Evaluation of password hashing schemes in open source web platforms

Abstract Nowadays, the majority of web platforms in the Internet originate either from CMS to easily deploy websites or by web applications frameworks that allow developers to design and implement web applications. Considering the fact that CMS are intended to be plug and play solutions and their main aim is to allow even non-developers to deploy websites, we argue that the default hashing schemes rarely are modified. Also, recent studies suggest that even developers do not use appropriate hash functions to protect passwords, since they may not have adequate security expertise. Therefore, the default settings of CMS and web applications frameworks play an important role in the security of password storage. This paper evaluates the default hashing schemes of popular CMS and web application frameworks. First, we formulate the cost time of password guessing attacks and next we investigate the default hashing schemes of popular CMS and web applications frameworks. We then apply our framework to perform a comparative analysis of the cost time of password guessing attacks between the various CMS and web application frameworks. Finally, considering that intensive hash functions consume computational resources, we analyze hashing schemes from a different perspective. That is, we investigate if it is feasible and under what conditions to perform slow rate denial of service attacks from concurrent login attempts. Through our study we have derived a set of critical observations. We have discovered that many CMS and web application frameworks use outdated hash functions, arbitrary number of hash iterations, while there is a lack of password policies and salt. Notably, the popular WordPress still uses MD5 with low number of hash iterations. Overall, we believe that the security status of the hashing schemes of CMS and web application frameworks calls for changes to the default settings from an opt-in to an opt-out security policy. More security audits and official library implementations are also required to accelerate the adoption of memory hard functions both by policy makers and the industry.

[1]  Wenyuan Xu,et al.  Regional Patterns and Vulnerability Analysis of Chinese Web Passwords , 2016, IEEE Transactions on Information Forensics and Security.

[2]  Takamichi Saito,et al.  An implementation and its evaluation of password cracking tool parallelized on GPGPU , 2010, 2010 10th International Symposium on Communications and Information Technologies.

[3]  Josip Knezovic,et al.  Are Your Passwords Safe: Energy-Efficient Bcrypt Cracking with Low-Cost Parallel Hardware , 2014, WOOT.

[4]  Vitaly Shmatikov,et al.  Fast dictionary attacks on passwords using time-space tradeoff , 2005, CCS '05.

[5]  Paul A. Grassi,et al.  Digital identity guidelines: revision 3 , 2017 .

[6]  Wen-mei W. Hwu,et al.  Optimization principles and application performance evaluation of a multithreaded GPU using CUDA , 2008, PPoPP.

[7]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[8]  Sherman S. M. Chow,et al.  Phoenix: Rebirth of a Cryptographic Password-Hardening Service , 2017, USENIX Security Symposium.

[9]  Andrea Visconti,et al.  On the Weaknesses of PBKDF2 , 2015, CANS.

[10]  Alan S. Brown,et al.  Generating and remembering passwords , 2004 .

[11]  Donald E. Eastlake,et al.  US Secure Hash Algorithm 1 (SHA1) , 2001, RFC.

[12]  David Mazières,et al.  A future-adaptive password scheme , 1999 .

[13]  Garret Rempel Defining Standards for Web Page Performance in Business Applications , 2015, ICPE.

[14]  Sudhir Aggarwal,et al.  Password Cracking Using Probabilistic Context-Free Grammars , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[15]  David Mazières,et al.  The Advanced Computing Systems Association a Future-adaptable Password Scheme a Future-adaptable Password Scheme , 2022 .

[16]  Burton S. Kaliski,et al.  PKCS #5: Password-Based Cryptography Specification Version 2.0 , 2000, RFC.

[17]  Colin Percival STRONGER KEY DERIVATION VIA SEQUENTIAL MEMORY-HARD FUNCTIONS , 2009 .

[18]  Donald E. Eastlake,et al.  US Secure Hash Algorithms (SHA and HMAC-SHA) , 2006, RFC.

[19]  Samson Zhou,et al.  On the Economics of Offline Password Cracking , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[20]  Thomas Ristenpart,et al.  The Pythia PRF Service , 2015, USENIX Security Symposium.

[21]  Jan Camenisch,et al.  Practical yet universally composable two-server password-authenticated secret sharing , 2012, CCS.

[22]  Simon Josefsson,et al.  The scrypt Password-Based Key Derivation Function , 2016, RFC.

[23]  Alfred Kobsa,et al.  Counteracting the Negative Effect of Form Auto-completion on the Privacy Calculus , 2013, ICIS.

[24]  Pietro Michiardi,et al.  Password Strength: An Empirical Analysis , 2010, 2010 Proceedings IEEE INFOCOM.

[25]  Ninghui Li,et al.  A Study of Probabilistic Password Models , 2014, 2014 IEEE Symposium on Security and Privacy.

[26]  Claude Castelluccia,et al.  OMEN: Faster Password Guessing Using an Ordered Markov Enumerator , 2015, ESSoS.

[27]  Jeff Yan,et al.  Acceleration Attacks on PBKDF2: Or, What Is inside the Black-Box of oclHashcat? , 2016, WOOT.

[28]  Birgy Lorenz,et al.  "The Four Most-Used Passwords Are Love, Sex, Secret, and God": Password Security and Training in Different User Groups , 2013, HCI.

[29]  Ralf Zimmermann,et al.  High-speed implementation of bcrypt password search using special-purpose hardware , 2014, 2014 International Conference on ReConFigurable Computing and FPGAs (ReConFig14).

[30]  Matthew Smith,et al.  Why Do Developers Get Password Storage Wrong?: A Qualitative Usability Study , 2017, CCS.

[31]  Emin Islam Tatli Cracking More Password Hashes With Patterns , 2015, IEEE Transactions on Information Forensics and Security.