00:00:20.720
okay this is uh 80,000 plain text
00:00:23.480
passwords uh This Is An Open Source love
00:00:25.680
story in 3x as you were promised in your
00:00:27.880
programs um like every good uh threea
00:00:31.720
play we will start with a dramatis
00:00:33.040
person a a listing of our characters in
00:00:35.440
our play so first this is peorn
00:00:39.120
peppercorn is one of your user's dogs
00:00:42.120
and like a good dog owner the instant
00:00:44.079
peppercorn's owner got peppercorn they
00:00:45.600
changed all of their passwords on all of
00:00:47.399
their services to
00:00:50.559
peppercorn this is mallerie mallerie is
00:00:53.320
an attacker mallerie is going to attempt
00:00:55.359
to compromise all of your users
00:00:56.879
passwords we'll come back to her in a
00:00:58.519
minute and this is me uh my name is TJ
00:01:02.280
shook I am on the internet everywhere as
00:01:04.640
TJ shook my name without the dots and
00:01:06.439
spaces GitHub Twitter Etc uh I'm a
00:01:09.240
developer at Harvest we make the world's
00:01:11.119
best time tracking software if you do
00:01:13.040
any consulting or freelance work or if
00:01:14.880
you work for an agency or if you just
00:01:16.479
get paid money for your time you to
00:01:18.680
yourself to check out Harvest um I am
00:01:21.400
from New York and it uh took me a very
00:01:24.640
long time to get here um there you go
00:01:28.200
hey uh New York is 12 hours time shifted
00:01:31.720
from here so it is literally halfway
00:01:33.240
around the world uh it took me more than
00:01:35.119
24 hours to get here I left on Monday
00:01:38.040
and arrived here on Wednesday so Tuesday
00:01:40.560
just disappeared to the skies um so if I
00:01:44.240
start speaking in tongues or anything
00:01:46.159
it's because like the part of my brain
00:01:47.880
responsible for speech and language got
00:01:50.040
like mixed up while I was time traveling
00:01:52.840
um most notably for this talk I am not a
00:01:55.759
security expert there are real life
00:01:58.000
Security Experts that get paid lots of
00:01:59.640
money to know a lot of stuff about many
00:02:01.880
things I don't know about if you have
00:02:03.680
true security problems you should hire
00:02:05.399
one of them um but what is important is
00:02:09.119
that I have to be a security expert
00:02:11.039
strictly by virtue of the fact that I
00:02:12.520
have users um if there was a breach or a
00:02:15.879
leak or anything ignorance is not an
00:02:18.319
excuse you can't say we just didn't know
00:02:20.160
any better that won't absolve you from
00:02:22.239
your sin so I have users so I must be a
00:02:24.879
security expert you probably do as well
00:02:27.239
so this is an attempt to uh get rid of
00:02:31.120
some of that you know excuse of
00:02:33.080
ignorance so back to mallerie let's talk
00:02:36.120
about her attack um good security is
00:02:39.360
about layers you should have application
00:02:41.879
Level security to protect against SQL
00:02:44.120
injection xss csrf all that fun stuff
00:02:47.599
you should also have infrastructure
00:02:49.040
level security you should use a secure
00:02:50.640
data center that people just can't walk
00:02:52.040
into you should have physical firewalls
00:02:54.480
between your devices however to truly
00:02:57.280
analyze any individual layer of the
00:02:59.280
security you should assume that all the
00:03:01.360
other ones have failed so we have to
00:03:03.360
assume that this works mallerie can just
00:03:05.640
run her script and get a database dump
00:03:08.159
of your users table so with that in mind
00:03:12.400
let's uh kind of analyze how we could
00:03:14.519
keep track of your user password to let
00:03:16.040
them authenticate the easiest option is
00:03:19.200
just plain text just store your plain
00:03:21.120
text passwords of your users this is
00:03:23.519
obviously bad and no one here is doing
00:03:25.959
this
00:03:27.319
right right
00:03:31.480
no one raised their hand but someone
00:03:32.959
here is doing it they don't want to
00:03:34.720
admit it but they do it because they
00:03:36.680
have reasons you know they just they run
00:03:38.360
a site that's for ranking animated gifts
00:03:40.319
it doesn't matter if there's a leak
00:03:41.920
people will just be able to rank gifts
00:03:43.599
on your users behalfs whatever but that
00:03:46.080
that's not true because users reuse
00:03:48.120
passwords we learned this about
00:03:49.200
peppercorn's owner so when your database
00:03:51.400
gets breached and they find out that
00:03:53.319
your users's password is peppercorn they
00:03:55.239
immediately go from your GIF ranking
00:03:56.760
site to banking websites and Gmail and
00:03:59.439
Facebook
00:04:00.439
and try that same password and because
00:04:02.519
users use the same passwords everywhere
00:04:04.959
that will work and they will get in
00:04:06.319
further and they will have a deeper leak
00:04:08.480
into their online identity so we know
00:04:11.439
this is bad so we need some way to
00:04:13.400
obfuscate the data in this dump so the
00:04:16.160
obvious first thing is we'll just
00:04:17.479
encrypt it um this is a very secure
00:04:20.959
encryption Cipher known as rot 13 r13 a
00:04:23.919
Caesar Cipher with a key 13 you take all
00:04:26.000
the characters and you move them by 13
00:04:27.960
so a becomes n b becomes comes o c
00:04:30.639
becomes P it's uh nearly uh uncrackable
00:04:34.560
unless you have the key um this for
00:04:38.400
example could be something more uh
00:04:41.440
complex like uh de3 or aes256 but the
00:04:44.919
key to all of them is that they are
00:04:46.080
reversible if you have the key so for
00:04:48.320
this the key is 13 if you know that you
00:04:49.919
can decrypt it for the other ones if you
00:04:51.360
have the key you can decrypt it this is
00:04:53.600
bad though because our system is already
00:04:55.479
compromised we also have to assume that
00:04:57.440
if she was able to get a database dump
00:04:59.720
she also has access to our application
00:05:01.360
code where our secret might be or just
00:05:02.720
the physical servers where the keys
00:05:04.080
might be um it's also important to
00:05:06.039
realize that an attacker could be a
00:05:07.680
malicious employee they have access to a
00:05:10.600
lot of your things that you know if they
00:05:12.919
wanted to use them wrongly they could so
00:05:15.759
the key here is that encryption is
00:05:17.199
reversible the data is obfuscated but
00:05:19.560
anyone with that secret can decrypt it
00:05:22.560
hashing is irreversible and that's kind
00:05:25.280
of uh where we need to go to avoid being
00:05:27.880
able to just take that dump and reverse
00:05:29.720
everything out to get plain text
00:05:31.199
passwords so if you have a hashing
00:05:33.319
function and you pass something into it
00:05:34.880
like peppercorn you get something out um
00:05:37.919
and then if you take something else like
00:05:39.520
secret 1 2 3 4 and hash it you get
00:05:41.160
something else out this hash is the
00:05:42.639
output but if you have a hash there's no
00:05:45.680
inverse function that you can apply to
00:05:47.360
it to get the input so that's how we
00:05:50.600
kind of you know go one way there uh
00:05:53.080
another benefit of hashing is that it's
00:05:55.199
deterministic so if you hash peppercorn
00:05:57.720
you get an output if you hash peppercorn
00:05:59.479
again you get the same output if you
00:06:01.160
hash it a third time you get the same
00:06:02.560
output so what's important about that is
00:06:05.160
that allows us to check the password
00:06:06.639
when it comes in matches what we have
00:06:08.280
stored um but also it's deterministic
00:06:10.840
but not obvious so if you hash
00:06:12.800
peppercorn twice you get the same thing
00:06:14.560
but if you change the input trivially
00:06:16.639
like upper casing peppercorn you get a
00:06:18.440
completely different output and if you
00:06:20.880
have a trivially different output so the
00:06:22.840
least significant bit here is off by one
00:06:25.240
um the input can be wildly different
00:06:27.199
from the the input we know so there's no
00:06:29.880
good way to kind of use these hashes to
00:06:32.440
calculate similar things so great all of
00:06:35.639
our problems are solved we can just hash
00:06:37.319
all of our uh passwords and now when we
00:06:39.199
get the plain text password in we do the
00:06:40.880
same hashing algorithm if they match
00:06:42.319
they're authenticated it's great we
00:06:44.120
can't go backwards so everything's safe
00:06:46.720
uh notably throughout all of this I'm
00:06:48.319
using md5 just because its output is
00:06:50.039
shortest so it fits on a slide well
00:06:51.880
everything about shaan or any other kind
00:06:53.800
of basic hashing algorithm is the same
00:06:56.759
uh so but we have a problem and that's
00:06:58.960
that hashing is deterministic we just
00:07:00.479
went over this but it's a double-edged
00:07:02.919
sword the hash of peppercorn is always
00:07:05.280
the same but the hash of peppercorn is
00:07:07.680
always the same and that leads to the
00:07:10.080
notion of rainbow tables um and before
00:07:13.360
you ask uh yeah this is the best slide
00:07:15.400
that's ever been made it'll save us a
00:07:16.919
lot of time in Q&A um and more notably
00:07:21.000
no one calls them this you will usually
00:07:22.919
see them refer to as lookup tables or
00:07:24.919
something more not jokey um it's usually
00:07:28.280
just used in joke form like digested um
00:07:31.000
but because every hash is always the
00:07:32.520
same you know that peppercorn in always
00:07:34.000
comes out in a thing you can pre-compute
00:07:36.000
tables so if you just have a long list
00:07:39.360
of possible passwords you can hash them
00:07:41.240
once and then use a lookup table to get
00:07:43.280
your input so if we have our dump we
00:07:46.120
have this hash and we can put it into a
00:07:47.520
lookup table and see what the value is
00:07:49.280
and as a proof of concept we will use
00:07:50.720
the world's best lookup table which is
00:07:52.960
Google if you just take a hash and drop
00:07:55.520
it in to Google um you don't even have
00:07:58.120
to leave the results page
00:08:00.479
um you can see right on
00:08:03.840
there that that md5 string is just
00:08:07.039
peppercorn
00:08:09.280
so so we need some way to make that not
00:08:12.680
possible for an attacker who has gotten
00:08:14.120
this dump we need to make these
00:08:15.759
pre-computed tables Obsolete and the
00:08:18.039
easiest way is to just change all of the
00:08:19.599
inputs so we know that peppercorn is
00:08:21.400
always the same and all these tables
00:08:22.479
exist with peppercorn in it that has
00:08:23.840
that output so we can append a string of
00:08:26.159
nonsense to it and we effectively just
00:08:28.319
gave this user a strong pth password and
00:08:30.000
we can keep that like nonsense you know
00:08:31.919
in our app code or something and we know
00:08:33.360
that that's like kind of our secret and
00:08:35.240
then we get these strong passwords out
00:08:36.839
of it um and then we just add that
00:08:38.800
string to our off checking and it all
00:08:41.159
works and you can see we check our
00:08:42.640
lookup table and nothing has that hash
00:08:44.959
that's never been pre-computed in a
00:08:46.440
lookup table great we did it we solved
00:08:49.600
password security guys way to go it only
00:08:51.880
took like eight minutes that was really
00:08:54.279
easy um and that's true an attacker will
00:08:57.200
not be able to look up that password in
00:08:59.079
a lookup table or the hash rather um the
00:09:02.399
problem is they can't look it up in an
00:09:05.079
existing table but they can generate a
00:09:07.079
new table trivially because uh hashing
00:09:09.880
schemes are fast uh on this uh MacBook
00:09:13.440
Air that is a just Workhorse power
00:09:16.160
machine I can calculate 13 million sha
00:09:19.279
ones in a second 13 million every second
00:09:22.600
so as a proof of concept this is where
00:09:24.839
Harvest was and all of our passwords we
00:09:27.120
were sha waning them with this Global
00:09:28.880
salt on all of them um and we knew this
00:09:32.680
was bad we had it there for a long time
00:09:34.279
it was on like our list of things to fix
00:09:36.160
but you know we hadn't had a breach yet
00:09:38.160
but no one has a breach until the first
00:09:39.640
time they had a breach uh so to be
00:09:42.160
preemptive I went ahead and white had
00:09:44.519
attacked our database um you can use any
00:09:47.200
freely available program that you can
00:09:48.839
download from the internet I used
00:09:50.200
hashcat you Google hashcat you find it
00:09:52.519
you can use John the Ripper you can
00:09:53.880
install John the Ripper via Homebrew
00:09:55.800
it's not hard to do I got a handful of
00:09:58.959
word on the Internet by Googling for you
00:10:01.480
know password dictionaries and put them
00:10:03.680
all together and got 25 million uh
00:10:05.839
unique entries and I ran it and then
00:10:09.360
right there in the middle was peppercorn
00:10:11.320
along with 880,000 other passwords from
00:10:13.839
the Harvest database uh and I got them
00:10:16.079
in 87 seconds took a minute and a half
00:10:18.399
to get 880,000 passwords and it was not
00:10:20.519
that hard um this isn't even a majority
00:10:23.920
of our users but it's definitely enough
00:10:26.000
to do damage so uh and as a I did my
00:10:29.800
best to keep all the data anonymized so
00:10:31.440
if you are a harvest user I don't know
00:10:32.680
your password I try to just work solely
00:10:35.120
on the hashes and not keep them
00:10:37.639
Associated um in this dump there's also
00:10:39.959
things like these passwords and that
00:10:42.320
first one you know that's kind of the
00:10:43.600
common like leat speake way to get a
00:10:45.279
better password but all of these word
00:10:47.240
lists are very smart and all of these
00:10:49.399
programs are very smart and they will
00:10:50.639
automatically check all of these
00:10:51.760
alternates so that Universe there was
00:10:53.920
cracked that second one seems like a
00:10:56.160
very secure password as well until you
00:10:58.320
look at a Cordy keyboard and realize
00:11:00.200
that's like a hardware hack and it just
00:11:01.760
follows keys on a Cy layout and again
00:11:04.560
these word lists are smarter than that
00:11:05.959
and they're all in there that third one
00:11:08.279
I don't know why it's in there that
00:11:10.040
seems good I haven't figured out that
00:11:11.880
that's like you know a character from
00:11:13.399
Game of Thrones or anything that's just
00:11:14.959
a thing um but again like these things
00:11:18.240
are good they they have many different
00:11:20.920
options there it's probably just surely
00:11:22.440
based on its length it just calculated
00:11:24.880
it so that brings us to the concept of
00:11:27.519
true salting in Harvest we were doing a
00:11:30.240
global salt uh and that's what we were
00:11:31.839
just talking about but we can do a per
00:11:33.639
password salt so every single user
00:11:36.000
instead of appending that nonsense we
00:11:37.800
can do it on every single one this gives
00:11:39.639
all of our users strong passwords and
00:11:41.639
they all have unique passwords if we add
00:11:43.399
enough entropy to the end of
00:11:45.079
it so I got rid of the email column just
00:11:47.880
for space here but so now we have the uh
00:11:50.040
hash that we store along with the salt
00:11:52.279
um having the salt doesn't really help
00:11:53.920
the attacker uh this is a game of kind
00:11:55.959
of computational expense so just knowing
00:11:58.920
ites doesn't help them do it any faster
00:12:00.959
and we need to know it as well so it
00:12:02.240
needs to be stored somewhere um and a
00:12:04.920
very random salt one with enough entropy
00:12:06.760
keeps people with the same password from
00:12:08.440
having the same hash so if you had a
00:12:10.200
very short salt if you know you had
00:12:12.200
thousands of users all with the password
00:12:13.760
password there's bound to be a couple
00:12:15.199
that end up with the same salt and end
00:12:16.560
up with the same hash again which makes
00:12:18.120
cracking one good for cracking multiples
00:12:20.800
and this is pretty good this is actually
00:12:23.040
getting us most of the way there um but
00:12:25.519
mostly this is pretty good for
00:12:27.279
1976 and that's roughly when this was
00:12:30.079
used in uh unix's Crypt 3 program that
00:12:33.000
was used for the system passwords in
00:12:34.639
Unix um at the time in 1976 a modern CPU
00:12:39.040
could calculate about four of those
00:12:40.880
hashes every second so we had enough
00:12:43.800
complexity there to keep them from
00:12:45.240
cracking it but today we have these this
00:12:48.000
is an AMD ax 7990 uh you can buy one for
00:12:51.600
about a, bucks um it can calculate 1.5
00:12:55.680
billion hashes a second so MacBook Air
00:12:58.519
13 million this 1.5 billion every second
00:13:02.720
that makes generating these lookup
00:13:04.199
tables of one per user trivial again so
00:13:07.480
it's now no longer outside the realm of
00:13:11.199
possibility the problem is that most
00:13:13.560
hashing algorithms like sha1 and md5 are
00:13:17.160
not made for uh hashing passwords
00:13:20.079
they're made to be fast they're designed
00:13:22.000
to be fast because they're used for
00:13:23.279
things like checking file validity on
00:13:25.240
both ends of a network transfer or
00:13:26.680
something like that so in 1999 Neil's
00:13:30.720
provos and David materis published a
00:13:32.519
paper about future adaptable password
00:13:35.040
schemes to avoid this very problem and
00:13:37.240
the thing they came up with was
00:13:39.360
bcrypt now bcrypt is it has all the
00:13:42.399
goodies we've already talked about it's
00:13:43.680
a one-way hash it's pre-image resistant
00:13:45.639
it's deterministic it has built-in per
00:13:47.839
password salts we'll see that soon but
00:13:49.880
it has two specific things that make it
00:13:52.040
better for all the problems we
00:13:53.519
previously talked about one is that it's
00:13:55.519
based on X Blowfish which is its
00:13:57.360
underlying Cipher um
00:13:59.560
it's based on Blowfish explow fishes
00:14:01.680
which is notably very expensive but this
00:14:04.040
is changed to be even more expensive the
00:14:06.160
eks and explow fish stands for expensive
00:14:08.639
key schedule and it also requires more
00:14:11.759
memory to kind of uh get X Blowfish up
00:14:14.680
and running so it makes uh gpus and
00:14:17.399
other specialized Hardware less feasible
00:14:19.399
again because they typically don't come
00:14:21.320
with a plethora of ram um and so that
00:14:24.560
slows down the process of just getting
00:14:26.320
started but more interestingly it has
00:14:28.680
this adaptive cost that was in the title
00:14:30.680
of their paper so let's look back at the
00:14:33.160
dump so again this is our dump and now
00:14:35.560
we have bcrypt uh digests in our
00:14:38.079
password column so let's examine the
00:14:40.720
anatomy of a bcrypt
00:14:43.600
digest first things first uh ignore the
00:14:46.320
dollar signs they are just delimiters of
00:14:48.360
all the fields they don't signify
00:14:49.720
anything special this last field is the
00:14:52.720
hash that's the final check sum that
00:14:54.440
comes out of it this thing right to the
00:14:56.920
left is the salt so that's you know nice
00:14:59.399
we don't have to worry about generating
00:15:00.560
our own salts or dealing with our own
00:15:01.800
salts or storing them they're just right
00:15:03.480
in the algorithm and they're stored
00:15:05.000
right in the digest so gets rid of a
00:15:06.720
thing we have to worry about uh this
00:15:08.480
first field is just an identifier this
00:15:10.720
just means this is a bcrypt digest uh 2X
00:15:13.360
and 2 y also signify bcrypt hashes for
00:15:16.240
historical reasons that we can talk
00:15:17.639
about later um other things signify
00:15:19.920
other algorithms but 2 a 2X and 2 y are
00:15:22.440
bcrypt but this one this is the
00:15:24.600
interesting one this is the cost so what
00:15:28.680
you do is when you B Crypt a password to
00:15:30.440
get your hash out you pass it a cost as
00:15:32.040
well so pepper corn with 10 comes out as
00:15:33.560
a thing peppercorn with 10 Again comes
00:15:35.120
out as a different thing but that's
00:15:36.639
because of salting we already went over
00:15:38.079
that uh be pepper corn with a cost of 14
00:15:41.440
comes out with a thing again um and you
00:15:43.519
can see right there in the digest
00:15:44.880
there's that cost of 14 that we just
00:15:46.360
passed in it what is notable about this
00:15:49.240
isn't the output but how long it takes
00:15:51.000
to get the output so on this MacBook Air
00:15:52.959
that first one took about 006 seconds
00:15:55.279
second one took about 06 seconds but the
00:15:57.160
third one took more than 1 second 1.04
00:15:59.959
seconds and that's what that future
00:16:02.399
adaptable scheme means uh this is a
00:16:05.360
rough average of doing a bunch of bcrypt
00:16:07.000
hashes with each cost on this machine uh
00:16:09.560
you have to balance as a developer uh
00:16:12.120
how long you want your users to wait but
00:16:14.079
again if they're offing into your
00:16:15.560
application adding a couple of tents of
00:16:17.199
a second won't necessarily be noticeable
00:16:19.160
whereas for an attacker it will be and
00:16:21.600
it's future adaptable because by
00:16:23.279
increasing this cost over time we can
00:16:25.560
March ahead with the hardware so as
00:16:27.680
Hardware gets faster our passwords can
00:16:29.399
get more expensive and we don't have to
00:16:31.079
worry about it before the attack I did
00:16:33.639
on the Harvest database took 87 seconds
00:16:35.480
to get those 880,000 passwords now the
00:16:37.600
exact same attack with the same word
00:16:39.240
list same program will take 84,000 years
00:16:42.920
which is a notable Improvement um that
00:16:45.639
is no longer economically feasible for
00:16:48.120
an attacker to carry out so bcrypt is
00:16:50.319
kind of The Sweet Spot there um
00:16:52.120
additionally it has a ruby Library which
00:16:53.839
is very useful for us we'll talk about
00:16:55.560
that gem in a second some people here
00:16:58.360
now are thinking well you should be
00:17:00.720
using pbkdf2 or you should be using
00:17:03.399
script or whatever and that's fine
00:17:06.199
you're ahead of the game way to go
00:17:08.039
you're ahead of the curve uh we can
00:17:09.720
debate the merits of them afterwards I
00:17:11.520
still think you're wrong but uh
00:17:14.000
regardless though if you are already
00:17:15.520
using pbkdf2 or script you can stick
00:17:18.319
with it you don't have to convert to
00:17:19.520
bcrypt but if you are using something
00:17:21.079
like sha one you should consider it so
00:17:24.439
how do we fix it what is the fix um to
00:17:26.520
do the conversion we need this plain
00:17:28.400
text pass password you can't go from one
00:17:30.280
hash to another so if you already have
00:17:33.360
the plain text password if you're in
00:17:34.600
that first step it's easy you can just
00:17:36.919
do the conversion manually it might take
00:17:38.280
some time but you'll get through your
00:17:39.280
database eventually otherwise we can
00:17:41.559
just uh take our old hashing scheme so
00:17:43.919
when we authenticated through we had the
00:17:45.120
plain text password we hashed it made
00:17:46.600
sure it matched um we want to get to
00:17:48.760
here where we take the uh password
00:17:50.919
coming in and compared to the bcrypt
00:17:52.240
digest um a couple of you are probably
00:17:54.360
realizing here that that uh seems to uh
00:17:57.679
you know contradict what I said ear
00:17:58.840
earlier about it being irreversible
00:18:00.440
where we are taking the password digest
00:18:02.280
passing into BP and then comp uh
00:18:03.799
comparing it to the plain text password
00:18:06.240
uh that's because the BCP ruby gem
00:18:07.840
overloads the equals equals operator in
00:18:10.120
probably the worst design decision of it
00:18:12.159
but uh just be aware that it is not in
00:18:14.039
fact reversing it it's using that to
00:18:16.600
check the hashes against each other um
00:18:18.960
so but to do that conversion we can just
00:18:21.440
kind of pre-filter in our uh
00:18:23.360
authentication flow to convert so we
00:18:25.280
have it coming in if it's uh you know we
00:18:27.720
go to this conversion method if it's
00:18:29.799
already converted we just bounce back
00:18:31.559
out um if it's not just update it in
00:18:33.799
place and go onward again as a proof of
00:18:36.600
concept because we did this with Harvest
00:18:38.679
uh this was what happened with us we did
00:18:40.480
that exact same code was out of the
00:18:41.840
Harvest code base for the conversion um
00:18:44.760
over the course of two and a half weeks
00:18:46.120
we kind of had this curve of natural
00:18:48.120
conversion so there's a big spike up
00:18:49.799
front uh as all the daily users and
00:18:52.320
people using like the Mac App and the
00:18:53.919
iPhone app of in and then slowly as
00:18:56.080
weekly users and biweekly users and less
00:18:58.080
often users logged in we got more and
00:19:00.000
more of them um but this didn't quite
00:19:02.559
get us all the way uh but since I had
00:19:05.640
already white hack uh attack the uh
00:19:07.880
database I could just do it a second
00:19:09.520
time with conversion in mind and that
00:19:11.760
got us a giant Spike that got us the
00:19:13.440
rest of the way there um we had a few
00:19:15.799
remaining active users that weren't done
00:19:17.640
for them we just manually reset their
00:19:19.159
password and send them an email and let
00:19:20.200
them know it was up but it wasn't that
00:19:22.080
many and it was uh it wasn't as hard as
00:19:24.039
it seems like it would be there is one
00:19:26.440
downside of bcrypt and that's what we've
00:19:28.360
already talked talked about it is an
00:19:29.480
expensive algorithm and an expensive
00:19:31.799
algorithm is expensive so you can guess
00:19:34.559
when we launch bcrypt here this is our
00:19:35.960
utilization of our CPU on our servers
00:19:38.400
and it about doubled um part of this is
00:19:41.039
because Harvest API still supports basic
00:19:43.280
authentication and it's used a lot so
00:19:45.400
every uh request that comes in has a
00:19:47.440
password along with it so another bcrypt
00:19:49.200
gets uh computed but if you're already
00:19:51.720
Whole Hog on O2 that won't be as much of
00:19:53.880
a problem but more so this is still well
00:19:56.039
within the realm of acceptability so
00:19:58.760
it's totally worth
00:20:01.039
it so in our threea play act one is
00:20:04.760
exposition that's the boring SP now
00:20:06.679
you're all good act two is where we add
00:20:08.520
the
00:20:10.440
conflict so uh bcrypt has a ruby gem
00:20:14.760
that I mentioned earlier called uh
00:20:16.480
bcrypt Ruby um this is great for us as
00:20:19.080
Ruby developers because it makes it easy
00:20:20.640
to use it and as part of this I had a
00:20:23.360
feature that I wanted to add to B Crypt
00:20:24.799
Ruby that I thought would be useful uh
00:20:26.520
so I went to go uh submit a PO request
00:20:28.960
and the test didn't run and there were
00:20:31.039
dependencies that were out of date and
00:20:32.919
there were missing docks so uh that one
00:20:35.960
poll request turned into a dozen pull
00:20:37.799
requests and then if you just do that
00:20:40.440
long enough and pester enough uh Aman
00:20:42.799
will get tired of you and just ask for
00:20:44.200
commit bit and then you will get it and
00:20:46.640
then you become uh Aman was the deao
00:20:49.600
maintainer of BCP Ruby and now it's me
00:20:52.280
um so
00:20:54.320
yeah notably this is what BP Ruby's
00:20:57.559
Source looks like but more accurately
00:21:00.159
this is what bcrypt ruby Source looks
00:21:01.799
like it is a ruby Jem wrapper around a c
00:21:04.840
and a Java implementation of bcrypt uh
00:21:07.720
you want it to run as fast as possible
00:21:09.919
because your attackers will be running
00:21:11.360
it as fast as possible so you want to
00:21:14.000
you know use a implementation to match
00:21:16.120
what your attacker will be using uh
00:21:18.679
along with this though when you release
00:21:20.120
a version of the gem you have to release
00:21:22.240
native binary so that your users aren't
00:21:24.039
dependent on having a compiler on their
00:21:25.760
machine it's just a nice courtesy you
00:21:27.799
can provide so every version of BCP Ruby
00:21:30.760
has four versions that get distributed
00:21:33.120
and the top two there are windows
00:21:35.679
binaries um I am not a Windows developer
00:21:39.279
so I didn't know really how to do that
00:21:41.080
uh but there are these fat binaries that
00:21:43.440
provide uh support for multiple versions
00:21:45.320
of Ruby wrapped up into one binary uh
00:21:48.279
luckily when Aman added the uh code to
00:21:51.960
do all of this he left this nice long
00:21:53.840
detailed uh commit message about doing
00:21:56.080
it but he left it two years ago and like
00:21:58.600
all things about computers on the
00:22:00.080
internet that are 2 years old it doesn't
00:22:03.640
work about 5 years ago Aaron I think
00:22:07.039
introduced the concept of fat binary
00:22:08.840
gems uh this is where I found out that
00:22:10.840
he made the same Queen joke as me five
00:22:12.600
years before me but more so anything
00:22:15.279
about computers written on the internet
00:22:16.559
that's 5 years old definitely doesn't
00:22:19.240
work all of this stuff is ultimately
00:22:22.320
though just wrapping up Ray compiler
00:22:24.559
which is this great gem that does what
00:22:26.000
it says on the tins provides a standard
00:22:27.840
and simplified way to build and package
00:22:29.919
Ruby extensions C in Java using rake's
00:22:32.400
glue great so it has nice long
00:22:35.480
documentation I walked through and
00:22:37.440
installed everything and it didn't
00:22:42.919
work
00:22:44.600
so the rails team has a project called
00:22:47.520
The Rails Dev box and what this has in
00:22:50.919
the dev box is all or all of the
00:22:53.600
external dependencies that you are not
00:22:55.840
necessarily wanting to have on your
00:22:57.200
machine but this allows you to develop
00:22:58.960
on your machine but run tests in this
00:23:01.039
Dev box that has all of the external
00:23:02.880
dependencies pre-loaded in it so I had a
00:23:05.360
dream that I was going to make a rake
00:23:07.120
compiler Dev box that had all the
00:23:08.679
dependencies we need all the rubies uh a
00:23:11.200
GCC the jdk mingw which is the uh thing
00:23:15.159
that allows Nicks like machines to
00:23:16.880
compile Windows binaries and uh vagrant
00:23:20.159
made this possible because it's exactly
00:23:22.400
what it says create and configure
00:23:23.440
lightweight reproducible and portable
00:23:24.720
development environments exactly what I
00:23:26.320
wanted so I did that I made a vagrant
00:23:28.279
box it was awesome and it didn't
00:23:33.360
work so what do you do with anything
00:23:35.960
that doesn't work you put it on GitHub
00:23:41.039
um and with that I opened up rake
00:23:43.840
compiler number 79 in our three-act play
00:23:47.279
this would be the climax this is the
00:23:49.080
turning
00:23:50.279
point and you were promised a love
00:23:53.640
story this is Luis
00:23:55.760
Lena uh Luis is the developer of the one
00:23:58.120
click Ruby installer for Windows if you
00:23:59.880
do any Ruby development on a Windows
00:24:01.480
machine you owe him a debt of gratitude
00:24:03.559
because of that work he is also a member
00:24:05.559
of the Ruby core team and because of
00:24:07.880
both of those he was voted a ruby hero
00:24:09.640
in 2010 but most notably for me as not a
00:24:12.720
Windows developer and not in 2010 uh he
00:24:16.520
is the developer of R compiler so when I
00:24:19.120
open that issue saying listen man I did
00:24:21.760
everything I could I followed all the
00:24:23.400
docs nothing works uh Louise came back
00:24:26.080
and opened up break compiler Dev box
00:24:27.720
number two and R compiler Dev box number
00:24:30.240
two you should check out because this is
00:24:32.240
an epic thread where Louise drops on me
00:24:34.880
Triple Hearts not one
00:24:37.200
time not two
00:24:39.399
times not three
00:24:41.840
times but four whole
00:24:44.320
times 12 Hearts I
00:24:48.559
know but here's the problem now I'm 12
00:24:51.360
hearts in the hole so I need all you
00:24:53.399
guys to take out your Internet devices
00:24:55.279
and tweet at Louise three hearts cuz I
00:24:57.880
have a debt to repay so uh have at it
00:25:00.880
you can use fancy Emoji if you'd prefer
00:25:03.399
um and just generally thank him for
00:25:05.799
being a wonderful OSS maintainer and
00:25:08.000
contributor um now some of you think you
00:25:11.320
have figured out my scam that I'm just
00:25:13.120
traveling around the world to a repay an
00:25:15.480
emoji debt but B to kind of you know
00:25:18.720
love troll Louise but uh to half of you
00:25:21.440
I just want to encourage you to find
00:25:22.960
your own Louise uh find someone thank
00:25:25.600
them from their work but that's easy and
00:25:27.240
boring but uh coll collaborate with them
00:25:29.559
find something and work with them it's
00:25:31.360
surprisingly rewarding and you know Luis
00:25:33.559
is uh he lives in Paris and Argentina so
00:25:35.919
it's a a fun Global collaboration there
00:25:38.880
uh it could be any OSS maintainer whose
00:25:40.559
work you admire or you want to use could
00:25:42.720
be a cooworker whatever it's easy but to
00:25:45.120
the other half of you the ones who are
00:25:46.600
already maintaining a giant library or
00:25:48.760
already Fielding dozens of poll requests
00:25:51.360
I want to bastardize a quote and
00:25:52.919
encourage you to be the Louise that you
00:25:54.600
wish to see in the world so when someone
00:25:56.760
comes to you with you know that same
00:25:58.440
issue over and over again and you
00:26:00.200
tempted to just throw your hands up and
00:26:02.880
yell rtfm consider for a moment that the
00:26:05.399
problem might be the FM not the library
00:26:08.320
or the person and do your best to kind
00:26:11.080
of walk them through it it will make our
00:26:12.520
community uh much better and friendly
00:26:15.159
and triple hearted for all of
00:26:17.480
us so what have we learned today three
00:26:19.960
big lessons one use BCP just do it it's
00:26:22.440
not that hard if you have any questions
00:26:23.840
about it if you want to walk through
00:26:25.360
find me afterwards we'll hug we'll cry
00:26:27.320
we'll convert our password
00:26:29.279
number two is distribute a Dev box if
00:26:30.919
you have any project that has
00:26:32.120
complicated external dependencies do
00:26:33.960
everyone else a favor and make a Dev box
00:26:35.919
that can let them do it alternatively if
00:26:37.600
you ship a gem that has native
00:26:39.200
extensions try out Rec compiler Dev box
00:26:41.120
it will make you not rip your hair out
00:26:43.159
anymore compiling native binaries but
00:26:45.200
most importantly I encourage you to
00:26:46.840
release to collaborate and to iterate
00:26:49.960
and thank you
00:26:59.000
thanks TJ for the for the awesome talk
00:27:00.880
in security and the little Spiel on open
00:27:03.240
source um any questions for
00:27:06.799
him again the mics are yeah yeah you got
00:27:10.159
to come to the
00:27:11.720
mic no because then it won't be on the
00:27:16.200
video hi everyone at home hello hi there
00:27:20.960
what does has secure password do in RS
00:27:23.880
thank you uh so he asked what has secure
00:27:27.720
password dozen rails that was a little
00:27:29.440
fast uh in Australian to understand um I
00:27:33.640
believe has support password is in
00:27:35.360
active support um it effectively just
00:27:37.480
kind of wraps this up for you so you can
00:27:39.480
drop into your model has secure password
00:27:42.320
and it will provide you an authenticate
00:27:44.039
method and a couple of validations
00:27:46.519
around passwords and password
00:27:48.000
confirmations um if you look at the
00:27:49.840
source for it it's not long it's you
00:27:51.760
know a dozen line maybe two methods it
00:27:54.320
you can yeah you can implement it
00:27:56.480
yourself or use it um usually don't use
00:27:58.840
it because uh the validations are a
00:28:00.480
little bit uh not in line with what I
00:28:02.240
want to do but yeah it it uses bcrypt
00:28:04.399
rails uses bcrypt great hey Aon hi um so
00:28:09.760
while you were hacking your application
00:28:12.360
like you were attacking application
00:28:14.440
would you say that you were harvesting
00:28:23.120
passwords ladies and gentlemen Aaron
00:28:26.919
Patterson yeah yes indeed I
00:28:29.919
was all right if you do have something
00:28:31.799
and yours too shy find me afterwards
00:28:33.519
it'll be great thank you
00:28:58.480
m
