New Security Audit: ‘Have I Been Pwned?’

With iOS version 1.48.3 (Pro) Strongbox now adds support for checking your passwords against the online ‘Have I Been Pwned?’ service.

The ‘Have I Been Pwned?‘ feature in action

What is ‘Have I Been Pwned?

Have I Been Pwned? is an online service that monitors and collects hacked credentials that are being trafficked in hacker underground communities and the dark web. It collects and collates these security breaches so that it can notify users if their account has become compromised. The site is run by renowned computer security and technology consultant Troy Hunt.

One particular element of the service allows you to check (in a secure way) whether a password appears in an enormous collection (more than 500 million) of known passwords. You can check an individual password here.

Strongbox uses the same API/Service to check your passwords and if they are known to be compromised to indicate this in the UI. This is an opt-in feature which is off by default. Read on for more details.

NB: This is a Pro feature only, it is not available in the free version of Strongbox.

What on Earth does ‘Pwned’ mean?!

Pwned is online Internet slang which is a corruption of the word “Owned”. So what does “Owned” mean? Owned in the context of computer security or hacker culture basically means a system or in this case, a password, is completely compromised. It is known and provides no protection against an adversary. For more entertainment see the Urban Dictionary definition.

How do I use it?

Since this feature is off by default you will need to navigate to Database Auditing preferences to try it out.

If this is your first time using the Have I Been Pwned? audit, you will be presented with a caveat/disclaimer to be certain your are comfortable with using this feature. You will need to accept this to move on.

As with all other audits if Strongbox finds a problem it will indicate it in the UI with an orange “Shield” icon, see the example below:

Once this feature is switched on Strongbox will gather your database passwords and securely check them by making a call to the online service. If you are interested in the technical/security aspects of this please read the How Secure is This? section below.

Since this is an online feature Strongbox will securely cache any compromised passwords so that you don’t have to be online to know which passwords have been marked as compromised on subsequent opens. Strongbox also will check the service at most once per day by default (this is configurable) to save network traffic.

How Secure is This?

One of the first questions people usually ask is how does this work, how can it possibly be secure? After all, to check my passwords don’t you have to send them to this service over the Internet?

The surprising answer to this question is No. Using some straightforward encryption techniques and a method called call k-anonymity this task can be performed while providing some very strong security guarantees. You can read more about the development and implementation of this system on Have I Been Pwned. In short the process works like this:

Procedure

  1. Your password is hashed (in this case using SHA-1). This maps your password to a 20 bytes in a fixed way. Hash functions try to make this process difficult to reverse and also provide an even mapping across the full range of the 2^160 possible values.
  2. This is then converted to standard hex format, e.g. 21BD12DC183F740EE76F27B78EB39C8AD972A757
  3. The first 5 digit prefix (20 bits) is then taken and used to query the online service. e.g. https://api.pwnedpasswords.com/range/21BD1
  4. This service lookups up all known compromised passwords with this SHA-1 prefix and sends them back to Strongbox. It also includes many other items which are not compromised (Padding).
  5. Strongbox checks this returned list for the suffix of the SHA-1 hash, in this case 2DC183F740EE76F27B78EB39C8AD972A757
  6. If found Strongbox knows that this password is not secure and will indicate this in the UI

Note that all this takes place over HTTPS.

The Attackers Point of View

Let’s assume that an attacker somehow managed to compromise your secure connection (not an easy task) and can see your network traffic directly. Only the 5-digit prefix (21BD1) is visible. This is 20 bits of a 160 bit hash, leaving an enormous search space of 2^140 possible matching hashes. A pretty hopeless task.

The attacker also has no way of knowing if your password is compromised or not by looking at the response. There are roughly 800-1000 hash suffixes returned in each response and it cannot be assumed your password is in this list. Indeed if it is, Strongbox will let you know and you can then act to change it in short order.

Conclusion

This has been a much requested feature and one I’ve been looking forward to for a long time. It finally came time when the Security Audit subsystem was released last week. I hope you’ll enjoy it, find it useful and that it helps make you more secure.

Of course I’d be very interested to hear any stories of the system finding something for you, or if you have any questions, comments or concerns.

Recommended Posts