean that you can crack a thousand passwords as quickly as you can crack one because you can go at all of them at once. With salts or nonces, you have to crack each password individually. But if all you want is one password, you don't care about that. What makes the problem worse is that we picked the simplest and fastest hash function. That means brute force attacks can try really a lot of passwords; even if it's just CPU based, we're talking about around a hundred million password guesses per second.

User avatar
Jip
Round Winner
Posts: 397
Joined: Sat Sep 26, 2009 5:32 pm

Re: PSA: Pick good passwords, armathentication not super-sec

Post by Jip » Tue Aug 25, 2015 11:29 pm

Thanks for the warning.
I was wondering when this will become a topic. Are there any plans for the future to provide a more secure mechanism? Of
course this would need an update of the forums software aswell. But I think it would be a necesary step for the future. We cannot make it impossible to do brute force attacks but we can make them a lot harder.

User avatar
kyle
Reverse Outside Corner Grinder
Posts: 1827
Joined: Thu Jun 08, 2006 3:33 pm
Location: Indiana, USA, Earth, Milky Way Galaxy, Universe, Multiverse
Contact:

Re: PSA: Pick good passwords, armathentication not super-sec

Post by kyle » Wed Aug 26, 2015 12:56 am

Fist of all, thanks z-man for pointing this out and planning to implement something better. I'll probably post something a little more in depth in a few days, but I do want to mention that there is a possibility that a long password can be easy to guess also. In the case that the hashes collide when a weaker, shorter password is used. I just recently randomly typed something for one of my passwords (not tron related), because I did not want to authenticate when I was testing something. It happened to be something that collided with my password hash and I was authenticated. So I know a collision can happen between a weaker/ shorter password and a longer password. Now if the forms are smart they will probably use some different hashing method for the form login vs the forum password, so that theses collisions will not be the same, therefor requiring them to find the longer password.
Image

User avatar
sinewav
Graphic Artist
Posts: 6198
Joined: Wed Jan 23, 2008 3:37 am
Contact:

Re: PSA: Pick good passwords, armathentication not super-sec

Post by sinewav » Wed Aug 26, 2015 2:36 am

Also, resist the temptation to change your forums password to RedViolinHammerCar. I really, really want to do that, but instead I'm naming my next 4-song EP RedViolinHammerCar, which naturally is the name of all the songs in order.

Monkey
Match Winner
Posts: 709
Joined: Thu May 22, 2008 12:36 am
Location: England, UK

Re: PSA: Pick good passwords, armathentication not super-sec

Post by Monkey » Wed Aug 26, 2015 4:51 am

Good to see quick disclosure and hopefully a fairly quick fix of this issue, thanks.
Playing since December 2006

Word
Reverse Adjust Outside Corner Grinder
Posts: 4159
Joined: Wed Jan 07, 2009 6:13 pm

Re: PSA: Pick good passwords, armathentication not super-sec

Post by Word » Wed Aug 26, 2015 7:44 am

kyle wrote:Now if the forms are smart they will probably use some different hashing method for the form login vs the forum password, so that theses collisions will not be the same, therefor requiring them to find the longer password.
Yup, I was going to suggest just that. It would be cool if you can still use your shorter forum password in trusted servers though.

User avatar
Ratchet
Match Winner
Posts: 779
Joined: Sat Mar 15, 2008 5:55 am
Contact:

Re: PSA: Pick good passwords, armathentication not super-sec

Post by Ratchet » Wed Aug 26, 2015 2:35 pm

Z-Man wrote:It's important that you really pick random words and not the first words that come to your mind; then your password will be RedViolinHammerCar.

I actually laughed at this part. Is it, by chance, a variant of this?

kyle wrote:I just recently randomly typed something for one of my passwords (not tron related), because I did not want to authenticate when I was testing something. It happened to be something that collided with my password hash and I was authenticated.
Are you saying that you just typed something completely random into the tron login for your password and you were successfully authenticated due to the hash somehow becoming identical to the actual hash that would have occurred with the correct password? Wouldn't the odds be like one-in-a-trillion or something?
Image
"Dream as if you'll live forever,
Live as if you'll die today." -James Dean

User avatar
kyle
Reverse Outside Corner Grinder
Posts: 1827
Joined: Thu Jun 08, 2006 3:33 pm
Location: Indiana, USA, Earth, Milky Way Galaxy, Universe, Multiverse
Contact:

Re: PSA: Pick good passwords, armathentication not super-sec

Post by kyle » Wed Aug 26, 2015 5:08 pm

Ratchet wrote:
kyle wrote:I just recently randomly typed something for one of my passwords (not tron related), because I did not want to authenticate when I was testing something. It happened to be something that collided with my password hash and I was authenticated.
Are you saying that you just typed something completely random into the tron login for your password and you were successfully authenticated due to the hash somehow becoming identical to the actual hash that would have occurred with the correct password? Wouldn't the odds be like one-in-a-trillion or something?
Even though not tron related, still slim odds.
Image

User avatar
dlh
Formerly That OS X Guy
Posts: 2034
Joined: Fri Jan 02, 2004 12:05 am
Contact:

Re: PSA: Pick good passwords, armathentication not super-sec

Post by dlh » Wed Aug 26, 2015 5:13 pm

Another thing: don't use your global ID and password to log in to third-party web sites.

Well, unless you're ok with that site's operator handling your plaintext password.

User avatar
ConVicT
Shutout Match Winner
Posts: 1004
Joined: Fri Feb 17, 2012 2:33 am

Re: PSA: Pick good passwords, armathentication not super-sec

Post by ConVicT » Wed Aug 26, 2015 6:00 pm

Are there certain servers we should avoid logging into?
Just that I entered a server with people talking about someone stealing passwords in Ladle servers.

User avatar
Z-Man
God & Project Admin
Posts: 11220
Joined: Sun Jan 23, 2005 6:01 pm
Location: Cologne, Jabber: [email protected]
Contact:

Re: PSA: Pick good passwords, armathentication not super-sec

Post by Z-Man » Wed Aug 26, 2015 10:13 pm

Monkey wrote:Good to see quick disclosure and hopefully a fairly quick fix of this issue, thanks.
Wasn't really quick. We knew about the weakness for a while now, but those blasted time constraints prevented us from doing anything about it. Disclosure was delayed because it always also helps the bad guys, but I guess we don't need to worry about that any more.
Ratchet wrote:I actually laughed at this part. Is it, by chance, a variant of this?
Yes. I learned about it when reading about a magic mind reading trick for children waaay back. I never verified whether it's true (the 2% figure in that image seems low), but what definitely is true is that our brains are very bad at randomness.
kyle wrote:I just recently randomly typed something for one of my passwords (not tron related), because I did not want to authenticate when I was testing something. It happened to be something that collided with my password hash and I was authenticated.
That is rather unlikely to happen even with the current system. Sure, there are bound to be colliding passwords, but if they're shorter than your actual password, your password must be very good.

User avatar
ConVicT
Shutout Match Winner
Posts: 1004
Joined: Fri Feb 17, 2012 2:33 am

Re: PSA: Pick good passwords, armathentication not super-sec

Post by ConVicT » Wed Aug 26, 2015 11:26 pm

I'll take this as either you don't know the answer to my questions and/or you're just ignorant and don't care to answer.

This is where I end up agreeing with people like Durf.
I have a question... You (as a dev/moderator) have completely ignored me, making my questions and opinions look irrelevant.

That right there was a serious question from me.
Thanks (you as a dev and moderator) for making my Armagetron experience feel safe and secure.

User avatar
sinewav
Graphic Artist
Posts: 6198
Joined: Wed Jan 23, 2008 3:37 am
Contact:

Re: PSA: Pick good passwords, armathentication not super-sec

Post by sinewav » Thu Aug 27, 2015 12:02 am

ConVicT wrote:Thanks (you as a dev and moderator) for making my Armagetron experience feel safe and secure.
Want to feel secure? Take the advice from this thread and construct a stronger password. It's good practice and it really shouldn't matter which server have been compromised. Protect yourself all of them, now.

User avatar
ConVicT
Shutout Match Winner
Posts: 1004
Joined: Fri Feb 17, 2012 2:33 am

Re: PSA: Pick good passwords, armathentication not super-sec

Post by ConVicT » Thu Aug 27, 2015 1:11 am

sinewav wrote:
ConVicT wrote:Thanks (you as a dev and moderator) for making my Armagetron experience feel safe and secure.
Want to feel secure? Take the advice from this thread and construct a stronger password.
I get it but...
In his position, I'd have answered me if I'd know the answer, wouldn't you?
The fact of the matter is, I should have at least have gotten:
Z-Man (If he didn't know) should've wrote:I have no idea.
Sorry if I seem like a dick, I just can't stand ignorance :evil:

User avatar
aP|Nelg
Match Winner
Posts: 542
Joined: Wed Oct 22, 2014 10:22 pm
Contact:

Re: PSA: Pick good passwords, armathentication not super-sec

Post by aP|Nelg » Thu Aug 27, 2015 1:14 am

sinewav wrote:
ConVicT wrote:Thanks (you as a dev and moderator) for making my Armagetron experience feel safe and secure.
Want to feel secure? Take the advice from this thread and construct a stronger password. It's good practice and it really shouldn't matter which server have been compromised. Protect yourself all of them, now.
He's got a valid point, Z-Man is pretty much ignoring his questions.

Post Reply