I've seen a few similar questions that don't quite seem to address my exact use case, and I THINK I've figured out the answer, but I'm a total noob when it comes to security, RSA, and pretty much everything associated with it. I have a basic familiarity with the concepts, but all of the actual implementations I've done up to this point were all about editing someone else's code rather than generating my own. Anyway, here's where I am:
I know that Javascript is an inherently bad place to do encryption. Someone could Man-in-the-Middle your response and mangle the JS so you'll end up sending unencrypted data over the wire. It SHOULD be done via an HTTPS SSL/TLS connection, but that kind of hosting costs money and so do the official signed certificates that should realistically go with the connection.
That being said, I think the way I'm going to do this circumvents the Man-in-the-Middle weakness of JS encryption by virtue of the fact that I'm only ever encrypting one thing (a password hash) for one RESTful service call and then only using that password hash to sign requests from the client in order to authenticate them as coming from the user the requests claim. This means the JS is only responsible for encrypting a password hash once at user account creation and if the server cannot decode that cipher then it knows it's been had.
I'm also going to save some client information, in particular the $_SERVER['REMOTE_ADDR'] to guarantee that someone doesn't M-i-t-M the registration exchange itself.
I'm using PHP's openssl_pkey_ functions to generate an asymmetric key, and the Cryptico library on the client side. My plan is for the user to send a "pre-registration" request to the REST service, which will cause the server to generate a key, store the private key and the client information in a database indexed by the email address, and then respond with the public key.
The client would then encrypt the user's password hash using the public key and send it to the REST service as another request type to complete the registration. The server would decrypt and save the password hash, invalidate the client information and the private key so no further registrations could be conducted using that information, and then respond with a 200 status code.
To login, a user would type in their email address and password, the password would be hashed as during registration, appended to the a request body, and hashed again to sign a request to a login endpoint which would try to append the stored hash to the request body and hash it to validate the signature against the one in the request and so authenticate the user. Further data requests to the service would follow the same authentication process.
Am I missing any glaring holes? Is is possible to spoof the $_SERVER['REMOTE_ADDR'] value to something specific? I don't need the IP address to be accurate or the same as when the user logs in, I just need to know that the same machine that 'pre-registered' and got a public key followed up and completed the registration instead of a hijacker completing the registration for them using a snooped public key. Of course, I guess if they can do that, they've hijacked the account beyond recovery at creation and the legitimate user wouldn't be able to complete the registration with their own password, which is ok too.
Bottom line, can someone still hack my service unless I fork out for a real SSL host? Did I skirt around Javascript's weaknesses as an encryption tool?
As I write and debug my code, I'll post it here if anyone wants to use it. Please let me know if I'm leaving my site open to any kind of attacks.
These are the functions that validate client requests against the hash in the headers, generate the private key, save it to the database, respond with the public key, and decrypt and check the password hash.
public function validate($requestBody = '',$signature = '',$url = '',$timestamp = '') {
if (is_array($requestBody)) {
if (empty($requestBody['signature'])) { return false; }
if (empty($requestBody['timestamp'])) { return false; }
if ($requestBody['requestBody'] === null) { return false; }
$signature = $requestBody['signature'];
$timestamp = $requestBody['timestamp'];
$requestBody = $requestBody['requestBody'];
}
if (($requestBody === null) || empty($signature) || empty($timestamp)) { return false; }
$user = $this->get();
if (count($user) !== 1 || empty($user)) { return false; }
$user = $user[0];
if ($signature !== md5("{$user['pwHash']}:{$this->primaryKey}:$requestBody:$url:$timestamp")) { return false; }
User::$isAuthenticated = $this->primaryKey;
return $requestBody;
}
public function register($emailAddress = '',$cipher = '') {
if (is_array($emailAddress)) {
if (empty($emailAddress['cipher'])) { return false; }
if (empty($emailAddress['email'])) { return false; }
$cipher = $emailAddress['cipher'];
$emailAddress = $emailAddress['email'];
}
if (empty($emailAddress) || empty($cipher)) { return false; }
$this->primaryKey = $emailAddress;
$user = $this->get();
if (count($user) !== 1 || empty($user)) { return false; }
$user = $user[0];
if (!openssl_private_decrypt(base64_decode($cipher),$user['pwHash'],$user['privateKey'])) { return false; }
if (md5($user['pwHash'].":/api/preRegister") !== $user['session']) { return false; }
$user['session'] = 0;
if ($this->put($user) !== 1) { return false; }
$this->primaryKey = $emailAddress;
User::$isAuthenticated = $this->primaryKey;
return $this->getProfile();
}
public function preRegister($emailAddress = '',$signature = '') {
if (is_array($emailAddress)) {
if (empty($emailAddress['signature'])) { return false; }
if (empty($emailAddress['email'])) { return false; }
$signature = $emailAddress['signature'];
$emailAddress = $emailAddress['email'];
}
if (empty($emailAddress) || empty($signature)) { return false; }
$this->primaryKey = $emailAddress;
$response = $this->makeUserKey($signature);
if (empty($response)) { return false; }
$response['emailAddress'] = $emailAddress;
return $response;
}
private function makeUserKey($signature = '') {
if (empty($signature)) { return false; }
$config = array();
$config['digest_alg'] = 'sha256';
$config['private_key_bits'] = 1024;
$config['private_key_type'] = OPENSSL_KEYTYPE_RSA;
$key = openssl_pkey_new($config);
if (!openssl_pkey_export($key,$privateKey)) { return false; }
if (!$keyDetails = openssl_pkey_get_details($key)) { return false; }
$keyData = array();
$keyData['publicKey'] = $keyDetails['key'];
$keyData['privateKey'] = $privateKey;
$keyData['session'] = $signature;
if (!$this->post($keyData)) { return false; }
$publicKey = openssl_get_publickey($keyData['publicKey']);
$publicKeyHash = md5($keyData['publicKey']);
if (!openssl_sign($publicKeyHash,$signedKey,$privateKey)) { return false; }
if (openssl_verify($publicKeyHash,$signedKey,$publicKey) !== 1) { return false; }
$keyData['signedKey'] = base64_encode($signedKey);
$keyData['rsa'] = base64_encode($keyDetails['rsa']['n']).'|'.bin2hex($keyDetails['rsa']['e']);
unset($keyData['privateKey']);
unset($keyData['session']);
return $keyData;
}
What you are trying to do is to replace the need for SSL certificates signed by a Certificate Authority with custom JavaScript. I'm not a security expert, but as far as I know the simple answer is that this is not possible.
The basic fact is that on the public internet, the server can't trust what a client says, and a client can't trust what the server says, exactly because of man in the middle attacks. The reason why certificate authorities are necessary to begin with is to establish some kind of impartial trust base. CA's are carefully vetted by the browser vendors, and it's the only trust currently available on the public internet, although it's certainly not perfect.
I am curious to know why a relatively inexpensive SSL certificate (like the 1-year from Digicert at $175 USD) is out of the question. Especially if this is for a business, $175/yr is a reasonable expense (it works out to about $12.60 USD/month).
Related
I'm starting a REST API, and have begun researching hashing and shared salts/secrets.
I have successfully been able to generate a sha256 hash, sent it to my server via json and matched it to the stored hash.
Thats great and all, but i'm thinking, now that ive done this with json, the actual hash generated is still visible to everyone that wants it. I was under the impression that these hashes changed everytime you re-hashed a string using hash_hmac.
So how do i make sure that a random user wont find that little json snippet, grap the hashed key and start making API calls?
I might have misunderstood the concept completely, so any bumps is greatly appreciated.
Heres my "Client" page:
<?php
$key= hash_hmac('sha256', '66c74620db28603fe4bec7b0f3a8e53b', 'gwerganaevawe21_3faseghbamoirvQWD');
?>
<script>
$.getJSON( "domain.com/api/publicCourseSession.php?key=<?php echo $key;?>", function( data ) {
$.each( data, function( key, val ) {
console.log(val);
});
});
</script>
And here is my publicCourseSession.php:
header("Content-Type: application/json");
header('Access-Control-Allow-Origin: *');
$apikey =$_GET['key'];
session_start();
function hash_compare($a, $b) {
if (!is_string($a) || !is_string($b)) {
return false;
}
$len = strlen($a);
if ($len !== strlen($b)) {
return false;
}
$status = 0;
for ($i = 0; $i < $len; $i++) {
$status |= ord($a[$i]) ^ ord($b[$i]);
}
return $status === 0;
}
$currentnetwork = getCurrentNetwork();
$currentkey = getNetworkApiKey(getNetworkId($currentnetwork));
$currentsecret = getNetworkApiSecret(getNetworkId($currentnetwork));
$currentkey= hash_hmac('sha256', $currentkey, $currentsecret);
if (hash_compare($apikey,$currentkey)) {
$status='correct';
} else {
$status='not correct';
}
$arr[] = ["key"=>$apikey, "currentkey"=>$currentkey, "correctkeys"=>$status];
echo json_encode($arr);
You did well, that's step 1.
Thing is, you can't do security on the browser only - you should be providing the user with the secret key once he successfully authenticates himself using his credentials (like username/password). Once he has the secret key then he can use it to authenticate his requests and he no longer needs to send his username/password back and forth across the interwebs..
Goal of the secret key is to simplify authenticated requests once user started a session. To start a session you need to authenticate yourself first though, otherwise you'll be providing anyone with the secret key which defeats the purpose.
Also, key should be generated per user and expire after x amount of time so it can't be used indefinitely.
Hope this helps!
I had to do a basic login system to protect a page, and I have no access to database so i store the username and password hard coded in php page.
My question is, can this login system hold againts an attack? I need it to hold about 1 month.
Any sugestions to improve will be helpefull.
The code is not in laravel, even if it might look like.
The username and password, will be changed to something stronger of course.
Thank you in advance.
<?php
class UserController {
private $username;
private $password;
private $isLoggedIn = false;
// Credentials
public function credentials() {
$credentials = array(
array(
"username" => "telekom",
"password" => "1234"
),
array(
"username" => "telekom2",
"password" => "1234"
)
);
return $credentials;
}
// Basic login
public function login() {
foreach ($this->credentials() as $credential) {
if ($this->username == $credential['username'] && $this->password == $credential['password']) {
Session::put('username', $this->username);
Session::put('password', $this->password);
$this->isLoggedIn = true;
}
}
}
// Get login status
public function isLoggedIn() {
return $this->isLoggedIn;
}
// Logout
public function logout() {
// Delete all sessions
Session::all();
redirect('/telekom/');
}
// Telekom
public function telekom() {
$form = new Form();
if (Input::get('logout') == 1) {
$this->logout();
}
// Post Data from login form
if (Input::has('username') || Input::has('password')) {
if (!$form->isCsrfValid()) {
$form->errors['CSRF'] = "CSRF Token";
} // CSRF protection is on, comment to disable
if (empty($form->errors)) {
$this->username = Input::get('username');
$this->password = Input::get('password');
// Check Login
$this->login();
if (!$this->isLoggedIn()) {
Session::put('login', 'Username and password do not match.');
} else {
redirect('/telekom/');
}
} else {
Session::put('login', '<p class="color-dark-red"><strong>Errors:</strong></p>
<p>' . $form->displayErrors($form->errors) . '</p>');
}
// Check if session has username and password
} elseif (Session::has('username') && Session::has('password')) {
$this->username = Session::get('username', false);
$this->password = Session::get('password', false);
// Check Login
$this->login();
}
}
}// EOF Class User
// Outside class
$user = new UserController();
// Outside class
if (!$user->isLoggedIn()) {
// display login form
} else {
// display protected content
}
?>
My comments are getting lengthy, so I'll just move them here. I would not recommend you put the username and password in the same file. If PHP ever fails to process the page, it will be dumped as plain text to the user. Even for database connections (where the un/pwd almost have to be stored plain text), most people don't put the information in the same file.
You have a couple options:
Make a separate PHP file that sets your UN/PWD variables, put it somewhere that isn't accessible from outside your server, and include it in index.php. In this case, I wouldn't include the file until right when you're going to compare the variables and let the local scope dump it as soon as possible.
Since this is such basic authentication, you could use Apache's built in password authentication module.
in my opinion, this solution is safe enough when you don't plan to use it forever.
What would I check is setting of your web server - some text editors makes backup copies of edited files, like index.php~, index.php.bkp or so. Make sure whether your web server do not serve those files, if any.
The problem with temporary solutions is that they've never temporary.
Never hard code passwords. Some of the reasons are:
It is harder to keep source code secret than it is a key.
Any vulnerabilities in your site that allow reading of source code may reveal the password.
Passwords from development will end up in production.
It is impossible to change passwords without redeploying.
I have a site which runs off an MD5 hashing scheme for passwords. As a way of supporting this legacy system, I've this answer to manually override the login system for now. But this isn't really ideal, as MD5 is pretty much universally known to be awful at encryption. So in the interest of security, what's the best way to migrate users over to the safer CakePHP auth system without causing them undue grief?
Figured it out thanks to this answer (albeit lightly modified). Basically, it updates the user behind the scenes to use the new system if the current system doesn't match up with it.
/**
* Login method
*/
public function login() {
$this->layout = 'homepage';
// If the user is already logged in, redirect to their user page
if($this->Auth->user() != null) {
$this->redirect();
} else {
// If this is being POSTed, check for login information
if($this->request->is('post')) {
if($this->Auth->login($this->loginHelper($this->request->data))) {
// Redirect to origin path, ideally
} else {
$this->Session->setFlash('Invalid username or password, try again');
}
}
}
}
/**
* Update password method
* #param array The user's data array
* #param Returns either a user object if the user is valid or null otherwise
*/
private function loginHelper($data) {
$username = $this->data['User']['username'];
$plainText = $this->data['User']['password'];
$user = current($this->User->findByUsername($username));
$salted = Security::hash($plainText, null, true);
if ($salted === $user['password']) {
return $user; // user exists, password is correct
}
$md5ed = Security::hash($plainText, 'md5', null);
if ($md5ed === $user['password']) {
$this->User->id = $user['id'];
$this->User->saveField('password', $plainText);
return $user; // user exists, password now updated to blowfish
}
return null; // user's password does not exist.
}
So I'm trying to write this script for my site.
It looks quite messed up and broken.
Maybe somebody can help me tidy it up a bit and explain what might be incorrect.
Also, is there a way to make it shorter, looks a bit unsafe to me.
Thank you.
<?php
class Register
{
private $username;
private $password;
private $password2;
private $passmd5;
private $email;
private $email2;
private $errors;
private $rtoken;
public function __construct()
{
$this->errors = array();
$this->username = $this->filter($_POST['ruser']);
$this->password = $this->filter($_POST['rpass']);
$this->password2 = $this->filter($_POST['rpass2']);
$this->email = $this->filter($_POST['remail']);
$this->email2 = $this->filter($_POST['remail2']);
$this->rtoken = $_POST['rtoken'];
$this->passmd5 = md5($this->password);
}
public function process()
{
if ($this->valid_rtoken() && $this->valid_data())
$this->register();
return count($this->errors) ? 0 : 1;
}
public function filter($var)
{
return preg_replace('/[^a-zA-Z0-9#.]/', '', $var);
}
public function register()
{
mysql_query("INSERT INTO users(username,password,email) VALUES ('{$this->username}','{$this->passmd5}','{$this->email}')");
if (mysql_affected_rows() < 1)
$this->errors[] = '<font color="red">Database error</font>';
}
public function user_exists()
{
$data = mysql_query("SELECT ID FROM users WHERE username = '{$this->username}'");
return mysql_num_rows($data) ? 1 : 0;
}
public function email_exists()
{
$data = mysql_query("SELECT ID FROM users WHERE email = '{$this->email}'");
return mysql_num_rows($data) ? 1 : 0;
}
public function show_errors()
{
echo "";
foreach ($this->errors as $key => $value)
echo $value . "<br>";
}
public function valid_data()
{
if ($this->user_exists())
$this->errors[] = '<font color="red">Username Exists</font>';
if ($this->email_exists())
$this->errors[] = '<font color="red">email exists</font>';
if (empty($this->username))
$this->errors[] = '<font color="red">check your username</font>';
if (empty($this->password))
$this->errors[] = '<font color="red">check your password</font>';
if ($this->password != $this->password2)
$this->errors[] = '<font color="red">Passwords do not match</font>';
if (empty($this->email) || !eregi('^[a-zA-Z0-9._-]+#[a-zA-Z0-9._-]+\.[a-zA-Z]{2,4}$', $this->email))
$this->errors[] = '<font color="red">Check your email</font>';
if ($this->email != $this->email2)
$this->errors[] = '<font color="red">Emails do not match</font>';
return count($this->errors) ? 0 : 1;
}
public function valid_rtoken()
{
if (!isset($_SESSION['rtoken']) || $this->rtoken != $_SESSION['rtoken'])
$this->errors[] = '<font color="red">Check</font>';
return count($this->errors) ? 0 : 1;
}
}
?>
Swoosh, there are always better ways to write code. I hope to challenge you to rethink why your code is long, and why it might be unsafe, rather than rewrite your code for you. Hopefully you will learn more this way.
To begin with, hashing the password with MD5 is completely insecure. Please forget that MD5 ever existed, and please don't use even SHA1 for anything secure. Instead, you should use bcrypt or PBKDF2 (with SHA2 or Whirlpool and ~2000+ rounds). I suggest you refer to my answer to Secure Hash and Salt for PHP Passwords for tips and links to articles and libraries to help implement better security.
Second, mysql_* functions are deprecated as of PHP 5.5. Using MySQLi will get you by, but you should use a consistent interface such as PDO to handle the connections, and query escaping/filtering. While you might not be building your software in PHP 5.5, you will not always have control over if a host decides to upgrade your version of PHP. Optimize for future compatibility as much as you can now. Plus, PDO has some nifty features that are explained in its documentation.
Third, you should not use a regular expression to "filter" your query variables. The safest thing you can do is use intval/floatval on any numbers, and escape the rest through the DB library you use such as mysql_escape_string (or mysqli_real_escape_string) OR use prepared statements (which will sanitize variables for you).
Fourth, you are putting display logic into your object. Think about it: what purpose/role does this object fulfill? Does it handle the registration logic? Does it store the registration data? It's a good idea to use the Single Responsibility Principle here. It looks like the object is supposed to act like a hybrid model-controller, with presentational information in it. You could expand this to RegistrationModel and RegistrationController classes to handle storing the data temporarily, or even decide to do something else. But remember, the more responsibilities that your class has the more ways it'll have to break.
Also, by making all the attributes of Register private, you cannot have more than one way to register. What if you wanted a short-cut to the process, such as log in via OAuth (such as Twitter or Facebook), but needed to reuse some of the logic in Register? These attributes should at least be protected so that you can inherit from them, or even public so another object can interface with them (such as an object that notifies the user that their registration is successful).
I wrote a class to authenticate a user using HTTP Authentication the Digest way. I read a few articles and I got it working. Now, I would like to let it make use of Md5 passwords, but I can't seem to get it working, this is the function authenticating the users.
public function authenticate() {
// In case the user is not logged in already.
if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
// Return the headers.
$this->show_auth();
} else {
// Parse the given Digest-data.
$data = $this->parse_request($_SERVER['PHP_AUTH_DIGEST']);
// Check the data.
if (!$data) {
// Display an error message.
die($this->unauthorized);
} else {
// Based on the given information, generate the valid response.
$usr_password = "test";
// Generate the response partly.
$A1 = md5($data['username'].":".$this->get_realm().":".$usr_password);
$A2 = md5($_SERVER['REQUEST_METHOD'].":".$data['uri']);
// Generate the valid response.
$val_response = md5($A1.":".$data['nonce'].":".$data['nc'].":".$data['cnonce'].":".$data['qop'].":".$A2);
// Compare the valid response with the given response.
if ($data['response'] != $val_response) {
// Display the login again.
$this->show_auth();
} else {
// Return true.
return true;
}
}
}
}
So imagine the $usr_password="test" will be $usr_password=md5("test");
How do I compare passwords then?
Thanks.
The MD5 function is hashing function, one-directional method to produce the same result for the same input.
Thus, to compare $password1 to $password2 without revealing (comparing directly) both of them it should be enough to compare their hashes:
$hash1 = md5($password1); // hash for pass 1
$hash2 = md5($password2); // hash for pass 2
if ($hash1 === $hash2) {
// here goes the code to support case of passwords being identical
} else {
// here goes the code to support case of passwords not being identical
}
Is it clear enough? Let me know.