1 00:00:12,639 --> 00:00:18,160 welcome back to our last talk of the day 2 00:00:15,599 --> 00:00:19,920 another person joining us all the way 3 00:00:18,160 --> 00:00:21,840 from germany 4 00:00:19,920 --> 00:00:23,519 uh marcus 5 00:00:21,840 --> 00:00:26,080 marcus works as 6 00:00:23,519 --> 00:00:29,039 marcus works as the team lead and staff 7 00:00:26,080 --> 00:00:31,840 engineer at microbiolytics he became a 8 00:00:29,039 --> 00:00:34,239 django core contributor in early 2015 9 00:00:31,840 --> 00:00:36,320 and served as a member of the django 10 00:00:34,239 --> 00:00:37,360 technical board for the 3.x release 11 00:00:36,320 --> 00:00:38,800 series 12 00:00:37,360 --> 00:00:41,040 marcus is a member of the django 13 00:00:38,800 --> 00:00:44,960 security and operations team as well as 14 00:00:41,040 --> 00:00:46,960 organizer of djangocon conferences 15 00:00:44,960 --> 00:00:47,760 good morning everybody thanks for having 16 00:00:46,960 --> 00:00:50,160 me 17 00:00:47,760 --> 00:00:52,079 and well it's still early so i figured 18 00:00:50,160 --> 00:00:53,440 i'll do a bit of a pre-recording so you 19 00:00:52,079 --> 00:00:58,680 can enjoy 20 00:00:53,440 --> 00:00:58,680 my past self now thank you 21 00:01:05,439 --> 00:01:09,920 hello and welcome to my talk on 22 00:01:07,680 --> 00:01:12,799 authentication and identification 23 00:01:09,920 --> 00:01:14,720 processes 24 00:01:12,799 --> 00:01:17,200 some of you may know me from my 25 00:01:14,720 --> 00:01:19,759 engagement in the django project 26 00:01:17,200 --> 00:01:22,479 historically i've primarily contributed 27 00:01:19,759 --> 00:01:25,439 to django's migration system 28 00:01:22,479 --> 00:01:28,640 over time my focus shifted to organizing 29 00:01:25,439 --> 00:01:30,079 some djangocons in europe and australia 30 00:01:28,640 --> 00:01:33,680 as well as being a member of its 31 00:01:30,079 --> 00:01:33,680 operations and security teams 32 00:01:33,759 --> 00:01:37,560 in my day job 33 00:01:35,119 --> 00:01:40,240 i'm a staff engineer and team lead at 34 00:01:37,560 --> 00:01:43,360 microbiologics and responsible for our 35 00:01:40,240 --> 00:01:46,000 cloud infrastructure and software 36 00:01:43,360 --> 00:01:48,880 at microbiologics we build hardware and 37 00:01:46,000 --> 00:01:51,360 software to analyze chemical liquids 38 00:01:48,880 --> 00:01:53,759 and try to revolutionize and modernize 39 00:01:51,360 --> 00:01:56,479 the industry in the context of industry 40 00:01:53,759 --> 00:01:56,479 4.0 41 00:01:56,560 --> 00:02:00,880 we are also hiring within europe for 42 00:01:59,119 --> 00:02:02,560 python django 43 00:02:00,880 --> 00:02:04,799 csharp.net 44 00:02:02,560 --> 00:02:09,240 and typescript angular 45 00:02:04,799 --> 00:02:09,240 as well as numerous other positions 46 00:02:10,720 --> 00:02:15,120 when we talk about identification and 47 00:02:13,200 --> 00:02:17,440 authentication systems 48 00:02:15,120 --> 00:02:19,040 in the world of computers and our 49 00:02:17,440 --> 00:02:21,360 society 50 00:02:19,040 --> 00:02:25,440 we also have to look at what was there 51 00:02:21,360 --> 00:02:28,720 in the centuries in millennia before 52 00:02:25,440 --> 00:02:31,360 for thousands of years people needed to 53 00:02:28,720 --> 00:02:33,599 identify themselves towards others 54 00:02:31,360 --> 00:02:35,680 be it to show they are from the same or 55 00:02:33,599 --> 00:02:37,519 a befriended tribe 56 00:02:35,680 --> 00:02:40,080 be it that they had a certain status 57 00:02:37,519 --> 00:02:41,440 within a tribe 58 00:02:40,080 --> 00:02:43,280 or be it that they hold a certain 59 00:02:41,440 --> 00:02:46,319 profession 60 00:02:43,280 --> 00:02:48,480 as you can imagine over the years humans 61 00:02:46,319 --> 00:02:51,200 came up with all kinds of ways to 62 00:02:48,480 --> 00:02:55,360 accomplish that 63 00:02:51,200 --> 00:02:59,680 it all started about 100 000 years ago 64 00:02:55,360 --> 00:03:05,159 in south africa algeria and israel 65 00:02:59,680 --> 00:03:05,159 people used beets and shells as jewelry 66 00:03:06,319 --> 00:03:11,360 ash cool or the skull cave 67 00:03:09,040 --> 00:03:14,159 is a prehistoric cave site 68 00:03:11,360 --> 00:03:17,120 about 20 kilometers south of the city of 69 00:03:14,159 --> 00:03:19,599 haifa israel and about three kilometers 70 00:03:17,120 --> 00:03:21,920 from the mediterranean sea 71 00:03:19,599 --> 00:03:22,879 the shells that archaeologists found 72 00:03:21,920 --> 00:03:26,640 there 73 00:03:22,879 --> 00:03:30,000 date back 75 000 years 74 00:03:26,640 --> 00:03:33,200 each shell found at escuel 75 00:03:30,000 --> 00:03:35,400 had a hole on the back most likely made 76 00:03:33,200 --> 00:03:37,599 by humans 77 00:03:35,400 --> 00:03:39,280 archaeologists believe that they 78 00:03:37,599 --> 00:03:41,760 indicate social 79 00:03:39,280 --> 00:03:44,080 a martial status 80 00:03:41,760 --> 00:03:46,640 but there is more to that 81 00:03:44,080 --> 00:03:48,640 this finding shows that cultures and 82 00:03:46,640 --> 00:03:53,040 societies exist 83 00:03:48,640 --> 00:03:53,040 for much much longer than expected 84 00:03:54,000 --> 00:04:00,000 when we travel ahead in time and get to 85 00:03:56,560 --> 00:04:04,000 the yield 3800 bc 86 00:04:00,000 --> 00:04:06,000 we at the time of the babylonian empire 87 00:04:04,000 --> 00:04:07,760 they were the first to do something 88 00:04:06,000 --> 00:04:09,439 you're just too familiar with in 89 00:04:07,760 --> 00:04:11,760 australia 90 00:04:09,439 --> 00:04:13,920 the babylonians ran a census and 91 00:04:11,760 --> 00:04:15,200 collected its citizens personal 92 00:04:13,920 --> 00:04:18,639 information 93 00:04:15,200 --> 00:04:21,280 every six to seven years 94 00:04:18,639 --> 00:04:25,199 they did so to estimate how much food 95 00:04:21,280 --> 00:04:25,199 they needed to feed the population 96 00:04:25,759 --> 00:04:30,639 the egyptians ran seven censuses 1500 97 00:04:28,880 --> 00:04:32,560 years later 98 00:04:30,639 --> 00:04:33,919 they leveraged the numbers about their 99 00:04:32,560 --> 00:04:37,040 population 100 00:04:33,919 --> 00:04:40,800 to determine who would get how much land 101 00:04:37,040 --> 00:04:40,800 after the annual flooding of the 102 00:04:40,840 --> 00:04:46,800 nil censuses continued across various 103 00:04:44,160 --> 00:04:50,560 empires and civilizations 104 00:04:46,800 --> 00:04:54,639 the persians the greeks the romans 105 00:04:50,560 --> 00:04:54,639 all the way to where we are now 106 00:04:54,720 --> 00:04:59,199 historically people needed only to state 107 00:04:57,360 --> 00:05:00,880 their name and profession 108 00:04:59,199 --> 00:05:02,880 and possibly their parents names and 109 00:05:00,880 --> 00:05:05,919 relatives 110 00:05:02,880 --> 00:05:08,560 nowadays it either happens online using 111 00:05:05,919 --> 00:05:11,120 codes sent via paper mail 112 00:05:08,560 --> 00:05:13,440 or by statisticians going from door to 113 00:05:11,120 --> 00:05:16,160 door collecting information 114 00:05:13,440 --> 00:05:18,560 and estimating the total population of a 115 00:05:16,160 --> 00:05:18,560 country 116 00:05:20,639 --> 00:05:26,800 moving from the emea region to apec 117 00:05:23,919 --> 00:05:29,680 another form of identification has been 118 00:05:26,800 --> 00:05:32,400 common among the maori the indigenous 119 00:05:29,680 --> 00:05:34,000 people of new zealand 120 00:05:32,400 --> 00:05:36,320 in their culture 121 00:05:34,000 --> 00:05:39,840 the head is considered the most 122 00:05:36,320 --> 00:05:43,280 important part of the body 123 00:05:39,840 --> 00:05:46,800 their facial tattoos tamoko 124 00:05:43,280 --> 00:05:50,160 represent and indicate a certain status 125 00:05:46,800 --> 00:05:55,280 rank anchors tree and abilities 126 00:05:50,160 --> 00:05:55,280 it's thus unique to each individual 127 00:05:56,000 --> 00:05:59,840 the tattoos are made by using sharp bone 128 00:05:58,720 --> 00:06:03,520 chisels 129 00:05:59,840 --> 00:06:06,160 to cut the design into the skin 130 00:06:03,520 --> 00:06:08,319 suit-based pigments would then be put 131 00:06:06,160 --> 00:06:11,280 into the open wounds 132 00:06:08,319 --> 00:06:13,919 the wounds would heal over and seal in 133 00:06:11,280 --> 00:06:13,919 the design 134 00:06:15,120 --> 00:06:22,000 while the tamoko covered most parts of 135 00:06:17,759 --> 00:06:24,639 maori men's faces maori women usually 136 00:06:22,000 --> 00:06:26,880 had the tamoco only around mouth and 137 00:06:24,639 --> 00:06:30,560 nose 138 00:06:26,880 --> 00:06:35,560 they also are served a different purpose 139 00:06:30,560 --> 00:06:35,560 preventing the skin to become wrinkled 140 00:06:36,960 --> 00:06:42,720 in 1829 the british parliament started 141 00:06:40,160 --> 00:06:44,240 to place more emphasis on printed police 142 00:06:42,720 --> 00:06:45,520 records 143 00:06:44,240 --> 00:06:47,520 with that 144 00:06:45,520 --> 00:06:48,720 data could be stored in a personal 145 00:06:47,520 --> 00:06:52,240 document 146 00:06:48,720 --> 00:06:54,720 and linked back to individuals 147 00:06:52,240 --> 00:06:58,160 this is the direct predecessor to what 148 00:06:54,720 --> 00:07:03,199 we have these days to identify people 149 00:06:58,160 --> 00:07:06,800 government issued id cards and passports 150 00:07:03,199 --> 00:07:09,120 29 years later in 1858 151 00:07:06,800 --> 00:07:12,400 sir william herschel 152 00:07:09,120 --> 00:07:15,440 made a biometric breakthrough 153 00:07:12,400 --> 00:07:18,479 hexa6 successfully implemented ink 154 00:07:15,440 --> 00:07:20,479 fingerprints as manual signatures on 155 00:07:18,479 --> 00:07:22,400 wilts and deeds 156 00:07:20,479 --> 00:07:24,800 making it a means of precise 157 00:07:22,400 --> 00:07:27,520 identification 158 00:07:24,800 --> 00:07:31,280 this practice evolved into scotland 159 00:07:27,520 --> 00:07:33,599 yards fingerprint classification system 160 00:07:31,280 --> 00:07:35,120 and would later be automated by the 161 00:07:33,599 --> 00:07:39,440 japanese 162 00:07:35,120 --> 00:07:39,440 and further improved by the americans 163 00:07:40,000 --> 00:07:44,000 all these approaches have something in 164 00:07:42,240 --> 00:07:47,520 common 165 00:07:44,000 --> 00:07:49,599 they work offline and identify a person 166 00:07:47,520 --> 00:07:52,800 towards another person 167 00:07:49,599 --> 00:07:54,639 from shells over tattoos to id cards and 168 00:07:52,800 --> 00:07:57,039 fingerprints 169 00:07:54,639 --> 00:07:59,120 when you know how to read them 170 00:07:57,039 --> 00:08:03,199 you can determine information about the 171 00:07:59,120 --> 00:08:03,199 person wearing or carrying it 172 00:08:03,919 --> 00:08:08,560 but we are at an i.t conference so 173 00:08:06,479 --> 00:08:10,960 people-to-people identification is less 174 00:08:08,560 --> 00:08:12,879 of our concern today 175 00:08:10,960 --> 00:08:14,720 i mean sure 176 00:08:12,879 --> 00:08:17,039 when we're back at the face-to-face 177 00:08:14,720 --> 00:08:19,520 conference eventually 178 00:08:17,039 --> 00:08:20,960 we should be able to identify ourselves 179 00:08:19,520 --> 00:08:23,759 again 180 00:08:20,960 --> 00:08:26,720 which as far as i remember works by 181 00:08:23,759 --> 00:08:29,440 either stating one's name or by 182 00:08:26,720 --> 00:08:32,719 remembering somebody else's face and 183 00:08:29,440 --> 00:08:34,640 associating it with a name 184 00:08:32,719 --> 00:08:37,120 it's the people to machine 185 00:08:34,640 --> 00:08:38,560 machine to people and machine to machine 186 00:08:37,120 --> 00:08:40,800 identification 187 00:08:38,560 --> 00:08:43,360 that we are mostly concerned about in 188 00:08:40,800 --> 00:08:43,360 this talk 189 00:08:46,080 --> 00:08:50,480 usernames and passwords 190 00:08:48,160 --> 00:08:53,279 are the core of how we identify 191 00:08:50,480 --> 00:08:55,760 ourselves towards computers 192 00:08:53,279 --> 00:08:58,160 coincidentally passwords have a deep 193 00:08:55,760 --> 00:09:00,480 historic background as well 194 00:08:58,160 --> 00:09:02,000 back into the roman military while 195 00:09:00,480 --> 00:09:03,920 called watchwords 196 00:09:02,000 --> 00:09:06,800 they allowed a tribune 197 00:09:03,920 --> 00:09:11,200 to find which maniple under his command 198 00:09:06,800 --> 00:09:14,000 was not reporting back within due time 199 00:09:11,200 --> 00:09:16,560 variations of username and password 200 00:09:14,000 --> 00:09:19,279 include email and password or id number 201 00:09:16,560 --> 00:09:19,279 and password 202 00:09:20,080 --> 00:09:23,200 when implementing password-based 203 00:09:21,839 --> 00:09:26,320 authentication 204 00:09:23,200 --> 00:09:28,480 it's vital to ensure to never store the 205 00:09:26,320 --> 00:09:31,200 clear text password 206 00:09:28,480 --> 00:09:34,320 doing so can easily be considered 207 00:09:31,200 --> 00:09:34,320 grossly negligent 208 00:09:34,480 --> 00:09:41,600 it's also important to remember to never 209 00:09:37,120 --> 00:09:41,600 encrypt a password but to hash it 210 00:09:41,760 --> 00:09:45,600 the difference between encryption and 211 00:09:43,440 --> 00:09:48,800 hashing is vital to the 212 00:09:45,600 --> 00:09:50,560 security of a system 213 00:09:48,800 --> 00:09:53,600 an encrypted password 214 00:09:50,560 --> 00:09:56,240 can be decrypted and thus converted back 215 00:09:53,600 --> 00:09:58,080 into its clear text form 216 00:09:56,240 --> 00:10:00,320 a hashed password 217 00:09:58,080 --> 00:10:03,519 on the other hand cannot be returned 218 00:10:00,320 --> 00:10:03,519 into its clear text form 219 00:10:03,600 --> 00:10:06,560 that is 220 00:10:04,800 --> 00:10:08,160 when using modern cryptographic hash 221 00:10:06,560 --> 00:10:12,399 functions 222 00:10:08,160 --> 00:10:12,399 and also ignoring quantum computing 223 00:10:13,760 --> 00:10:19,839 historically hash functions like md4 md5 224 00:10:17,600 --> 00:10:24,079 sha1 and plainchart2 225 00:10:19,839 --> 00:10:24,079 were used to hash passwords on a server 226 00:10:24,399 --> 00:10:29,600 while secure at the time of their design 227 00:10:27,279 --> 00:10:33,440 they have shown their weaknesses and 228 00:10:29,600 --> 00:10:35,920 some are formally broken 229 00:10:33,440 --> 00:10:38,720 so called rainbow tables 230 00:10:35,920 --> 00:10:41,760 and simple brute forcing can be used to 231 00:10:38,720 --> 00:10:44,720 unhash a password 232 00:10:41,760 --> 00:10:47,680 over time a process called password 233 00:10:44,720 --> 00:10:51,519 sorting was developed 234 00:10:47,680 --> 00:10:54,160 in addition to a user supplied password 235 00:10:51,519 --> 00:10:56,480 a random string called the sold 236 00:10:54,160 --> 00:10:59,200 is added 237 00:10:56,480 --> 00:11:02,160 for security the sort must be different 238 00:10:59,200 --> 00:11:02,160 for each password 239 00:11:02,480 --> 00:11:05,519 otherwise it doesn't provide much 240 00:11:04,480 --> 00:11:10,079 benefit 241 00:11:05,519 --> 00:11:10,079 compared to not having assault at all 242 00:11:11,519 --> 00:11:17,680 salting makes the use of rainbow tables 243 00:11:14,480 --> 00:11:20,640 pretty much infeasible 244 00:11:17,680 --> 00:11:23,200 however specialized hardware 245 00:11:20,640 --> 00:11:25,120 with the focus on parallel processing of 246 00:11:23,200 --> 00:11:28,640 the same operation 247 00:11:25,120 --> 00:11:32,079 can still create and compare millions of 248 00:11:28,640 --> 00:11:34,399 password hashes per second 249 00:11:32,079 --> 00:11:37,200 leaving the brute force attack vector 250 00:11:34,399 --> 00:11:37,200 unmitigated 251 00:11:39,519 --> 00:11:44,560 algorithms such as bcrypt airscript and 252 00:11:43,279 --> 00:11:46,160 argon2 253 00:11:44,560 --> 00:11:48,079 have been developed to make brute 254 00:11:46,160 --> 00:11:51,040 forcing those password hashes 255 00:11:48,079 --> 00:11:53,360 significantly harder 256 00:11:51,040 --> 00:11:56,079 while bcrypt tries to solve the problem 257 00:11:53,360 --> 00:11:58,000 by solely adding a cost factor to be 258 00:11:56,079 --> 00:12:00,480 increased over time 259 00:11:58,000 --> 00:12:02,800 script requires a huge amount of memory 260 00:12:00,480 --> 00:12:04,639 to work 261 00:12:02,800 --> 00:12:08,880 this makes using it in highly 262 00:12:04,639 --> 00:12:08,880 parallelized hardware infeasible 263 00:12:08,959 --> 00:12:14,240 when it comes to implementing script and 264 00:12:10,959 --> 00:12:17,440 argon 2 in python 265 00:12:14,240 --> 00:12:17,440 python has us covered 266 00:12:18,399 --> 00:12:23,680 what we have here are two snippets one 267 00:12:21,279 --> 00:12:27,519 implementing the hashing using script 268 00:12:23,680 --> 00:12:27,519 the other one using argon 2. 269 00:12:27,600 --> 00:12:30,720 script is part of python standard 270 00:12:29,680 --> 00:12:32,480 library 271 00:12:30,720 --> 00:12:33,760 and doesn't need any additional 272 00:12:32,480 --> 00:12:36,480 libraries 273 00:12:33,760 --> 00:12:39,839 whereas argon 2 depends on the argon 2 274 00:12:36,480 --> 00:12:39,839 cffi library 275 00:12:40,160 --> 00:12:44,000 the downside of script the way it's 276 00:12:42,560 --> 00:12:48,000 implemented 277 00:12:44,000 --> 00:12:50,399 is the lack of encoding the hashes setup 278 00:12:48,000 --> 00:12:52,880 when you look at the argon 2 hash 279 00:12:50,399 --> 00:12:54,240 you see various options encoded in the 280 00:12:52,880 --> 00:12:56,639 string 281 00:12:54,240 --> 00:12:59,440 from the hash name of the time cost 282 00:12:56,639 --> 00:13:02,480 factor the parallelization and the 283 00:12:59,440 --> 00:13:05,519 maximum memory cost 284 00:13:02,480 --> 00:13:09,600 for ascript you're on your own to encode 285 00:13:05,519 --> 00:13:09,600 and store those parameters 286 00:13:10,639 --> 00:13:15,120 when you use django you can use the 287 00:13:12,639 --> 00:13:19,160 build in argon 2 password hasher or 288 00:13:15,120 --> 00:13:19,160 ascript password hasher 289 00:13:20,880 --> 00:13:25,680 everything till here is pretty much 290 00:13:22,720 --> 00:13:28,079 standard and likely and hopefully known 291 00:13:25,680 --> 00:13:31,680 to most of you 292 00:13:28,079 --> 00:13:31,680 but what else is out there 293 00:13:33,360 --> 00:13:38,519 rfcs 2069 2617 294 00:13:37,839 --> 00:13:40,399 and 295 00:13:38,519 --> 00:13:43,040 7617 296 00:13:40,399 --> 00:13:45,440 defined two authentication approaches 297 00:13:43,040 --> 00:13:48,079 called digist authentication and basic 298 00:13:45,440 --> 00:13:51,120 authentication 299 00:13:48,079 --> 00:13:54,320 have been standardized since 1997 and 300 00:13:51,120 --> 00:13:55,680 1999 respectively 301 00:13:54,320 --> 00:13:58,320 because of this 302 00:13:55,680 --> 00:14:00,000 pretty much every web server out there 303 00:13:58,320 --> 00:14:03,639 can technically perform those 304 00:14:00,000 --> 00:14:03,639 authentication methods 305 00:14:04,079 --> 00:14:08,160 nowadays basic authentication tends to 306 00:14:06,079 --> 00:14:10,560 be more common since it's easier to 307 00:14:08,160 --> 00:14:14,920 perform and doesn't require to store the 308 00:14:10,560 --> 00:14:14,920 password in clear text on the server 309 00:14:17,199 --> 00:14:23,040 basic authentication works by having the 310 00:14:19,680 --> 00:14:25,360 server reply with a www authenticate 311 00:14:23,040 --> 00:14:29,040 header to a request 312 00:14:25,360 --> 00:14:31,600 instead of delivering its content 313 00:14:29,040 --> 00:14:33,760 browsers will then ask the user for 314 00:14:31,600 --> 00:14:36,240 username and password 315 00:14:33,760 --> 00:14:37,839 once entered the browser will resubmit 316 00:14:36,240 --> 00:14:42,079 the initial request 317 00:14:37,839 --> 00:14:42,079 and send the authorization header along 318 00:14:42,720 --> 00:14:48,160 the content after the basic part is a 319 00:14:45,120 --> 00:14:52,399 base64 encoding of the username and 320 00:14:48,160 --> 00:14:52,399 password joined by a colon 321 00:14:52,959 --> 00:14:57,600 i'll leave it as an exercise to you 322 00:14:55,600 --> 00:15:00,480 to tell me the username and password for 323 00:14:57,600 --> 00:15:00,480 this request here 324 00:15:01,600 --> 00:15:05,920 as you can easily realize if a 325 00:15:03,760 --> 00:15:07,680 connection between a client and server 326 00:15:05,920 --> 00:15:10,480 is not secure 327 00:15:07,680 --> 00:15:14,399 a man in the middle attack can easily 328 00:15:10,480 --> 00:15:14,399 leak a username and password 329 00:15:16,959 --> 00:15:20,720 as noted the problem with basic 330 00:15:18,800 --> 00:15:22,160 authentication is the potential leaking 331 00:15:20,720 --> 00:15:25,600 of user passwords 332 00:15:22,160 --> 00:15:28,560 since they are sent over the wire or air 333 00:15:25,600 --> 00:15:30,560 additionally with the rise of apis it's 334 00:15:28,560 --> 00:15:32,160 not only people identifying with a 335 00:15:30,560 --> 00:15:35,519 machine anymore 336 00:15:32,160 --> 00:15:38,320 but also machines talking to each other 337 00:15:35,519 --> 00:15:41,720 often on behalf of a specific user 338 00:15:38,320 --> 00:15:41,720 but not necessarily 339 00:15:41,839 --> 00:15:46,959 to solve those issues 340 00:15:43,759 --> 00:15:50,240 token authentication was invented 341 00:15:46,959 --> 00:15:54,480 tokens are typically mostly random bytes 342 00:15:50,240 --> 00:15:56,959 encoded in hex or base64. 343 00:15:54,480 --> 00:15:59,040 token authentication works similarly to 344 00:15:56,959 --> 00:16:01,279 basic authentication 345 00:15:59,040 --> 00:16:02,880 except that the client sends the token 346 00:16:01,279 --> 00:16:05,360 along right away 347 00:16:02,880 --> 00:16:08,600 instead of waiting for the server to ask 348 00:16:05,360 --> 00:16:08,600 for it 349 00:16:08,639 --> 00:16:13,360 instead of the basic keyword to identify 350 00:16:11,199 --> 00:16:16,480 the type of authentication 351 00:16:13,360 --> 00:16:16,480 token is used 352 00:16:17,279 --> 00:16:23,199 it's important to know that such tokens 353 00:16:20,000 --> 00:16:25,759 automatically identify and authenticate 354 00:16:23,199 --> 00:16:25,759 a request 355 00:16:26,000 --> 00:16:29,360 while man in the middle attacks are 356 00:16:27,440 --> 00:16:31,920 still possible 357 00:16:29,360 --> 00:16:33,279 tokens usually don't grant access to the 358 00:16:31,920 --> 00:16:36,639 whole account 359 00:16:33,279 --> 00:16:38,800 but only a subset of features 360 00:16:36,639 --> 00:16:41,040 which means that an attacker might be 361 00:16:38,800 --> 00:16:43,839 able to read some user data 362 00:16:41,040 --> 00:16:43,839 but not right 363 00:16:44,720 --> 00:16:49,040 in the case of services acting on behalf 364 00:16:47,519 --> 00:16:51,920 of a user 365 00:16:49,040 --> 00:16:55,759 those tokens are often called personal 366 00:16:51,920 --> 00:16:55,759 access tokens or paths 367 00:16:57,199 --> 00:17:01,600 in march 2021 368 00:16:59,360 --> 00:17:03,040 github introduced an update to their 369 00:17:01,600 --> 00:17:05,439 tokens 370 00:17:03,040 --> 00:17:09,360 following a schema that was previously 371 00:17:05,439 --> 00:17:09,360 implemented by stripe and slack 372 00:17:09,439 --> 00:17:15,839 tokens now contain a prefix 373 00:17:12,799 --> 00:17:18,480 similarly tokens to authenticate against 374 00:17:15,839 --> 00:17:21,679 pipi the python package index 375 00:17:18,480 --> 00:17:23,679 also contain a prefix 376 00:17:21,679 --> 00:17:25,520 these prefixes don't provide any 377 00:17:23,679 --> 00:17:27,360 additional security 378 00:17:25,520 --> 00:17:29,280 but they allow easier detection of 379 00:17:27,360 --> 00:17:31,280 secrets in code bases 380 00:17:29,280 --> 00:17:33,840 by using a feature called secret 381 00:17:31,280 --> 00:17:33,840 scanning 382 00:17:36,160 --> 00:17:40,400 very similar 383 00:17:37,520 --> 00:17:43,360 to the just expand token authentication 384 00:17:40,400 --> 00:17:45,360 is the bearer authentication 385 00:17:43,360 --> 00:17:48,240 it stems from the oauth 386 00:17:45,360 --> 00:17:50,960 authentication flow 387 00:17:48,240 --> 00:17:53,200 oauth provides a method for clients to 388 00:17:50,960 --> 00:17:56,880 access a protected resource 389 00:17:53,200 --> 00:17:59,760 on behalf of a resource owner 390 00:17:56,880 --> 00:18:02,000 in the general case before a client can 391 00:17:59,760 --> 00:18:04,640 access a protected resource 392 00:18:02,000 --> 00:18:08,320 it must first obtain an authorization 393 00:18:04,640 --> 00:18:11,360 grant from the resource owner 394 00:18:08,320 --> 00:18:12,840 it then exchanges the grant for an 395 00:18:11,360 --> 00:18:15,520 access 396 00:18:12,840 --> 00:18:18,000 token the access token represents the 397 00:18:15,520 --> 00:18:20,640 grant's scope duration and other 398 00:18:18,000 --> 00:18:20,640 attributes 399 00:18:20,960 --> 00:18:24,799 the client accesses the protected 400 00:18:22,799 --> 00:18:28,520 resource by presenting the access token 401 00:18:24,799 --> 00:18:28,520 to the resource server 402 00:18:29,360 --> 00:18:33,840 in some cases a client can directly 403 00:18:31,840 --> 00:18:36,160 present its own credentials to the 404 00:18:33,840 --> 00:18:39,520 authorization server to obtain an access 405 00:18:36,160 --> 00:18:41,280 token without having to first obtain an 406 00:18:39,520 --> 00:18:43,840 authorization grant from the resource 407 00:18:41,280 --> 00:18:43,840 owner 408 00:18:44,160 --> 00:18:49,120 a bearer style authentication has a huge 409 00:18:46,640 --> 00:18:50,880 benefit over all previous authentication 410 00:18:49,120 --> 00:18:54,080 methods 411 00:18:50,880 --> 00:18:55,919 the password or the secret that is used 412 00:18:54,080 --> 00:18:58,160 for the authentication 413 00:18:55,919 --> 00:19:01,280 never leaves the client 414 00:18:58,160 --> 00:19:04,720 instead in the case at hand the secret 415 00:19:01,280 --> 00:19:06,400 is used to sign a javascript web token 416 00:19:04,720 --> 00:19:09,360 if the jwt 417 00:19:06,400 --> 00:19:11,520 includes a nonce or a short lift 418 00:19:09,360 --> 00:19:13,039 a man in the middle attack might be able 419 00:19:11,520 --> 00:19:15,360 to read the token 420 00:19:13,039 --> 00:19:17,600 but since it expires shortly after or 421 00:19:15,360 --> 00:19:19,600 can only be used once 422 00:19:17,600 --> 00:19:23,240 the attacker can often only do limited 423 00:19:19,600 --> 00:19:23,240 things with those tokens 424 00:19:24,000 --> 00:19:29,120 a similar approach was developed by aws 425 00:19:26,720 --> 00:19:32,400 to access the apis 426 00:19:29,120 --> 00:19:35,039 in aws's hmac based approach 427 00:19:32,400 --> 00:19:38,000 the aws secret access key 428 00:19:35,039 --> 00:19:42,080 is used to sign certain header values 429 00:19:38,000 --> 00:19:42,080 and the aws access key id 430 00:19:44,480 --> 00:19:49,440 since i just mentioned jwts and because 431 00:19:47,200 --> 00:19:51,679 i know how popular they are 432 00:19:49,440 --> 00:19:53,200 i want to echo numerous concerns and 433 00:19:51,679 --> 00:19:55,840 issues around them 434 00:19:53,200 --> 00:19:57,840 graciously provided by james bennett a 435 00:19:55,840 --> 00:20:00,559 long and well-known member of django's 436 00:19:57,840 --> 00:20:00,559 security team 437 00:20:01,120 --> 00:20:08,640 in short jwts are over complex and put 438 00:20:04,960 --> 00:20:11,440 too much power in an attacker's hands 439 00:20:08,640 --> 00:20:15,840 there are too many knobs and variations 440 00:20:11,440 --> 00:20:15,840 that give an attacker too much control 441 00:20:16,240 --> 00:20:21,280 jwts can be signed or not jw keys can be 442 00:20:19,840 --> 00:20:22,880 encrypted or not 443 00:20:21,280 --> 00:20:25,280 the details of the signing or 444 00:20:22,880 --> 00:20:27,840 encryptions are encoded as part of the 445 00:20:25,280 --> 00:20:30,320 jwt itself 446 00:20:27,840 --> 00:20:32,960 and while ssl and tls have learned the 447 00:20:30,320 --> 00:20:35,120 hard way how to do or rather not to do 448 00:20:32,960 --> 00:20:38,480 cipher of the negotiation 449 00:20:35,120 --> 00:20:40,559 jwt did not learn 450 00:20:38,480 --> 00:20:43,120 and when five libraries all make the 451 00:20:40,559 --> 00:20:46,640 same implementation mistake it's rather 452 00:20:43,120 --> 00:20:49,120 hard to argue it's bad programming 453 00:20:46,640 --> 00:20:51,840 it's more likely that the specification 454 00:20:49,120 --> 00:20:55,600 did a bad job of making sure people 455 00:20:51,840 --> 00:20:55,600 avoid a certain vulnerability 456 00:20:56,000 --> 00:21:00,400 so 457 00:20:56,960 --> 00:21:02,640 stop using jwts 458 00:21:00,400 --> 00:21:03,760 okay what else can you use 459 00:21:02,640 --> 00:21:06,640 well 460 00:21:03,760 --> 00:21:08,880 if you want to stick to json encoding 461 00:21:06,640 --> 00:21:11,440 how about to use json dumps pass it 462 00:21:08,880 --> 00:21:14,080 through base64 and then the page append 463 00:21:11,440 --> 00:21:14,080 in hmac 464 00:21:14,480 --> 00:21:19,679 turns out you can do that in six line of 465 00:21:17,360 --> 00:21:21,919 python 466 00:21:19,679 --> 00:21:24,000 sure you use the flexibility to choose 467 00:21:21,919 --> 00:21:26,720 the signing algorithm 468 00:21:24,000 --> 00:21:28,320 but that's exactly the point 469 00:21:26,720 --> 00:21:30,960 there's no way for an attacker to 470 00:21:28,320 --> 00:21:35,520 negotiate you down to a hash algorithm 471 00:21:30,960 --> 00:21:38,240 that's less secure than shard 256 472 00:21:35,520 --> 00:21:40,799 if you're using django just use django 473 00:21:38,240 --> 00:21:43,200 core signing which implements something 474 00:21:40,799 --> 00:21:45,840 like this just a bit more flexible and 475 00:21:43,200 --> 00:21:45,840 reliably 476 00:21:46,559 --> 00:21:53,440 okay after this xcourse and rant on 477 00:21:49,360 --> 00:21:53,440 jbwts let's continue 478 00:21:53,679 --> 00:22:00,400 on the note of public key cryptography 479 00:21:57,280 --> 00:22:03,039 i want to mention mutual authentication 480 00:22:00,400 --> 00:22:06,000 most widely known is probably ssh using 481 00:22:03,039 --> 00:22:08,559 ssh keys 482 00:22:06,000 --> 00:22:11,600 a client's public key is put on a target 483 00:22:08,559 --> 00:22:14,000 server and during the connection process 484 00:22:11,600 --> 00:22:16,640 the server sends an encrypted and signed 485 00:22:14,000 --> 00:22:18,559 message to the client who verifies the 486 00:22:16,640 --> 00:22:20,640 server authenticity 487 00:22:18,559 --> 00:22:22,880 and sends an encrypted and signed 488 00:22:20,640 --> 00:22:25,120 message back 489 00:22:22,880 --> 00:22:28,400 that message can be used by the server 490 00:22:25,120 --> 00:22:33,280 to authenticate the client 491 00:22:28,400 --> 00:22:35,600 less well known as mtls or mutual tls 492 00:22:33,280 --> 00:22:36,960 while typical tls only provides the 493 00:22:35,600 --> 00:22:39,520 authenticity 494 00:22:36,960 --> 00:22:42,480 of a server to a client 495 00:22:39,520 --> 00:22:45,360 mtls also provides the authenticity of a 496 00:22:42,480 --> 00:22:47,280 client to a server 497 00:22:45,360 --> 00:22:49,600 however since the process is not 498 00:22:47,280 --> 00:22:51,200 particularly user friendly 499 00:22:49,600 --> 00:22:53,280 it's less often seen in user 500 00:22:51,200 --> 00:22:55,600 applications 501 00:22:53,280 --> 00:22:58,000 given the added security however it's 502 00:22:55,600 --> 00:23:00,159 mostly used in corporate environments in 503 00:22:58,000 --> 00:23:02,559 situations where servers talk to each 504 00:23:00,159 --> 00:23:05,760 other and the so-called zero trust 505 00:23:02,559 --> 00:23:05,760 network is present 506 00:23:06,000 --> 00:23:11,280 while these public key cryptography 507 00:23:07,919 --> 00:23:13,919 approaches have a significant benefit 508 00:23:11,280 --> 00:23:17,120 or avoid user passwords 509 00:23:13,919 --> 00:23:19,440 they still suffer from potential problem 510 00:23:17,120 --> 00:23:20,720 the private key could be leaked on the 511 00:23:19,440 --> 00:23:24,720 client side 512 00:23:20,720 --> 00:23:24,720 due to male wear or rootkits 513 00:23:25,919 --> 00:23:30,000 three years ago a new kid joined the 514 00:23:28,240 --> 00:23:32,240 authentication party 515 00:23:30,000 --> 00:23:34,559 and moved the private keys off of the 516 00:23:32,240 --> 00:23:37,760 hardware that is used by a user to log 517 00:23:34,559 --> 00:23:40,159 into a service 518 00:23:37,760 --> 00:23:43,039 fido 2 is a standard by the fido 519 00:23:40,159 --> 00:23:45,360 alliance and was first developed and 520 00:23:43,039 --> 00:23:48,720 released in 2019 521 00:23:45,360 --> 00:23:50,960 it defines the web auth and w3c 522 00:23:48,720 --> 00:23:53,600 specification for using public key 523 00:23:50,960 --> 00:23:55,840 cryptography to authenticate towards a 524 00:23:53,600 --> 00:23:57,760 web service 525 00:23:55,840 --> 00:23:59,760 the goal is to reduce the amount of 526 00:23:57,760 --> 00:24:00,799 passwords used to authenticate on the 527 00:23:59,760 --> 00:24:02,960 map 528 00:24:00,799 --> 00:24:06,159 and thus make hacking accounts 529 00:24:02,960 --> 00:24:06,159 significantly harder 530 00:24:07,600 --> 00:24:11,520 i won't go into the details of the web 531 00:24:09,840 --> 00:24:13,760 of inflow 532 00:24:11,520 --> 00:24:17,520 but as briefly mentioned 533 00:24:13,760 --> 00:24:19,760 the important part is the authenticator 534 00:24:17,520 --> 00:24:21,600 this can be a device like a usb dongle 535 00:24:19,760 --> 00:24:23,440 or an nfc device 536 00:24:21,600 --> 00:24:26,799 something that's separate from the 537 00:24:23,440 --> 00:24:28,799 device that the user wants to log in on 538 00:24:26,799 --> 00:24:30,320 by having the keys on a dedicated 539 00:24:28,799 --> 00:24:32,640 hardware 540 00:24:30,320 --> 00:24:35,360 that they never leave 541 00:24:32,640 --> 00:24:37,520 there's no way for the secret key 542 00:24:35,360 --> 00:24:40,080 to be leaked 543 00:24:37,520 --> 00:24:42,799 probably most notable in this field are 544 00:24:40,080 --> 00:24:42,799 ub keys 545 00:24:43,039 --> 00:24:47,440 the browser asks the user to insert it 546 00:24:46,000 --> 00:24:49,120 and confirm 547 00:24:47,440 --> 00:24:50,240 that they want to perform a certain 548 00:24:49,120 --> 00:24:54,240 operation 549 00:24:50,240 --> 00:24:54,240 by touching its metal sensor 550 00:24:54,480 --> 00:24:59,679 the usb key then signs a server 551 00:24:56,960 --> 00:25:03,360 challenge and provides its back to the 552 00:24:59,679 --> 00:25:07,840 browser who sends back to the server 553 00:25:03,360 --> 00:25:07,840 who now can authenticate this user 554 00:25:09,360 --> 00:25:12,720 so where does it leave us 555 00:25:12,840 --> 00:25:19,039 with it leaves us with loads of ways for 556 00:25:16,640 --> 00:25:21,360 users and services to identify 557 00:25:19,039 --> 00:25:23,600 themselves and to authenticate each 558 00:25:21,360 --> 00:25:23,600 other 559 00:25:23,679 --> 00:25:27,440 i talked about the good old password 560 00:25:25,840 --> 00:25:29,679 authentication 561 00:25:27,440 --> 00:25:31,840 which has accompanied us ever since the 562 00:25:29,679 --> 00:25:34,720 internet exists 563 00:25:31,840 --> 00:25:36,720 it certainly solves its purpose 564 00:25:34,720 --> 00:25:39,600 but it's far from ideal 565 00:25:36,720 --> 00:25:42,080 every so often services get hacked and 566 00:25:39,600 --> 00:25:43,679 user data including their passwords is 567 00:25:42,080 --> 00:25:45,760 leaked 568 00:25:43,679 --> 00:25:48,799 we are lucky when the service used to 569 00:25:45,760 --> 00:25:52,799 stop a strong and modern hash method 570 00:25:48,799 --> 00:25:52,799 it didn't stop passwords in clear text 571 00:25:53,360 --> 00:25:57,600 we talked about token authentication 572 00:25:55,360 --> 00:26:00,080 which is ideal for services 573 00:25:57,600 --> 00:26:02,799 to service authentication 574 00:26:00,080 --> 00:26:06,000 and identification in a trusted network 575 00:26:02,799 --> 00:26:10,279 however if the network isn't trusted 576 00:26:06,000 --> 00:26:10,279 something stronger might be required 577 00:26:10,640 --> 00:26:15,760 pre-shared keys like the aws credentials 578 00:26:13,600 --> 00:26:18,960 or client id and client secret in the 579 00:26:15,760 --> 00:26:20,159 oauth process can reduce the problem of 580 00:26:18,960 --> 00:26:24,520 key leakage 581 00:26:20,159 --> 00:26:24,520 by using signatures for authentication 582 00:26:24,720 --> 00:26:29,440 public key cryptography can be used for 583 00:26:26,799 --> 00:26:32,320 authentication without the need to share 584 00:26:29,440 --> 00:26:33,679 the secret upfront 585 00:26:32,320 --> 00:26:36,480 and lastly 586 00:26:33,679 --> 00:26:39,200 physical hardware such as ub keys or 587 00:26:36,480 --> 00:26:42,000 other types of hardware security modules 588 00:26:39,200 --> 00:26:44,480 can move the cryptographic operations of 589 00:26:42,000 --> 00:26:49,799 the normal hardware into specific 590 00:26:44,480 --> 00:26:49,799 hardware that keeps the secret keys safe 591 00:26:52,480 --> 00:26:57,919 with that i want to thank the organizers 592 00:26:55,039 --> 00:27:00,880 for the snake oil academy 2021 and pycon 593 00:26:57,919 --> 00:27:02,480 australia 2021 for yet another well 594 00:27:00,880 --> 00:27:05,200 organized event 595 00:27:02,480 --> 00:27:08,480 i want to thank all of you for tuning in 596 00:27:05,200 --> 00:27:08,480 and i hope you learned something 597 00:27:08,799 --> 00:27:11,600 and lastly 598 00:27:10,000 --> 00:27:14,159 i want to credit some sites that 599 00:27:11,600 --> 00:27:16,240 provided quite some useful information 600 00:27:14,159 --> 00:27:18,159 especially with regards to the historic 601 00:27:16,240 --> 00:27:21,200 events 602 00:27:18,159 --> 00:27:23,440 thank you 603 00:27:21,200 --> 00:27:25,919 thank you very much marcus and thanks 604 00:27:23,440 --> 00:27:27,279 for joining us at uh 605 00:27:25,919 --> 00:27:28,799 i'm not even going to pretend i know the 606 00:27:27,279 --> 00:27:29,840 time i should have asked while we were 607 00:27:28,799 --> 00:27:33,120 talking 608 00:27:29,840 --> 00:27:35,360 it's 9 27 in the morning now 609 00:27:33,120 --> 00:27:37,600 this is not too bad this is all right 610 00:27:35,360 --> 00:27:38,960 it's not it's not unless we get up in 611 00:27:37,600 --> 00:27:40,799 the middle of the night to watch other 612 00:27:38,960 --> 00:27:43,360 talks and then go back to sleep 613 00:27:40,799 --> 00:27:46,799 which probably should have not done 614 00:27:43,360 --> 00:27:46,799 and watch the recordings later 615 00:27:47,520 --> 00:27:51,120 right we have one very important 616 00:27:49,760 --> 00:27:53,200 question for you 617 00:27:51,120 --> 00:27:56,080 tom would like to know if you've just 618 00:27:53,200 --> 00:27:57,360 told him to roll his own crypto 619 00:27:56,080 --> 00:27:58,480 well 620 00:27:57,360 --> 00:27:59,919 um 621 00:27:58,480 --> 00:28:03,840 everybody who wants to roll their own 622 00:27:59,919 --> 00:28:06,000 crypto should um figure out um if that 623 00:28:03,840 --> 00:28:08,080 is really a good idea and if they um 624 00:28:06,000 --> 00:28:09,679 make the right life choices there 625 00:28:08,080 --> 00:28:11,840 um 626 00:28:09,679 --> 00:28:13,679 generally now please do not roll their 627 00:28:11,840 --> 00:28:16,240 own crypto but rolling your own crypto 628 00:28:13,679 --> 00:28:17,600 doesn't necessarily mean 629 00:28:16,240 --> 00:28:19,840 that or 630 00:28:17,600 --> 00:28:21,679 appending a signature to some blob of 631 00:28:19,840 --> 00:28:23,840 data isn't particularly rolling your own 632 00:28:21,679 --> 00:28:26,440 crypto from my perspective running your 633 00:28:23,840 --> 00:28:29,919 own crypto is when you go and implement 634 00:28:26,440 --> 00:28:32,000 sha-256 or as yourself like implement 635 00:28:29,919 --> 00:28:34,159 the underlying cryptographic algorithms 636 00:28:32,000 --> 00:28:36,880 that is something that you absolutely 637 00:28:34,159 --> 00:28:39,039 should not do just don't the moment 638 00:28:36,880 --> 00:28:40,799 where you go and do that 639 00:28:39,039 --> 00:28:43,760 um 640 00:28:40,799 --> 00:28:45,200 you probably do that because you started 641 00:28:43,760 --> 00:28:47,039 building your own programming language 642 00:28:45,200 --> 00:28:49,520 and can't use and can't rely on anything 643 00:28:47,039 --> 00:28:50,880 else but also then it's probably 644 00:28:49,520 --> 00:28:52,720 something you should 645 00:28:50,880 --> 00:28:55,039 probably don't want to do 646 00:28:52,720 --> 00:28:58,640 um like yeah don't don't write your own 647 00:28:55,039 --> 00:28:59,520 crypto by depending a signature based on 648 00:28:58,640 --> 00:29:02,159 proper 649 00:28:59,520 --> 00:29:04,480 proper improperly implemented methods is 650 00:29:02,159 --> 00:29:06,559 absolutely fine 651 00:29:04,480 --> 00:29:09,919 so try it carefully then 652 00:29:06,559 --> 00:29:09,919 yes yes please 653 00:29:10,159 --> 00:29:16,480 uh it's fantastic to have you here again 654 00:29:12,640 --> 00:29:18,559 uh closing up the uh the day for us 655 00:29:16,480 --> 00:29:21,279 um we'll be back in a couple of minutes 656 00:29:18,559 --> 00:29:25,120 to give a quick wrap-up to the day uh so 657 00:29:21,279 --> 00:29:27,840 we'll see you all shortly thank you 658 00:29:25,120 --> 00:29:27,840 thank you