PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Sat Aug 15, 2020 6:02 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 21 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Tue May 24, 2005 12:25 pm 
Offline
DevNet Resident
User avatar

Joined: Fri Aug 16, 2002 8:57 am
Posts: 1834
Location: Watertown, MA
So I've put off implementing "Remember Me" functionality for a long time over security concerns.

I've been using an HMAC-SHA1 based authenticator for my regular session authentication: ie a cookie with the following payload: identifier+expTime+MAC(identifier+expTime). The identifier is not predictable from either username/email/password or registration order. Thus even if someone brute forced the secret key, its roughly equally hard to traget a paticular user for impersonation and unlikely to generate a random, but existing user. expTime is normally 15-30 minutes from last access.

I've played with an automatically rotating authenticator hashing key, that retains the past key to avoid expiring active sessions when the key changes.

All in all I'm pretty happy with this system.

However, now I'm thinking about how I would implement the "Remember Me" type feature. My concerns with the these features is that you can't rotate the signing key in any meaningful way without invalidating all existing tokens. In principle you can't ever rotate the key .... this is bad as you can't constrain the window of vulnerability. While outright brute-force recovery of the secret key from HMAC-SHA1 is extremely unlikely, I don't like the open ended problem.

I know a few systems that force the once a year log-in, probably for this reason.

I've been thinking about using a per-user authenticator key in the DB, so that brute forcing any paticular user doesn't allow maseradeing as another user. The per-user authenticator key can then be rotated any time the user changes thier password (an action that should invalidate all their existing tokens).

Does anyone know of any more developed "best practices" for the long-lived "remember me" authenticators -- most web discussion focuses on the shortly lived ephemeral session authenticators...

Thanks


Top
 Profile  
 
 Post subject:
PostPosted: Tue May 24, 2005 2:30 pm 
Offline
Tutorials Group

Joined: Sun Jan 04, 2004 11:30 pm
Posts: 2692


Top
 Profile  
 
 Post subject:
PostPosted: Tue May 24, 2005 9:55 pm 
Offline
DevNet Resident
User avatar

Joined: Fri Aug 16, 2002 8:57 am
Posts: 1834
Location: Watertown, MA


Top
 Profile  
 
 Post subject:
PostPosted: Tue May 24, 2005 10:42 pm 
Offline
Tutorials Group

Joined: Sun Jan 04, 2004 11:30 pm
Posts: 2692


Top
 Profile  
 
 Post subject:
PostPosted: Wed May 25, 2005 12:16 pm 
Offline
DevNet Resident
User avatar

Joined: Fri Aug 16, 2002 8:57 am
Posts: 1834
Location: Watertown, MA


Top
 Profile  
 
 Post subject:
PostPosted: Wed May 25, 2005 5:27 pm 
Offline
DevNet Master

Joined: Thu Jan 30, 2003 9:26 pm
Posts: 2893
Location: Glasgow, Scotland
Hi nielsene - long time no see.

I'd personally be pretty relaxed about the risk of brute-forcing a private key (as long as it's a "strong" key which isn't vulnerable to dictionary attacks). When you consider other potential vulnerabilities like cookie theft, it doesn't look like the weakest link in the chain. Careful protection against cross site scripting in the rest of site would also be vital.

In case anyone else reading the thread is interested, here's a class which creates and checks signed messages:

----
edit: moved to .


Top
 Profile  
 
 Post subject:
PostPosted: Sat Jun 04, 2005 1:33 pm 
Offline
Forum Contributor

Joined: Fri Jul 09, 2004 1:23 am
Posts: 422
I think there is a middle way between remember me and security.

In a normal secured area there are certain parts that need to be more secure than others.

I inplement a remember function for the less important parts like memos and the daily stuff. If someone wants to view things like bank info or other important info I would reauthenticate once per session. Changing any data will always require using the password.


The main thing mostly overlooked is an important one. Most attacks aren't issued by an intruder form outside but come from the inside. Highjacking a cookie is really rare but finding the password at the top drawer of you collegue is much more frequent. A very tight security will have the user write the password down somewhere and people can easily find it. To low security might open brute force attemps. I think this is a problem that can never be solved.


Top
 Profile  
 
 Post subject:
PostPosted: Sun Jun 05, 2005 11:41 pm 
Offline
Forum Newbie

Joined: Sun Jul 06, 2003 1:00 am
Posts: 7


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jun 06, 2005 12:19 am 
Offline
DevNet Master

Joined: Thu Jan 30, 2003 9:26 pm
Posts: 2893
Location: Glasgow, Scotland


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jun 06, 2005 12:31 am 
Offline
Forum Newbie

Joined: Sun Jul 06, 2003 1:00 am
Posts: 7


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jun 06, 2005 3:23 pm 
Offline
DevNet Master

Joined: Thu Jan 30, 2003 9:26 pm
Posts: 2893
Location: Glasgow, Scotland


Top
 Profile  
 
 Post subject:
PostPosted: Mon Jun 06, 2005 3:27 pm 
Offline
Site Admin
User avatar

Joined: Tue Dec 23, 2003 3:10 am
Posts: 11470
Location: Toronto


Top
 Profile  
 
 Post subject:
PostPosted: Fri Jun 10, 2005 11:57 am 
Offline
DevNet Master
User avatar

Joined: Mon Oct 25, 2004 9:29 pm
Posts: 3698
Location: New Jersey, US
See, I think that's a pretty draconic approach. I salt the password, and then rotate salts every month so they must re-validate when a new month rolls around. Other than that, if they have a valid cookie, they're logged in.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Jun 15, 2005 11:15 am 
Offline
Forum Contributor

Joined: Wed Mar 12, 2003 1:52 pm
Posts: 198
Location: IL
Which is a better way to store the identifier data in a "Remember Me" cookie, and why?

A) identifier+expTime+MAC(identifier+expTime)
B) 2-Way encryption(identifier)


Top
 Profile  
 
 Post subject:
PostPosted: Wed Jun 15, 2005 3:49 pm 
Offline
Site Admin
User avatar

Joined: Tue Dec 23, 2003 3:10 am
Posts: 11470
Location: Toronto


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 21 posts ]  Go to page 1, 2  Next

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group