Decipher Multi-Factor Authentication - A Developers Introduction
0 likes126 views
This document provides a detailed overview of Multi-Factor Authentication (MFA) and its underlying technologies, including One-Time Passwords (OTP), HMAC, and various hash functions. It discusses the algorithms used in authentication processes such as HOTP and TOTP, along with examples and potential vulnerabilities. The text further examines the security of MFA, key cracking methods, and implementation considerations for secure server communication.
Decipher Multi-Factor Authentication - A Developers Introduction
- 1. Decipher MFA Brought to you by Boshan Sun 1
- 3. MFA • Multi-Factor Authentication MFA • Two-Factor Authentication 2FA 3
- 4. 4
- 5. 2FA 5
- 6. Tech behind • otp • hotp • totp • hmac • sha • base32 6
- 7. otp • one-time password, rfc 2289, 1998 • prevent replay attack MD5 ENCODINGS Pass Phrase Seed Cnt Hex Six Word Format ==================================================================================== This is a test. TeSt 0 9E87 6134 D904 99DD INCH SEA ANNE LONG AHEM TOUR This is a test. TeSt 1 7965 E054 36F5 029F EASE OIL FUM CURE AWRY AVIS This is a test. TeSt 99 50FE 1962 C496 5880 BAIL TUFT BITS GANG CHEF THY AbCdEfGhIjK alpha1 0 8706 6DD9 644B F206 FULL PEW DOWN ONCE MORT ARC AbCdEfGhIjK alpha1 1 7CD3 4C10 40AD D14B FACT HOOF AT FIST SITE KENT AbCdEfGhIjK alpha1 99 5AA3 7A81 F212 146C BODE HOP JAKE STOW JUT RAP OTP's are good correct 0 F205 7539 43DE 4CF9 ULAN NEW ARMY FUSE SUIT EYED OTP's are good correct 1 DDCD AC95 6F23 4937 SKIM CULT LOB SLAM POE HOWL OTP's are good correct 99 B203 E28F A525 BE47 LONG IVY JULY AJAR BOND LEE 7
- 8. hotp • hmac-based one-time password, rfc 4226, 2005 8
- 9. hmac • hash-based message authentication code 9
- 10. Why do we need hash function? 10
- 11. hash function • md5(1992) • sha(1995) • sha256/sha512(2001) • sha3(2015) an example show me the money alice ------------------------------------------------------------------> bob show me the money alice ------------------------------------------------------------------> bob 3f3a323ba2bc a problem show me the money show me the honey alice ----------------------------> eve ----------------------------> bob 3f3a323ba2bc 37954357d876 11
- 12. a potential solution show me the money rA9 sha rA9show me the money -------> f023a7d109f1 sha rA9f023a7d109f1 -------> b15c701d5e63 show me the money alice ------------------------------------------------------------------> bob rA9 b15c701d5e63 rA9 show me the money show me the honey alice ----------------------------> eve ----------------------------> bob rA9 b15c701d5e63 b15c701d5e63 rA9 233999963a1d 12
- 13. hmac $ erl 1> crypto:hmac(sha,"rA9","show me the money"). <<27,10,170,232,190,54,79,113,69,29,72,245,62,229,197,166,75,195,24,82>> 13
- 14. hotp • hmac-based one-time password, rfc 4226, 2005 hotp algorithm rA9 hmac(sha,"rA9","0000000000000000") 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 d8 41 ef 1c 96 ac 02 0c d1 a3 32 06 15 58 ec 69 4d d2 3f 32 * ** ** ** ** 2 ef 1c 96 ac 1110 1111 0001 1100 1001 0110 1010 1100 110 1111 0001 1100 1001 0110 1010 1100 1864144556 144556 mfa.erl hotp(Key,C) -> <<_:156,Sz:4>> = Hmac = crypto:hmac(sha,Key,<<C:64>>), <<_:Sz/binary,_:1,N:31,_/binary>> = Hmac, N rem 1000000. 14
- 15. totp • time-based one-time password, rfc 6238, 2011 totp algorithm unix epoch time 1970-01-01 00:00:00 0 2018-10-23 17:00:00 1540314000 2038-01-19 03:14:07 2147483647 1901-12-13 20:45:52 -2147483648 hotp("rA9",1540314000/30) 386452 mfa.erl totp(Key) -> T = calendar:datetime_to_gregorian_seconds(calendar:now_to_datetime(erlang:timestamp())) - 62167219200, hotp(Key,T div 30). 15
- 16. mfa ow an example hellokitty/password123 user ------------------------------------------------------------------> server key 996970 key 16
- 17. Enable mfa key uri format otpauth://totp/GitHub:hellokitty?secret=4fakhx6cibvwwngp&issuer=GitHub 17
- 18. base32 base32 encoding # rfc 4648 00 A 09 J 18 S 27 3 01 B 10 K 19 T 28 4 02 C 11 L 20 U 29 5 03 D 12 M 21 V 30 6 04 E 13 N 22 W 31 7 05 F 14 O 23 X 06 G 15 P 24 Y (pad) = 07 H 16 Q 25 Z 08 I 17 R 26 2 rA9 01110010 01000001 00111001 01110 01001 00000 10011 1001 01110 01001 00000 10011 10010 14 09 00 19 18 O J A T S OJATS=== # the length of base32 encoded string is always divisible by 8 18
- 19. simple authenticator implementation mfa.erl totp(Key0) -> T = calendar:datetime_to_gregorian_seconds(calendar:now_to_datetime(erlang:timestamp())) - ?epoch, Key = decode32(string:uppercase(Key0)), hotp(Key,T div 30). hotp(Key,C) -> <<_:156,Sz:4>> = Hmac = crypto:hmac(sha,Key,<<C:64>>), <<_:Sz/binary,_:1,N:31,_/binary>> = Hmac, N rem 1000000. usage $ cat ~/.mfa/config {github,"somerandpassword"}. {gitlab,"somecoolpassword"}. {google,"somegoodpassword"}. $ escript mfa.erl github: 583309, valid in 26s gitlab: 166210, valid in 26s google: 704368, valid in 26s 19
- 20. Is MFA safe? 20
- 21. How to crack MFA? 21
- 22. an example hellokitty/password123 user ------------------------------------------------------------------> server key 996970 key hotp(Key,T) -> 996970 22
- 23. brute force the key $ erl 1> hack:run(). Key is <<91,101,252>>, hotp for 73 is 076127 potential key found <<12,243,176>>, hotp is 076127 potential key found <<41,163,60>>, hotp is 076127 potential key found <<54,214,149>>, hotp is 076127 potential key found <<57,134,46>>, hotp is 076127 potential key found <<57,206,238>>, hotp is 076127 potential key found <<68,189,61>>, hotp is 076127 potential key found <<70,78,253>>, hotp is 076127 potential key found <<90,172,149>>, hotp is 076127 potential key found <<91,101,252>>, hotp is 076127 potential key found <<96,226,141>>, hotp is 076127 ... *** found key <<91,101,252>> in 16s *** 23
- 24. brute force the key the Erlang way $ erl 1> phack:run(3). Started 12 worker processes. Random generated key is <<154,226,246>>, hotp for 360 is 917202 potential key <<22,72,233>> found by worker <0.172.0>, hotp is 917202 potential key <<67,6,87>> found by worker <0.170.0>, hotp is 917202 potential key <<110,133,18>> found by worker <0.168.0>, hotp is 917202 potential key <<153,173,223>> found by worker <0.166.0>, hotp is 917202 potential key <<197,0,181>> found by worker <0.164.0>, hotp is 917202 potential key <<154,226,246>> found by worker <0.166.0>, hotp is 917202 key <<154,226,246>> found by worker <0.166.0> in 1s 24
- 25. $ erl 1> phack:run(4). Started 12 worker processes. Random generated key is <<81,10,150,35>>, hotp for 375 is 655173 potential key <<170,170,211,211>> found by worker <0.111.0>, hotp is 655173 potential key <<64,3,113,77>> found by worker <0.116.0>, hotp is 655173 potential key <<106,175,21,120>> found by worker <0.114.0>, hotp is 655173 potential key <<0,5,110,147>> found by worker <0.119.0>, hotp is 655173 potential key <<149,93,101,149>> found by worker <0.112.0>, hotp is 655173 potential key <<170,179,226,52>> found by worker <0.111.0>, hotp is 655173 potential key <<213,98,135,55>> found by worker <0.109.0>, hotp is 655173 potential key <<0,21,166,137>> found by worker <0.119.0>, hotp is 655173 potential key <<149,107,68,31>> found by worker <0.112.0>, hotp is 655173 ... key <<81,10,150,35>> found by worker <0.116.0> in 849s 25
- 26. Is MFA safe? • https://github.com/sunboshan/mfa analysis key length bits crack time 1 8 ~0s 2 16 ~0s 3 24 ~16s 4 32 ~1.1h 5 40 ~11.7d 6 48 ~8.2y 7 56 ~2099y 8 64 ~537ky 9 72 ~137my 10 80 ~35kmy 26
- 27. Server implementation • key is long enough, at least 10 bytes(github key length; aws key length is 40 bytes) • recover mechanism • authentication logic 27
- 28. 28