How this works (from memory) Problem: -Client has a single pair of (username, password) that it wants to check if it was leaked. -Server has a huge database of leaked (username, password).https://twitter.com/laparisa/status/1179434811582058496 …
-
Prikaži ovu nit
-
Security/privacy requirements: - Server cannot learn the client's password - Server cannot distinguish between the client's username and k-1 others, i.e., k-anonymity
1 reply 0 proslijeđenih tweetova 5 korisnika označava da im se sviđaPrikaži ovu nit -
To check a single password: 1. Client computes a k-bit hash of username, denote U 2. Client computes P = r * H(password), where r is a random scalar, and H(password) hashes the password to a point on NIST P-256 3. Client sends (U, P)
1 reply 0 proslijeđenih tweetova 5 korisnika označava da im se sviđaPrikaži ovu nit -
4. The server uses U to look up corresponding leaked passwords 5. The server generates a random scalar n. For each password_i, the server computes Q_i = n * H(password_i) 6. The server sends (n * P, Q_1, Q_2, ...)
1 reply 0 proslijeđenih tweetova 6 korisnika označava da im se sviđaPrikaži ovu nit -
7. The client unblinds the password by computing n * P * 1/r to retrieve n * H(password) 8. The client checks if n * H(password) is one of Q_i. If so, the password was leaked
1 reply 0 proslijeđenih tweetova 6 korisnika označava da im se sviđaPrikaži ovu nit -
Analysis - Because the server only learns r * H(password), it cannot brute force for the password - Because the server only learns k- bit of hash of username, it cannot distinguish between the client's username and k-1 others If you found any issues, please drop me a message.
0 proslijeđenih tweetova 6 korisnika označava da im se sviđaPrikaži ovu nit -
https://github.com/chromium/chromium/tree/dfad65d777c84f89249699cac458bb4f2bb1c5fe/components/password_manager/core/browser/leak_detection … is the client-side implementation on Chrome, h/t
@julianor1 reply 0 proslijeđenih tweetova 7 korisnika označava da im se sviđaPrikaži ovu nit
and of course, because Google, here's an ad: if you want to work on similar problems, please send me your resume at thaidn@google.com
-
-
Odgovor korisniku/ci @XorNinja
Thanks for the explanation. Chromium does scrypt(username+password) do you know if an open source implementation of the server side code is available? from your description H could be random for the same purpose?
0 replies 0 proslijeđenih tweetova 0 korisnika označava da im se sviđaHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
& fix their weak passwords: