Heartbleed - Major Internet security flaw

Snarky · Thu 10/04/2014 18:13:52

By now, most of you have probably heard of Heartbleed, the bug in the OpenSSL implementation of SSL/TLS encryption (which is the basis for HTPPS and pretty much all secure internet communication), which means that a lot of the passwords to major internet sites have been vulnerable to undetectable hacking for the last two years:

http://heartbleed.com/
http://www.cnet.com/news/how-to-protect-yourself-from-the-heartbleed-bug/

Taking appropriate countermeasures and future precautions is essential. Security experts recommend changing ALL your passwords (though not necessarily right away, as some sites may not have been patched yet). More details in the CNET link.

As far as I can tell, the AGS forums shouldn't be affected, for the simple reason that passwords have never been encrypted with SSL in the first place when sent to the server. That could means that (like many other forums' account info) it wasn't particularly secure in the first place (though it is encrypted in some other way before sending, and stored in encrypted form in the database). That's an important reminder that reusing passwords across different sites exposes ALL of them if ANY of the sites have a security hole.

The best way to stay safe is to never use the same password across multiple sites, and to pick long, random passwords. Of course, that makes it completely impossible to remember your passwords, so you should use a password manager like KeePass, Lastpass or 1Password (or one of many other alternatives).

I switched to Lastpass from my own super-seekrit method of generating new passwords from a common template about a month ago, and feel a lot less vulnerable now.

Anyway, start preparing to change your passwords!

Andail · Thu 10/04/2014 18:35:00

Good heads up, thanks!

bicilotti · Thu 10/04/2014 20:24:10

Great post, the more people are aware, the better. Thank you!

miguel · Fri 11/04/2014 10:36:55

Thank you

Radiant · Fri 11/04/2014 11:43:19

If you're going to make new passwords, this is good advice:

Snarky · Fri 11/04/2014 12:56:42

While that works in theory, I think it's bad advice in practice, because people aren't really going to pick words at random (it's actually kind of hard for people to pick a properly random word: and even the semi-random version of flipping to a "random" word in the dictionary is difficult if you don't have a printed one), but more likely something like "these truths self evident" or "play it again sam", which are totally easy to guess.

And if you really do pick words at random, chances are you won't get something that makes for a cute mental image, but some ungrammatical nonsense with words you don't know and can barely spell. I just went to www.wordgenerator.net, and it gave me "unpitious umbelliferone ackee novatian" and "theocristic finance teind gelatinization". Which, wtf?

I know the comic says random common words, but how do you pick a common word at random? The best I can think of is to pick words at random out of a book. Using this process on a book "off the shelf" â€" and rejecting pronouns, articles, etc. â€" generated "congress meeting gawk fear" and "history uniting madmen vindication", which I suppose is a little better but still easy to misremember. (Edit: You can try an "xkcd-style password generator" here and judge the memorability for yourself: http://preshing.com/20110811/xkcd-password-generator/)

If you're going to pick a human-memorable password, I think you're better off going with the initial letters of some mnemonic phrase (that you make up yourself; don't use a famous song, poem, Bible quote or speech), e.g. "My game was nominated for seven AGS awards, and all I got was the lousy respect of my peers": Mgwnf7Aa,&aIgwtlromp.

In any case, the most important point is still that sharing one password across multiple sites and services is very bad practice; it probably makes even a strong password just as insecure as a weak one. But since you can't remember that many different ones no matter which strategy you use to pick them (I have more than 200 Internet accounts that require passwords), a password manager is really the only sane solution.

Radiant · Fri 11/04/2014 13:36:58

That's because you're misunderstanding the advice. It explicitly says so pick common words, and not a sentence. Doing so gives you substantially more entropy than Mgwnf7Aa,&aIgwtlromp does (and precisely as the comic indicates, in the latter case you'll eventually forget which letters were capitalized and where the comma goes). I'm well aware that it's counterintuitive.

Darth Mandarb · Fri 11/04/2014 13:47:21

For my "important" sites (probably about 30 or so) I have a unique password for each.

For less important sites (probably about 100 or so, which don't link back to anything important) I use the same password combinations (which are still very strong).

The strongest password (and the one I change most frequently (about once a month)) is my main email address because this is what the other 29 "important" sites link back to. However, the other 29 sites don't use just my email address they use an "aliased" version of my email address. So for instance; myemailaddress+whatever@addy.com or my.email.address@addy.com. This helps in case somebody does get in my email then they can't just (easily) go to my bank account and request a password change (these aliases also help if/when I start getting spam I can tell exactly who sold my email address and call 'em out on it).

I have my own little algorithm that I created for generating my passwords and I'd wager it's pretty "hack" resistant (nothing is hack proof). I'm not, obviously, going to reveal my algorithm (duh!) but it isn't very complicated to remember and makes it damn near impossible to crack my passwords. I used it on a password entropy site (not revealing one of my actual passwords) and it estimated it would take 16 Quintilian years to crack (don't know how accurate that site was but still).

Babar · Fri 11/04/2014 14:02:54

Quote from: Radiant on Fri 11/04/2014 11:43:19
If you're going to make new passwords, this is good advice

Problem there is that most passwords have idiotic requirements that force them to be totally unmemorable: Must contain number and letter, must have uppercase AND lowercase numbers, must not have repeated or sequence of numbers etc.

Snarky · Fri 11/04/2014 15:35:56

Quote from: Radiant on Fri 11/04/2014 13:36:58
That's because you're misunderstanding the advice. It explicitly says so pick common words, and not a sentence.

I already mentioned the "common" part, and it does NOT explicitly say not a sentence. And as I've already argued, the reason it's bad advice is that the premises by which it generates (relatively) good passwords are fairly subtle, and not recognizable from the end result. Therefore, lots of people who take the advice are going to do it wrong. (The other problem, as Babar points out, is that many password fields are not going to accept passwords of this form.)

QuoteDoing so gives you substantially more entropy than Mgwnf7Aa,&aIgwtlromp does (and precisely as the comic indicates, in the latter case you'll eventually forget which letters were capitalized and where the comma goes). I'm well aware that it's counterintuitive.

It does not. The entropy of the first letters of English words is about 4 bits, and there is only very minor correlation between successive letters, so my password example has about 80 bits of entropy; and that's not even counting capitalization, numbers and symbols. And the whole point is that as long as you remember the phrase, there's no danger of forgetting capitalization and punctuation, because you're not just substituting at random. (To get more variety in capitalization, people so inclined can adopt the German rule of capitalizing all nouns.)

I really don't think xkcd-style passwords are more memorable. In particular, it's easy to forget the order of the words, since if randomly chosen and "not a sentence", it's completely arbitrary. Was my password "sort trouble former putting" or "sort former putting trouble"?

cat · Fri 11/04/2014 20:35:38

When picking a complex password and putting it in a password store, you can also use GUIDs.

Also nice explanation:

selmiak · Fri 11/04/2014 20:57:09

This is REALLY bad.

QuoteThe cryptography expert Bruce Schneier, who has been writing about computer security for more than fifteen years, is not given to panic or hyperbole. So when he writes, of the â€œcatastrophic bugâ€ known as Heartbleed, â€œOn the scale of 1 to 10, this is an 11,â€ it's safe to conclude that the Internet has a serious problem.

article
They also blame the memory management of C for this, which is probably true.

Ryan Timothy B · Fri 11/04/2014 23:22:15

Is it a good idea for them to broadcast to the world how a bug in the code works before they fix it?

Edit: I also have no idea how encryption works in the first place. It's like how does the banking website know what encryption I'm using without actually sending it to me? If it doesn't send the encryption I should be using, then I'm sending it to them. If the key is being passed back and forth (even just once), how is that encrypted?

Snarky · Sat 12/04/2014 00:46:25

They fixed the bug in OpenSSL before they announced it, but they need the websites to actually update the servers for the fix to take effect, so they have to tell them about it. (This isn't the kind of thing where you can push out an update.)

TLS/SSL, like most modern security protocols, works on the principle of public-key cryptography, or asymmetric encryption. The basic idea is that you have two keys that come paired together: a private key which you keep secret, and a public key which you share with the world. In fact, websites register their public keys with a certificate authority, who guarantee that a certain public key belongs to a certain website. For interesting mathematical reasons that have to do with it being much much easier to multiply two numbers together than to figure out from the result which numbers you multiplied (i.e. prime factorization), a message encrypted with the public key can only be decrypted by the private key and vice versa. (You also can't easily figure out the private key from just the public key.)

So if you want to send a message to some particular party, you just get their public key, encrypt your message with that, and send it. Only someone who has the private key (i.e. the intended recipient) can read it. When you connect to your bank over TLS/SSL, your computer makes up a secret code to use to encrypt all future messages for this session, encrypts it with the bank's public key, and sends it. The bank decrypts it with its private key, and now you have a "shared secret" that only the two of you know, which lets you send messages securely in both directions. All this happens as the login page loads (when that little padlock appears in the browser bar), before you send your password.

selmiak · Sat 12/04/2014 21:03:12

eff article about probable use of the exploit

straydogstrut · Sat 12/04/2014 22:44:35

Coming up with passwords is a pain.

In the past I've been guilty of being a bit lazy with my password choices, using favourite words and so on. I now use a password manager (1Password) but it's only since the announcement about Heartbleed that I've started using the strong password generation feature so I at least feel a bit safer. As I use apps for most social networks and can alternatively log in via 1Password itself, only having to remember the master password is a plus.

I think it's prudent to update our passwords in light of this, but not all at once since, as was said, it's useless if the websites haven't yet updated themselves. I'm at least taking a look at the certificates now and trying to educate my family about this (thanks for being considerate and posting about it here too). I'm trying not to panic my family too much when I tell them they've been at risk for at least two years.. $:-\$

selmiak · Tue 15/04/2014 19:32:31

I just had a terrible thought that I hate to think and would like some of your thoughts on this.
Just imagine you connect to an important site via TOR because you are a whistleblower or the like and have to securely log in. Of course you send your passwords and other identification stuff via SSL to the page you want to access and your passwords are transferred encrypted and you can log in. And in your TOR exit node sits the NSA and heartbeatly handshakes with the server and reads out the server's memory after you just logged in. And continues reading the server's RAM for the whole session length. *insert random bad 4 letter word here*

selmiak · Thu 17/04/2014 21:44:47

Is there noone even a little bit disgusted? Or are you so far that you don't care anymore? This make me so fucking angry I can't describe!

qptain Nemo · Thu 17/04/2014 22:09:16

The possible implications for TOR are indeed extremely unpleasant.

Though I remember reading in Snowden's leaks about sophisticated techniques NSA employed to compromise TOR. If they knew about this, they'd probably just use that instead. So there's some hope they didn't I suppose.

selmiak · Thu 17/04/2014 22:51:45

And now I'm just wondering if Snowden stopped the 3rd world war by damaging the credibility of whatever the us gov says... leave ukraine alone and let them decide! Let the people decide if they want nazis supported by the west or russia or some cool independent inbetween. The people will sooner or later see what they want and I so hope it's not the first!
not that thw russian gov is any more reliable in times like these but they are closer to it...

Heartbleed - Major Internet security flaw

bicilotti