Make Passwords Expensive
A simple workflow for encrypting data on a device is to collect a passphrase from a user, then pass that along to the encryption engine to use to encrypt (and decrypt) whatever data you give to that engine. In fact, you may be forgiven if you think that’s the entire workflow, as it fits the classic depiction of implementing cryptography.
However, depending upon your engine, that workflow may be good or bad.
The problem is that most users of our apps are human, and humans are notoriously bad at remembering passphrases. As a result, the passphrases tend to be short. Short passphrases are intrinsically weak and are prone to recovery via brute force attacks.
You can help this somewhat by using a
key derivation function.
One thing that separates some approaches to cryptography
(e.g., SQLCipher for Android)(http://sqlcipher.net/sqlcipher-for-android/)
from others (e.g., direct use of javax.crypto) is whether the engine automatically
applies a key derivation function for you or not.
The objective of a key derivation function is to make passphrases expensive:
-
The actual passphrase used by the underlying encryption algorithm is something consistently long, rather than literally what the user types in for the passphrase
-
The act of generating the actual passphrase itself is expensive enough to slow down brute force attacks that rely upon dictionaries and the like
A key derivation function is usually based on a one-way cryptographic hash. A classic solution was to use something based upon MD5, but nowadays that is nowhere near sufficient.
SQLCipher for Android automatically applies PBKDF2 (originally 4,000 rounds, being bumped to 64,000 in SQLCipher 3.0.0). Popular solutions traditionally used on the server include bcrypt and scrypt.
If you are storing data locally on the device, and you want to encrypt it, make sure that your encryption approach is using some key derivation function, whether supplied by the crypto library or one that you add on separately.
Similarly, make sure that your Web service uses a key derivation function for storing the hashed passphrases for comparison purposes. Not only will this slow down attacks (coupled with other steps you might take to detect and block brute force approachs), but it will make your accounts database more secure in case your server is hacked and miscreants make off with the database.
