Think You’re More Secure than Instagram? A Cyber Security Q&A with Dyadic Chief Scientist Yehuda Lindell

Featured article by Dr. Yehuda Lindell, Dyadic Security Co-founder

An independent security researcher was recently able to infiltrate Instagram’s servers and gain access to essentially every secret key and server. The level of access he was able to achieve in a short amount of time is shocking: once he gained access to the company’s SSL certificates, private keys and administrator credentials, everything was open to him. He was able to access company assets, such as source code and internal emails, as well as private customer data, including personal details, login credentials and images.

A malicious hacker could have used this access to steal data, spoof the company’s iOS and Android apps to distribute malware, run man-in-the-middle attacks, impersonate the company’s users and employees, impersonate the company’s website and virtually any other form of attack. It is not an exaggeration to say that the discovered vulnerabilities had the potential to cripple Instagram, had they been exploited by someone less scrupulous than an honest security researcher.

The researcher was able to accomplish what he did due to a series of weaknesses he discovered and exploited.

We sat down with Dr. Yehuda Lindell, Dyadic Security Co-founder and Chief Scientist, to focus on two of those vulnerabilities, because they are ones that can be found in nearly every company today: accessibility of secret encryption keys and the use of password hashing to protect stored passwords.

According to Dr. Lindell, accessibility of secret encryption keys and the use of keyless password hashing to store passwords are two widely-found security vulnerabilities that have the potential to cripple companies if exploited by malicious hackers. The Instagram case is a perfect example of how these vulnerabilities can be exploited by a knowledgeable individual.

What are the challenges organizations, and Instagram in particular, face with regard to accessibility of secret encryption keys?

Secret encryption keys are truly the keys to an enterprise’s IT kingdom. Good cryptography exists and it works well, but the entire basis of cryptographic protections relies on the secrecy of the encryption keys they use. So, while cryptographic solutions provide an excellent line of defense against outside attacks, the weak link is the fact that the keys must be stored within the organization to be used.

The keys are typically hard-coded inside code, stored in a database or maintained in files on an app server. Wherever they are stored, trusted insiders – or outside hackers who manage to infiltrate servers where the keys are stored – can abuse those keys to access nearly every private and sensitive asset within the company’s IT realm. The Instagram case is a perfect example of this.

What are some more secure ways to protect encryption keys?

One approach used by some organizations is to use a hardware-based security module that maintains the keys and performs the operations. This approach is highly secure, but also very expensive to implement, difficult to maintain and doesn’t work well with modern virtualized environments.

A better solution is one in which the organization’s secret keys are never stored anywhere, at any time, making it impossible for any malicious insider or outside hacker to ever gain access to them. This is accomplished by randomly splitting the organization’s secret keys and credentials across two or more servers and then performing all cryptographic operations without ever bringing the secret key parts together. With this approach, attackers would need to simultaneously control multiple servers in order to learn anything, and this is made difficult by using different operating systems, administrators and possibly even different physical locations. With such a solution, no single developer or administrator will ever be able to access a single secret key, thereby also mitigating the worrisome problem of insider threats. This solution is made possible by new technology called secure multiparty computation, which is based on decades of academic research.

What are your thoughts on password hashing?

Industry best practices are to never store passwords as clear text, but rather to store them hashed. The idea is to eliminate the possibility that a hacker can gain access to user account credentials and then be able to use them. It works because passwords are hashed using an irreversible function – there is no way to reverse the hash and reveal the actual password. To validate a user’s password, the same irreversible function is applied and compared to the stored result. Since the function is irreversible, even if an attacker steals the hashed passwords from a server, he won’t be able to reveal the users’ actual passwords, theoretically.

Instagram did, in fact, follow these best practices and stored their passwords after encrypting them with bcrypt, the best method of password hashing used today by companies such as Instagram. So, what went wrong?

Many IT people are unaware that, despite assumptions to the contrary, passwords hashed using bcrypt can often be quickly cracked using brute-force algorithms. A standard PC can reveal relatively-simple bcrypt-hashed passwords within seconds or minutes, and even more complex passwords within hours. With plenty of computation power, the vast majority of passwords can be cracked within hours or days.

In other words, today’s password hashing “best practices” are simply not good enough.

What advice can you offer for protect passwords in a secure manner?

The weakness in password hashing in general, and bcrypt in particular, is that hackers can discover passwords by trying many passwords from a list of commonly-used passwords. This is due to the fact that there is no long secret key used in the process. This weakness can be eliminated by encrypting the bcrypt-hashed password (or hash generated using any other method) with a strong cryptographic key, and splitting the key as above.

Here’s how it works: When a user logs in, the webserver retrieves the strongly-encrypted hashed password from the database and sends it together with the user-entered password to the servers who hold the shares of the key. These servers then use secure multiparty computation to verify whether the passwords match, without ever decrypting the ciphertext or bringing the key parts together. Thus, even if an attacker breaches the webserver, he will not be able to do anything beyond querying the matching servers to ask if a given password is correct (which he can do from home on his browser in any case).

Note that, with this approach, even weak passwords cannot be broken because they are encrypted under a strong cryptographic key. The database of encrypted and hashed passwords is useless without the key, which is protected using secure multiparty computation.

Dr. Yehuda Lindell, Dyadic Security Co-founder and Chief Scientist, is a professor of Computer Science at Bar-Ilan University in Israel. He is an expert on cryptography, has published over 90 scientific articles, and has authored one of the most widely used textbooks on the subject. He has years of industry experience in the application of cryptography to computer security.