WTF Bites


  • area_can

    @Tsaukpaetra to load the animated full-page video for the background, of course!



  • @Tsaukpaetra I'm going to take a wild guess and say "cookies".



  • @Tsaukpaetra Old hash generation algorithm for password field that runs on Flash?

    There's so many companies that have their proxy server perform MTIM to unencrypt traffics and store them for logging activities done on company's PC, so some company goes extra mile to encrypt the password in additional to the protection offered by HTTPS.

    In one of my ex-companies, we were requested by a bank to do this before. We had implemented that in Java applet then JavaScript after being bitten by Java 6 update 22 .


  • area_can

    @Yamikuronue said in WTF Bites:

    Flash.. picture

    👀



  • @cheong said in WTF Bites:

    @Tsaukpaetra Old hash generation algorithm for password field that runs on Flash?

    There's so many companies that have their proxy server perform MTIM to unencrypt traffics and store them for logging activities done on company's PC, so some company goes extra mile to encrypt the password in additional to the protection offered by HTTPS.

    In one of my ex-companies, we were requested by a bank to do this before. We had implemented that in Java applet then JavaScript after being bitten by Java 6 update 22 .

    If you transmit the hash of the password and use that to log into the account on the server, the hash is the password, not whatever the user entered. So it's still being transmitted in plaintext.

    If you are worried about MITM and to work around that you send a script over the same connection that obfuscates the data, the MITM can also read and modify that script.

    If I was in charge of naming this antipattern, I would call it "security through completely missing the point of the technology you're trying to emulate".


  • 🚽 Regular

    @ben_lubar said in WTF Bites:

    If you transmit the hash of the password and use that to log into the account on the server, the hash is the password

    "We'll just hash the hash, and thinking two steps ahead, we'll just hash it again!"

    0_1494833122464_smartthinking.jpg


  • 🚽 Regular

    On a more serious note, hashing the password guarantees they don't have access to the plain password, which a naive user may be also using elsewhere. So there's that.



  • @ben_lubar said in WTF Bites:

    If you transmit the hash of the password and use that to log into the account on the server, the hash is the password

    Not if you properly send nonce to hash it with (and the nonce is actually a nonce, i.e. used only once).

    … then it needs a pair of commutative hash functions, which I once even tried to look for, but don't remember getting much useful result. It should be possible to make such thing with exponentiation, but the standard HTTP digest authentication methods don't seem to support it.

    @ben_lubar said in WTF Bites:

    If you are worried about MITM and to work around that you send a script over the same connection that obfuscates the data, the MITM can also read and modify that script.

    Yes, it can. But the fact is it does not.

    In this case, the point is not being secure, but not being the easiest target.

    @cheong said in WTF Bites:

    There's so many companies that have their proxy server perform MTIM to unencrypt traffics and store them for logging activities

    The company can also just install logger on all their computers (and ActiveDomain is definitely up to that task) and easily walk around all that MITM mitigation.


  • Notification Spam Recipient

    @Bulb said in WTF Bites:

    The company can also just install logger on all their computers

    Or just let HP do that for them. :trollface:


  • Fake News

    @Bulb said in WTF Bites:

    Not if you properly send nonce to hash it with (and the nonce is actually a nonce, i.e. used only once).

    Now you have a different problem: on the server you need the data (i.e. the plain-text password) to also check the hash, so now you need to store passwords with a reversible encryption rather than salted hashing.


  • Discourse touched me in a no-no place

    @Tsaukpaetra said in WTF Bites:

    you can't expire Microsoft's OWIN-based tokens

    So they've got at least one of the worst properties of biometrics?


  • Discourse touched me in a no-no place

    @Bulb said in WTF Bites:

    then it needs a pair of commutative hash functions, which I once even tried to look for, but don't remember getting much useful result.

    Why not use RSA? It's literally all about paired functions. (Yes, you've got expense in computing the functions to start with, but after that it's not too bad and it's easier to implement in JS than in C.)


  • FoxDev

    @dkf said in WTF Bites:

    it's easier to implement in JS than in C

    I'm curious why this would be the case.


  • Discourse touched me in a no-no place

    @RaceProUK said in WTF Bites:

    I'm curious why this would be the case.

    No chance of memory smashes. That makes a big difference. :-) Also, this:

    Bignum handling is one of the hardest parts of getting crypto right, up there with getting a good random number source.

    Oooh… all the critical bits are available.


  • :belt_onion:

    @Tsaukpaetra said in WTF Bites:

    @LB_ said in WTF Bites:

    infinitely refreshing logout page.

    Perhaps they took a page out of Microsoft's book...

    No, nonononono. Microsoft's pages infinitely redirect, not refresh...



  • @JBert said in WTF Bites:

    @Bulb said in WTF Bites:

    Not if you properly send nonce to hash it with (and the nonce is actually a nonce, i.e. used only once).

    Now you have a different problem: on the server you need the data (i.e. the plain-text password) to also check the hash, so now you need to store passwords with a reversible encryption rather than salted hashing.

    Not if you have the pair of commutative hashes.

    If you have pair of hashes, h and g, such that h(g(x)) == g(h(x)), then you can ask the client to send you g(x), store h(x) and compare. Since exponentiation is an irreversible function on which a lot of cryptography is built and it is commutative, you should be able to design such a pair of functions.

    The standard digest authentication does not use such functions though. As far as I can tell, the digest authentication has h(g(x)) and asks the client to do both and stores g(x)—which does make g(x) sufficient to get in in practice.

    @dkf said in WTF Bites:

    Why not use RSA? It's literally all about paired functions. (Yes, you've got expense in computing the functions to start with, but after that it's not too bad and it's easier to implement in JS than in C.)

    Well, the point here is that you don't want to use anything reversible. But you should be able to use the same math; i.e. something like the RSA encryption, but with random exponent instead of appropriately constructed key.


  • FoxDev

    @sloosecannon said in WTF Bites:

    @Tsaukpaetra said in WTF Bites:

    @LB_ said in WTF Bites:

    infinitely refreshing logout page.

    Perhaps they took a page out of Microsoft's book...

    No, nonononono. Microsoft's pages infinitely redirect, not refresh...

    No, nonononono. Microsoft's pages redirect to a page that tells you what you're looking for has been moved, and gives you a link that doesn't take you to the right place.


  • 🚽 Regular

    I didn't think to capture it while it lasted, and besides it was a bit doxxy, but I somehow managed to make Firefox interrupt a tab drag operation mid animation.

    The end result was a mostly normal-looking tab bar, except one of the tabs was offset from its position by about half a tab; ie there was an empty space before it, and it overlapped the tab to its right.

    I could click the tabs just fine, focusing each browser page as expected. Even the overlapping tabs coexisted peacefully, each being brought to the front depending on which was focused.

    The only difference in behaviour (besides the weird offset) was that ctrl+tabbing through the pages worked as if the tab I dragged was still in its original position before the drag.


  • Discourse touched me in a no-no place

    @Bulb said in WTF Bites:

    Since modular exponentiation is an irreversible function when the correct parameters are co-prime

    FTFY



  • @Bulb said in WTF Bites:

    Well, the point here is that you don't want to use anything reversible. But you should be able to use the same math; i.e. something like the RSA encryption, but with random exponent instead of appropriately constructed key.

    Yup. Except the "change password" part, where we'll need to employ some symmetric encryption algorithms.



  • @cheong Yes. That is a bit harder. You have to do a key exchange involving the password, since that is the only secret you have on the client side.

    Now that still only secures it against passive MITM. If the proxy hacks your script, it can just sniff the password on the client and you are done with, because they can always hack your script. Without something trusted to verify the script on the client, you are pwned either way.



  • @Bulb said in WTF Bites:

    @JBert said in WTF Bites:

    @Bulb said in WTF Bites:

    Not if you properly send nonce to hash it with (and the nonce is actually a nonce, i.e. used only once).

    Now you have a different problem: on the server you need the data (i.e. the plain-text password) to also check the hash, so now you need to store passwords with a reversible encryption rather than salted hashing.

    Not if you have the pair of commutative hashes.

    If you have pair of hashes, h and g, such that h(g(x)) == g(h(x)), then you can ask the client to send you g(x), store h(x) and compare. Since exponentiation is an irreversible function on which a lot of cryptography is built and it is commutative, you should be able to design such a pair of functions.

    I don't see the nonce anywhere. If your database has h(x) stored as the user's password hash, then your x parameter can't contain the nonce yet. It needs to be added.



  • @anotherusername both h and g are parametrized with appropriate salts. So it's really H(salt, G(nonce, x)) == G(nonce, H(salt, x)). (H(s, x) = G(s, x) = x^s mod n should work.) I hoped it would be kinda obvious that would be the approach.



  • @Bulb I'm asking, because then not only do you need commutative hash functions, but you need commutative hash functions that are still commutative when you're adding a nonce to the password.

    h(g(x)) == g(h(x)) is one thing, but if there's a nonce I thought it'd have to be something like h(g(x + n)) == g(h(x) + n).



  • @dkf said in WTF Bites:

    @Tsaukpaetra said in WTF Bites:

    you can't expire Microsoft's OWIN-based tokens

    So they've got at least one of the worst properties of biometrics?

    They have built-in expiration times (unless there's an option to generate them without, which would be :doing_it_wrong:), but can't be revoked early. The recommended way to use them is to have short-lived tokens and use refresh tokens to automatically generate new ones if the user is still logged in, has access, etc.


  • Notification Spam Recipient

    @hungrier said in WTF Bites:

    @dkf said in WTF Bites:

    @Tsaukpaetra said in WTF Bites:

    you can't expire Microsoft's OWIN-based tokens

    So they've got at least one of the worst properties of biometrics?

    They have built-in expiration times (unless there's an option to generate them without, which would be :doing_it_wrong:), but can't be revoked early. The recommended way to use them is to have short-lived tokens and use refresh tokens to automatically generate new ones if the user is still logged in, has access, etc.

    Yeah, we just said "here's your token" and expire it on the server side when necessary. The access available to people isn't that critical we need to do the whole refresh-token rigmarole.



  • 0_1494871735638_66797346-d54a-4e7a-984a-d27dd6440277-image.png

    :wtf: since when is the business plan cheaper than the personal one?


  • FoxDev

    @anonymous234 Since it has half the space


  • 🚽 Regular

    @anonymous234 Since you get a discount per user.



  • So @royal_poet and I are doing the flat furnishing thing because that's fun to look up... on Pinterest.

    Then we had to Google 'how to log out of Pinterest' because it's Discointuitive - click the person icon from the menu in the top right, to go to the profile page, then click on the three dots in the middle of the screen to get a menu from which Log Out is an option.

    :wtf:


  • FoxDev

    @Arantor 🎶 You can log into Pinterest, but you can never leave! 🎶



  • @Zecc But there's no "2 user minimum" so most individual users will end up getting the "Business" plan. Making it the new personal plan, and the personal plan actually "I want fewer features but the space equivalent of 2 users and a slight discount".

    I guess when your pricing ties 3 separate things together (features, space, number of users) there are always going to be compromises.


  • 🚽 Regular

    @anonymous234 said in WTF Bites:

    But there's no "2 user minimum" so most individual users will end up getting the "Business" plan.

    What does the rest of the license agreement say?



  • 0_1494879823675_469765c8-b0f4-48be-a581-e13ff150cc2b-image.png

    WARNING: WINDOWS DEFENDER HAS DETECTED DWARF FORTRESS IN 32, 64, AND 32 BITS


  • Java Dev

    @ben_lubar said in WTF Bites:

    0_1494879823675_469765c8-b0f4-48be-a581-e13ff150cc2b-image.png

    WARNING: WINDOWS DEFENDER HAS DETECTED DWARF FORTRESS IN 32, 64, AND 32 BITS

    Rather that than 'The following 2gb worth of files have been deleted because they might contain viruses.'



  • @ben_lubar

    bool isSuspicious(File f) 
    {
        if (f.name.Contains("hack") || f.name.Contains("h4xXx") || f.name.Contains("VIRUS")) 
        {
            return true;
        }
        else
        {
            //TODO: implement more checks 
            return false;
        }
    }


  • Speaking of Windows Defender WTFs: this new one (in the Creators Update) seems to include an option to do a full reset of your Windows install. You know, the option that's already been in the Windows settings (where it belongs) for 2 versions.



  • @anonymous234 said in WTF Bites:

    Speaking of Windows Defender WTFs: this new one (in the Creators Update) seems to include an option to do a full reset of your Windows install. You know, the option that's already been in the Windows settings (where it belongs) for 2 versions.

    Mine started giving me popups about "a driver problem" that directed me to run a troubleshooter that re-enabled a virtual memory card I wasn't using.

    Thanks, Microsoft.



  • @ben_lubar
    It's an obvious threat, it says so right in the file name: "dfhack" 🍹



  • vctip.exe is starting up after failed builds and then every few minutes it creates a file with some all-caps windows temp file paths in it INSIDE THE BUILD DIRECTORY THAT BUILDMASTER IS TRYING TO DELETE

    And it keeps doing that even after the build directory is manually deleted.



  • @ben_lubar said in WTF Bites:

    vctip.exe is starting up after failed builds and then every few minutes it creates a file with some all-caps windows temp file paths in it INSIDE THE BUILD DIRECTORY THAT BUILDMASTER IS TRYING TO DELETE

    And it keeps doing that even after the build directory is manually deleted.

    Apparently this is due to the Microsoft Crash Reporting Program crashing while reporting crashes in the Microsoft Crash Reporting Program?



  • @ben_lubar Apparently nobody's ever reported any problem with vctip to Microsoft before?


  • Winner of the 2016 Presidential Election

    @Bulb said in WTF Bites:

    @ben_lubar said in WTF Bites:

    If you transmit the hash of the password and use that to log into the account on the server, the hash is the password

    Not if you properly send nonce to hash it with (and the nonce is actually a nonce, i.e. used only once).

    … then it needs a pair of commutative hash functions, which I once even tried to look for, but don't remember getting much useful result. It should be possible to make such thing with exponentiation, but the standard HTTP digest authentication methods don't seem to support it.

    @JBert said in WTF Bites:

    @Bulb said in WTF Bites:

    Not if you properly send nonce to hash it with (and the nonce is actually a nonce, i.e. used only once).

    Now you have a different problem: on the server you need the data (i.e. the plain-text password) to also check the hash, so now you need to store passwords with a reversible encryption rather than salted hashing.

    Eh? Commutation and reversibility aren't needed as both sides can follow the same pattern: hash(hash(password+salt)+nonce)*. The server should have hash(password+salt) stored instead of the password itself, of course, and the client should know, be able to figure out, or be told the salt.


    *: It may be a little bit more complex than that, but that's the gist.


  • Winner of the 2016 Presidential Election

    @Bulb said in WTF Bites:

    Not if you have the pair of commutative hashes.
    If you have pair of hashes, h and g, such that h(g(x)) == g(h(x)), then you can ask the client to send you g(x), store h(x) and compare.

    I doubt this will happen intentionally since what you want is basically a cryptographic hash algorithm with predictable collisions.


  • :belt_onion:

    @RaceProUK said in WTF Bites:

    @sloosecannon said in WTF Bites:

    @Tsaukpaetra said in WTF Bites:

    @LB_ said in WTF Bites:

    infinitely refreshing logout page.

    Perhaps they took a page out of Microsoft's book...

    No, nonononono. Microsoft's pages infinitely redirect, not refresh...

    No, nonononono. Microsoft's pages redirect to a page that tells you what you're looking for has been moved, and gives you a link that doesn't take you to the right place.

    That's fair. I should have :pendant:ly clairified Microsoft's login pages :P



  • @Dreikin said in WTF Bites:

    Eh? Commutation and reversibility aren't needed as both sides can follow the same pattern: hash(hash(password+salt)+nonce)*. The server should have hash(password+salt) stored instead of the password itself, of course, and the client should know, be able to figure out, or be told the salt.


    *: It may be a little bit more complex than that, but that's the gist.

    If hash(password+salt) is what the client sends to the server, then it is effectively the password, and neither the salt nor the nonce are helping the situation.

    The client needs to hash the password plus the nonce in order to gain any benefit from the nonce. And it has to be a different nonce each time, so that the password hash that it sends will be different every time.


  • Winner of the 2016 Presidential Election

    @anotherusername said in WTF Bites:

    @Dreikin said in WTF Bites:

    Eh? Commutation and reversibility aren't needed as both sides can follow the same pattern: hash(hash(password+salt)+nonce)*. The server should have hash(password+salt) stored instead of the password itself, of course, and the client should know, be able to figure out, or be told the salt.


    *: It may be a little bit more complex than that, but that's the gist.

    If hash(password+salt) is what the client sends to the server, then it is effectively the password, and neither the salt nor the nonce are helping the situation.

    The client needs to hash the password plus the nonce in order to gain any benefit from the nonce. And it has to be a different nonce each time, so that the password hash that it sends will be different every time.

    That's what I said. Unless you're thinking about password creation, in which case the nonce isn't needed because it should only be done one time for each password anyway. Over an encrypted connection on a trusted system. And if you really need something that works in a nonce-like fashion for that, use Diffie–Hellman key exchange or something the performs a similar function.



  • @Dreikin said in WTF Bites:

    Eh? Commutation and reversibility aren't needed as both sides can follow the same pattern: hash(hash(password+salt)+nonce)*. The server should have hash(password+salt) stored instead of the password itself, of course, and the client should know, be able to figure out, or be told the salt.

    That is how digest HTTP authentication scheme works, but it means that hash(password + salt) is sufficient to log in (if you appropriately tweak the client). With commutation, the client actually needs the original password.

    @Dreikin said in WTF Bites:

    I doubt this will happen intentionally since what you want is basically a cryptographic hash algorithm with predictable collisions.

    Is it? How does it allow to find x and y such that x != y, but h(g(x)) == h(g(y))?


  • ♿ (Parody)

    @ben_lubar said in WTF Bites:

    @ben_lubar Apparently nobody's ever reported any problem with vctip to Microsoft before?

    They did, but then MS reorganized the site and they were lost forever.


  • Winner of the 2016 Presidential Election

    @Bulb said in WTF Bites:

    @Dreikin said in WTF Bites:

    Eh? Commutation and reversibility aren't needed as both sides can follow the same pattern: hash(hash(password+salt)+nonce)*. The server should have hash(password+salt) stored instead of the password itself, of course, and the client should know, be able to figure out, or be told the salt.

    That is how digest HTTP authentication scheme works, but it means that hash(password + salt) is sufficient to log in (if you appropriately tweak the client). With commutation, the client actually needs the original password.

    I might have lost the thread here. I thought we were talking about protecting against mitm replay attacks?

    @Dreikin said in WTF Bites:

    I doubt this will happen intentionally since what you want is basically a cryptographic hash algorithm with predictable collisions.

    Is it? How does it allow to find x and y such that x != y, but h(g(x)) == h(g(y))?

    Depends on the exact algorithm. But the ability to find identical haha with different inputs, as your abstract algorithm requires, is the definition of a collision. And to be useful there it has to be predictable.


Log in to reply