New Challenge: use weak KDF to protect a secret

[commjoen]

Context

This is a Docker challenge focused on using the wrong KDF to protect a secret. In crypto-js there is an AES encryption mechanism, which uses MD5 as its KDF. This library is often used on mobile for encryption in hybrid apps. So what if we make a challenge in which the user has to find the right "pin"to be able to decrypt a secret offered on screen? (E.g. a 4-8 digit pin with md5 based KDF, and a secret fitting in 128 bytes. We need to relate it to the MSTG on how to use (P)KDF with additional entropy and contextual binding.

Did you encounter this in real life? Could you tell us more about the scenario?

See https://github.com/brix/crypto-js/blob/c8a2312474ae60c823f3c00b4d7aac2da460bbfc/test/config-test.js for test defaults.

[EmperialX]

Hello @commjoen , I came across this good first issue and I would like to work on fixing it and would appreciate your guidance as I work on this issue. Let me know if you have any suggestions. can you assign me on this.

[commjoen]

Hi @EmperialX sure, I will assign it to you :).

1. Basically the steps are as follows: choose a number between 0 and 99999 of which you create the md-5 hash
2. use the hash to encrypt "the answer"
3. take the ciphertext of 2 and store it in the code
4. now create the answer validation code that takes a string, test if it is a number, convert it to an int between 0 and 99999 and then takes the hash of it to decrypt the ciphertext you hardcoded in 3
5. if the decrypted result of 4 matches "the answer" the user found the right "pin".
6. explain in the challengetext that protecting keys is all about the keying material and why choosing a bad key derivation function (KDF) can be not so helpful (reference to https://github.com/brix/crypto-js/blob/c8a2312474ae60c823f3c00b4d7aac2da460bbfc/test/config-test.js) in combination with just only a plain number.

[EmperialX]

ok, thank you so much. I will give you the update as soon as possible.

On Sun, Apr 2, 2023 at 12:32 AM Jeroen Willemsen @.***> wrote:

Hi @EmperialX https://github.com/EmperialX sure, I will assign it to you :).

1. Basically the steps are as follows: choose a number between 0 and 99999 of which you create the md-5 hash
2. use the hash to encrypt "the answer"
3. take the ciphertext of 2 and store it in the code
4. now create the answer validation code that takes a string, test if it is a number, convert it to an int between 0 and 99999 and then takes the hash of it to decrypt the ciphertext you hardcoded in 3
5. if the decrypted result of 4 matches "the answer" the user found the right "pin".
6. explain in the challengetext that protecting keys is all about the keying material and why choosing a bad key derivation function (KDF) can be not so helpful (reference to https://github.com/brix/crypto-js/blob/c8a2312474ae60c823f3c00b4d7aac2da460bbfc/test/config-test.js) in combination with just only a plain number.

— Reply to this email directly, view it on GitHub https://github.com/OWASP/wrongsecrets/issues/713#issuecomment-1493077129, or unsubscribe https://github.com/notifications/unsubscribe-auth/AXSFQIEKYXC24OCBVDJZD63W7B3T5ANCNFSM6AAAAAAV7ECGHI . You are receiving this because you were mentioned.Message ID: @.***>

[commjoen]

No rush sir :) . Feel free to connect via Slack where you can find likeminded contributors :) . (See the readme for the links ;-) )

[commjoen]

Hi @EmperialX do you have any updates on this :) ?

[CaduRoriz]

/assign

[commjoen]

Hello @CaduRoriz ! How are you doing? Do you have any progress on this issue isr?

[commjoen]

Removed assignees based on inactivity. Feel free to have a go at it!