2

I want to try out a system where I use a key and salt it with the name of a website, then hash it and use the hash as my password on the site that it's salted with. But, I'd like to do this securely. My concerns are:

  1. The hash (my password for a given site) being printed to the terminal

  2. The hash, as well as my universal key used to generate the hash, being in memory.

Would it be safe to print the password to the terminal, and just close the terminal after? Would the key and password be gone from memory and disk once Python has completed? I'm going to use getpass, but does that provide any actual security against anything but over-shoulder lookers? Is there a way to securely overwrite the raw key and the hash/password in RAM?

tkbx
  • 15,602
  • 32
  • 87
  • 122
  • 3
    Don't roll your own - take a look at a good Python implementation of BCrypt, that should keep your passwords secure enough. It includes salting. Your system is flawed in that a single salt is considerably less effective as it allows an attacker to attack the entire database at once, instead of attacking each record at a time. – Gareth Latty Apr 12 '13 at 16:14
  • There wouldn't be a database, I would input my key, then the name of the site without TLD, and it would use those to hash "axpy8t_(mykey)_k4nrkq01g_(sitename)_oaoeb61h!sppx" or something like that, then output the hash, I would rehash it whenever I need my password, and only have to remember my key. – tkbx Apr 12 '13 at 16:23
  • I see, sorry, your post is a little unclear - you want to use this as a scheme to generate unique passwords for sites? I'd recommend using something like LastPass instead - same idea, but ready-implemented. – Gareth Latty Apr 12 '13 at 16:31
  • @tkbx I posted a question specifically asking about the safety of your first concern. I'm also interested in making this password manager. [Here's the link](https://unix.stackexchange.com/q/591522/399271) – WalksB Jun 08 '20 at 16:19

2 Answers2

2

The short answer is NO. Python will have stored the password in memory in a number of places and will not clear it from the memory either, it just releases the memory area where the password is stored.

Meaning that there's no such thing as a SecureString found in .NET for instance.

More on all this: Python - Releasing/replacing a string variable, how does it get handled?

Your best bet is either to write your own C libarary that handles the input and storage in memory and where you build a shred() function to not just release the memory area but also writes data over that memory allocation.

Your do you a ld_preload where you replace the malloc and what not that python uses.

import getpass
print getpass.getpass('Give me your password: ')

Further more, hashes is normally bad. It's good to hash your stuff, plain text is just wrong if you store stuff but you shouldn't use it as a authentication method unless you know why and what you're doing. Also, normally you'll have to store your salt and that's a bad idea for the most part since that will just null the hash thought all togeather.. erm meh i'm tired but google around and you'll get the idea.

Torxed
  • 22,866
  • 14
  • 82
  • 131
  • 1
    It is, however, worth asking 'Is it worth doing this?'. Is an attack that fishes the password out of memory from a home-rolled password generation system likely at all? – Gareth Latty Apr 12 '13 at 16:40
  • It's worth asking sure. But the answer is still no.. Python is not secure. Given physical access or root access to a machine you can easily dump the memory and your password will be right there. – Torxed Apr 12 '13 at 16:43
  • 1
    Is physical/root access for an attacker actually likely here? Not to mention one that knows to look for this generation method? Sure, theoretically, there is an attack, but in reality, it's not one that's going to happen. The OP seems to be talking about creating something for personal use. It's just not a problem that's going to occur in the real world. – Gareth Latty Apr 12 '13 at 16:48
  • 2
    As a security consultant perhaps i'm going overboard on the whole issue.. considering Python is a swizz cheeze you're probably correct that there's to much "worry" in my post. However, an attack is more than likely to occur and since the user is asking about security here's the black and white bitter truth.. there is a threat out there, and if you want to secure your stuff, do it proper! The whole thing about hashes and what not is another level of stupidity done incorrectly :) – Torxed Apr 12 '13 at 16:53
  • @Torxed I wouldn't say it's "more than likely" that someone would exploit this, I'd just like to stay on the safe side. RAM isn't my major worry (as long as the data in memory is "erased" in the sense that `rm` "erases" things, I don't care if the data actually remains there), it's whether there's some kind of terminal output log (like `echo x > y`) going on in the background. If that's the case, I don't want each and every one of my passwords stored in plain text on an unencrypted drive in multiple places. I think it should be fine, unless there is some output log like I described earlier. – tkbx Apr 12 '13 at 18:35
  • @Lattyware I don't have the NSA on my tail or anything, but I think making this as secure as possible would be a fun experiment. – tkbx Apr 12 '13 at 18:42
  • @tkbx I added a two-liner for hiding password inputs for the user, if you're not worried about the actual security that will add the "security" you're probably looking for :) – Torxed Apr 15 '13 at 11:38
  • @Torxed But it's the outputs that I care about. If my key and the salt hash to `ab0e293c9bd1ab637bcc9b7095ce236133281719cce972c94ff74786ab9767be`, my password for that site would be `ab0e293c9bd1ab637bcc9b7095ce236133281719cce972c94ff74786ab9767be`, which would be in memory. I think I'll just learn C as I was planning on soon, anyway, would make this whole thing much more secure. – tkbx Apr 16 '13 at 00:36
  • @tkbx `getpassword.getpassword()` will hide the output in the console! the password in the database should be hashed accordingly: http://crackstation.net/hashing-security.htm and for petes sake use SSL whatever you do, way to many people underestimate the use of SSL (even tho it's vulnerable it still gets all the skiddies off your back). – Torxed Apr 16 '13 at 06:40
  • 1
    @Torxed there is no database. What I want to do is accept two inputs: The key (`9mx9nkry`) and the salt (`stackoverflow`), combine them, and hash them. This hash would be my password for the site described in the salt. If I was registering for Twitter, and my key was `bSub4H6eqO`, I would hash `bSub4H6eqOtwitter`, and the resulting hash would be my Twitter password. It would be displayed in the terminal, and stored in memory, my two concerns. – tkbx Apr 18 '13 at 14:36
  • @Torxed has your answer recently changed, at least on linux? I thought that released memory is zeroed out beforehand. – WalksB Jun 08 '20 at 02:45
  • @ZaidGharaybeh IIRC, the kernel only zeroes kernel memory address pages before releasing it (to user space) in an attempt to secure kernel data from user space. I don't think (but could be wrong) that the kernel zeroes all address pages upon release as this would be some what of a slow process if all processes in the system juggled memory all the time. Altho this might have changed over the years. Even then, Python doesn't necessarily free/release all variables anyway. Read more on [lib gc](https://docs.python.org/3/library/gc.html#gc.is_tracked). – Torxed Jun 08 '20 at 06:26
2

I wouldn't worry about these. If a hostile agent is on your machine, you have bigger issues to worry about than terminal buffers and private memory.

I do know that there are already similar solutions that are much slicker than what you describe; browser plugins that combine a master password with the domain name to make a unique plugin, with nice auto-completion features.

But if this is mostly a programming exercise, go for it! "Normal" users won't be able to access your terminal buffer. They also shouldn't be able to examine the memory of your process.

bukzor
  • 37,539
  • 11
  • 77
  • 111
  • Bigger issues like what? I was under the impression that cold booting and "unerasing" `rm`'d files were the only real attacks that can be done without a multi-million dollar brute force operation. – tkbx Apr 12 '13 at 18:40
  • 3
    If they're on your machine, they can take it down in a myriad of ways, use it to serve porn, use it to crack capchas. These are what I was thinking of. – bukzor Apr 12 '13 at 18:48
  • I was thinking more with the assumption that it's been lost and found. Don't you have to do something horribly stupid, like install a keylogger on another computer and SSH into it, for someone to gain remote access to your machine? – tkbx Apr 12 '13 at 18:51
  • tkbx: Not really. Leave a telnet / rsh port open. Leave ssh open with a weak root password. Run a php server which executes all *.php files, and allows file uploads (including myhack.php). If you're interested in this stuff, you should participate in https://stripe.com/blog/capture-the-flag-20 – bukzor Apr 12 '13 at 18:54