The story of an auditor being ordered to use a 'more vulnerable hash function' to comply with government standards



Companies and organizations that store important data such as user passwords store the data as 'hash values' that can only be converted in one direction by

cryptographic hash functions , rather than storing passwords in clear text. A person who belonged to an institution that uses government funds reported that 'the auditor was instructed to use a hash function that is weaker than before in order to comply with government standards' and it has become a hot topic. I will.

They want us to be compliant, not secure | Go350
https://www.go350.com/posts/they-want-us-to-be-compliant-not-secure/

They want us to be compliant, not secure | Hacker News
https://news.ycombinator.com/item?id=25543818

A blog post anonymously posted on December 24, 2020, describes the experience of the author, 'a few years ago, I worked for a federal-funded research institution.' The facility where the author works was an environment where a wide variety of hardware such as desktops, laptops, workstations, servers, embedded devices, etc., equipped with various operating systems such as Windows, Mac, Linux, and Unix were mixed.

Of these, some Linux distributions and Unix used a hash function called bcrypt as standard to store user passwords. Published in 1999, bcrypt is a Blowfish- based hash function that has the property of adding salt to counter rainbow table attacks that record password and hash value combinations.

The author says, 'bcrypt is a fast and efficient password hash, strong and difficult to attack. At that time, it was the strongest password hash we could use and as an additional bonus on all Linux and Unix systems. It worked with, 'he said, claiming that hashing with bcrypt was powerful.



However, a government IT auditor who visited the system audit one year discovered that the facility was using bcrypt to store user passwords. Auditors told the authors that using bcrypt is not FIPS-compliant because bcrypt is not an algorithm defined by the Federal Information Processing Standards (FIPS) in the United States, and SHA-2 based hashes. Requested to switch to a function.

In response, the authors ran tests showing that SHA-2 hashes are much easier to decipher than bcrypt hashes, and argued that using bcrypt is superior from a security standpoint. However, the auditor categorically refused to use bcrypt and asked for a switch to SHA-2, which is FIPS-compliant.

'In their mind, this was a simple matter. Bcrypt wasn't on the list. It wasn't an approved hash function. They didn't discuss it further,' the author writes. .. Eventually, the facility switched all systems to SHA-2 to satisfy the auditors, which could have made the system vulnerable to cyberattacks. A colleague of the author commented, 'Auditors want us to adhere to the list, not to be safe.'



The case was also talked about on the Hacker News on the Internet bulletin board, saying, 'I'm in a similar situation to the author, and regulators have asked me to add apparently unnecessary work procedures.' Some regulations, especially like the FIPS, look pretty outdated and actually make the system less secure. '' Many security professionals do not work with the latest technology, but 'auditors.' I work by 'following the policies set by senior management and senior management', 'he commented in favor of the author's opinion.

On the other hand, he told the author, 'I think the author should not write such a blog, but prove the effectiveness of bcrypt and encourage it to be added to the FIPS list.' 'The auditor bcrypt at his own discretion. If you allow, you will be held liable if something goes wrong, so it's natural to make a decision that is clearly inferior but never a problem. '

It is also argued that the author does not understand the perspective of the authorities that audit a large number of organizations, and that blog posts are based on a biased perspective. 'As authorities audit at different companies, the fewer variations of the standard, the less work it takes. FIP is probably much more comprehensive than hash performance testing on a single piece of hardware.' 'Bureaucracy When we ridiculously say 'government downplays safety,' we ignore the huge cost of regulating human behavior. The government must optimize these costs. 'It's 100% the author's point of view that the auditor didn't mind the weakness of the approved algorithm, and it's quite possible that the auditor knew about bcrypt.' I did.



in Software,   Security, Posted by log1h_ik