Sc00bz’s 2017 Entries: Circumventing Slow Password Storage, and Targeted Backdoor Delivery


Sc00bz sent in two entries to the 2017 Underhanded Crypto Contest.

First Entry

Sc00bz’s first entry (inspired by one of Adam Caudill’s tweets) is a password storage library that appears to use bcrypt, a slow password hashing function. However, instead of generating the salt randomly, it uses a hash of the user ID and password:

// Generate salt
$salt = substr(hash_hmac('sha256', $userId, $password, true), 0, 16);
// Convert to bcrypt salt
$salt = strtr(base64_encode($salt), 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/', './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789');
// bcrypt
$hash = crypt($password, '$2y$08$' . $salt);

An attacker wanting to crack one of these hashes can ignore the bcrypt part entirely, and just use the salt to quickly check their guesses for the password, much faster than they would have been able to if they had to compute the bcrypt function for each guess.

You can find the entire submission on the archive.

Second Entry

Sc00bz’s second entry is an idea for keeping a backdoor secret by delivering it only to select targeted users:

The idea is to add a web client to an end-to-end encrypted application. This will go far under the radar because Telegram, Threema, Viber, WhatsApp, and Wire already have one. Also Google Allo will have one soon. With a web client you can selectively send bad JS to specific IPs or geographical regions. The bad JS can be as obvious as you want because there is little chance that someone will view it. That is assuming you are not targeting a large amount of people. Also the server can tell your browser not to cached it. So that when you go to view the JS source the server sends you the legit JS version. You can also check the browser’s user agent and implement a loader that loads other JS files with random names. If it’s been longer than 1 second or a JS cookie isn’t set return the legit JS version.

You can find the entire submission on the archive.

Recent Posts