"digital signature" security
Ok, I'm having a bit of a disagreement with my boss on this. He wants to, at some unspecified point in the future, set up a certain form so that the form can be digitally "signed" by the appropriate people, without a hard copy having to be made. Aside from the issues of having good backups made, my problem is this: the digital "signature" consists of the lanID (first and middle initials and last name) and password of the users, not a real "signature" using crypto keys. The passwords are windows 2000. This struck me as being very insecure, but I didn't know the specifics of why this was a bad idea. Can anyone help me out with this arguement? Some easy/obvious ways that the system could be compromised? I already mentioned the possibility of a disgruntled administrator obtaining other passwords, and he ignored it. I need more ammo if the subject comes up again. Thanks for any input.
My hobby: collecting US coins
July 10th, 2003, 03:04 PM
Asynchronous cryptography (PK) is very secure (if you are using a key long enough). But what you described is a synchronous algorithm (only one key for signing and verifying, always the same key). Their security in general is at least questionable.
In this special case, you are using a key that starts with a predictable part. Because anyone knowing the full name of a person can construct it.
This alone does not make a big problem yet.
But you also know the key length. How ? You take a correctly signed document and test your partly known key against it. Add one bit more space in your repeat pattern on each iteration and once you see the signatures match in regular intervals, you have the length).
Now, coming to the windows passwords that form the rest of the key, things get really bad:
- you now know the length of the personīs password. If it is 3 to 5, you can probably guess it. And best of all: You wonīt trigger an alert on the domain controller or somethign because you donīt need to log in to test your guessed passwords. Instead you build the full signature string with it and see if your pre-signed document matches.
- even worse: you can write a program that tests all possible windows passwords with that length and after some minutes or hours youīll know it too. Again without anyone knowing.
- worst of all: Not only the signature is easily cracked but they expose your windows passwords too!
Is this enough arguments?
Last edited by M.Hirsch; July 10th, 2003 at 03:09 PM.
July 10th, 2003, 03:14 PM
That pretty much follows my own thinking. However, for my own edification, could you explain
I'm not sure I follow what you're saying. Thanks for your help
July 10th, 2003, 03:25 PM
If you had only the length of the password, you would have to try to login to your companyīs network to find out the right one. Usually after 3-5 false tries you are locked out and the administrator is notified.
What I posted was not 100% right and a little misleading, I had too much encryption/decryption on my mind.
You donīt get the password length this way because the signing process does not reveal this so easily.
Nevermind, you would do it this way (a-z, A-Z, 0-9):
- take the part of the signature that you know
- add "a" to the end
- sign the document and compare the signatures
- replace the "a" with a "b"
- sign the document and compare the signatures
- replace the "9" with a "aa"
- ... repeat until you got the whole signature right.
A program doing that should not take longer than a few hours depending on the passwordīs length.
You can speed up this a lot using a dictionary file and some neat algorithms.
If you have no success, you would have to look up which characters are allowed in windows passwords and iterate them all.
Still, after a few days you will have the full signature and thus the windows password too.
July 10th, 2003, 09:30 PM
This method requires having a signed form to compare against. For my specific case, wouldn't it be just as easy to get the windows password hashes and crack them w/ l0phtcrack or similar? The signature method has not yet been implemented. Your method is more general (and useful), but wouldn't this also work for my scenario?
July 11th, 2003, 10:24 AM
Yes, l0phtcrack is probably much more effective. But you need the hashes first. A pro would not brute force a-z, but ask John for help. I wonīt give more details about this though. Too much potential for misuse, I hope you understand.
1) that once you have a hash, itīs only a matter of time till you cracked it. For strong encryption algorithms maybe much more than a lifetime, for weak algorithms probably only minutes.
2) If you have a signed document from this person, you have their windows password too.
3) to get a signed document from a person should not be hard. Try it. Make your colleague next door sign a piece of paper that says they agree on less work for more money. Do you think this person would also have signed it digitally if they received your letter via email? I think the probability is even higher.
Another thing to consider:
For a digital signature system that makes sense, you need a way to verify that the signature below a document is valid.
To verify the personīs signature, in your case, you need their signing key. The original one. Once you have it (to verify a document), you can also sign documents in this personīs name with the same key.
One more strong argument:
Once a person changes his/her windows password, all his/her signed documents will be invalid!
Same if someone gets married and their family name changes.
Last edited by M.Hirsch; July 11th, 2003 at 10:26 AM.
July 11th, 2003, 11:02 AM
Afraid I don't get that, but I'm curious. Don't suppose you could pm me a link or something that might help shed some light? My interest in crypto is relatively recent, so I'm still trying to get up to speed.
I don't think anyone has considered this at all, yet they insist that this scheme complies w/ gov't regulations!?!
Great point, hadn't thought of that at all.
Thanks a lot for all your help. Not only might it keep the company from being foolish, you're helping me learn as well
PS- From what do you get your interest/knowlege of crypto? Is it just a hobby/natural outgrowth of other computer related interests or is it part of your job? Just wondering
My hobby: collecting US coins
July 11th, 2003, 11:48 AM
LOL... Which countryīs government? Maybe some pacific island that has no laws about cryptography?
On the other hand: Of course it could comply with some govīt regulations... and with some others not...
I donīt really know that much about it. But there was a time I wondered why PGP cannot be cracked even though you *do* know how the encryption works. There is a great article on their homepage. First I did not even understand half of it. Some years later I read it again and nearly everything was clear. I just needed the mathematical background I got from school about statistics and polynoms.
Cryptography is a "sub-science" of mathematics. Itīs not necessarily related to programming or hiding data from others.
If you are interested in this, I do have some links. Iīll post them on request.
Last edited by M.Hirsch; July 11th, 2003 at 11:55 AM.
July 11th, 2003, 01:00 PM
Links would be appreciated, esp if they have anything about the math behind public key. I understand the concept, but I'd like to find out how they actually implement it.
July 12th, 2003, 06:47 AM
Thinking about it again, I donīt want to go through all my backups just to dig up old links that first probably 404 today and second could contain outdated information.
I did a quick search on google for "rsa public key maths", this revealed 100s of interesting looking documents. I think you better look there.
The pgp documents I was talking about earlier are here:
July 12th, 2003, 12:23 PM
July 14th, 2003, 07:05 AM
Thanks for the links and search idea guys. I've read Schneier's newer book, and Applied Cryptography was next on my list. The Code Book looks good too.