lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 4 Feb 2006 02:36:23 -0000
From: info@...ssure.com
To: bugtraq@...urityfocus.com
Subject: PeopleSoft (Oracle) PSCipher Encryption Weakness


Vendor:        		PeopleSoft
Product:       		People Tools
Version:       		8.4x
Platform:      		Multi-platform
Title:         		Weak Encryption
     		


Description:	   	

PeopleSoft uses PSCipher() for encryption/hashing purposes.  Based on observations from the output of PSCipher() and on our familiarity with the cryptographic library objects and methods used in the JCA/JCE, we were able to surmise PSCipher() uses the password-based encryption algorithm as defined in RSA Laboratories, "PKCS #5: Password-Based Encryption Standard," version 1.5, Nov 1993. 

In addition, based on PSCipher() output, the DES key used by PSCipher() is a fixed string, probably stored in a number of system directories. Knowledge of this key would greatly benefit password dictionary attacks against PSCipher() encrypted passwords.  A fairly knowledgeable attacker could easily determine what this fixed key is.

Based on the length of a password the algorithm pads and then outputs 8 byte values, using cipher block chaining mode for 8 byte blocks, output using base64 encoding. Consequently, passwords patterns of the following are readily observed:
			
PSCipher(x1x2x3x4x5x6x7x8) = C1
PSCipher(x1x2x3x4x5x6x7x8y1….yi) = C1C  // block C varying up to i=8
PSCipher(x1x2x3x4x5x6x7x8y1….y8z1….zi) = C1C2C  //block C varying up to i=8

For example, 
PSCipher(12345678) = VsQZcQDrTFJg93xDQKeGJA==  
PSCipher (123456789) = VsQZcQDrTFLZN5WgnZfo1w==
			
Note: Here VsQZcQDrTF corresponds to the 8 bytes “12345678” encrypted with base64 encoding performed after cipher out. Also note that, as is seen in this example, the algorithm used by PSCipher() outputs encrypted text in 8 bytes streams. If a user chooses a 9 character password, the first 8 bytes of this will be the same for this password and an 8 character password using the same first 8 characters. Hence, a dictionary attack for a 9 character password can be done using the first 8
characters plus any additional characters.

In effect, increasing password length does not give an exponential increase in password strength, significantly aiding a dictionary attack against passwords.  For example, suppose for simplicity only 10 characters are used for password composition. Compare a full 9 character password exhaust of 109	with a 108 + 10 exhaust.



Vendor Solution: (Provided by Oracle)
	
In Enterprise PeopleTools 8.47 and above, PeopleTools provides Triple DES encryption (i.e 3DES) for increased data security. The PSCipher Utility has been enhanced to provide a command line utility to encrypt a variety of text values stored in various configuration files throughout your system. In addition, the PSCipher includes the following features:

• Dynamic Key generation: The ability to generate unique encryption keys.
• Version maintenance: The key file maintains a version history of all previous versions of the keys, which enables text previously encrypted to be encrypted or decrypted.


Important additional information:

It is important to provide proper scope to the usage of PSCipher.  PeopleSoft does NOT use PSCipher for the following encryption purposes:
- PSCipher is NOT used for the encryption of ANY application data
- PSCipher is NOT used for the encryption of ANY data stored in the PeopleSoft DB.
- ALL user passwords stored in the DB are hashed using the SHA-1 Secure Hash Algorithm

In the instances where PSCipher is used within the PeopleSoft environtment, adherence to Security Best Practices would ensure that those IDs protected with PSCipher encryption would have minimal access to the system (additional access would be unnecessary and not recommended).  Additionally, and also in accordance to best practices, these passwords should only be persisted in secured areas of the system.  

PScipher is NOT a general purpose routine.  The decryption routine is NOT made available.  Therefore customers should not be using this routine for their own use to 'protect' other kinds of data. 

PeopleSoft routinely reviews the overall security posture of its products, and we provide robust processes and communication channels for our customers and 3rd party organizations to provide feedback and information about possible security weaknesses.  These matters are given the highest level of attention and analysis and PeopleSoft endeavors to provide resolutions and fixes at the earliest possible time.

Vendor Trail:  		

December 04 PeopleSoft contacted
December 04 PeopleSoft confirms
October  05 PeopleSoft provides solution
Febuary 06 Release


Contributers:  		

Dr. Larry Wargo
Barrett McGuire
Matt Fotter


In-depth analysis is available at http://www.i-assure.com

Powered by blists - more mailing lists