Understand credential security (notes from the session at Microsoft Ignite)

Hello, geeks! We gave an awesome talk at Microsoft Ignite conference today about a DPAPI breakthrough world discovery that we made just a few weeks back.

 

This Microsoft Ignite session was demo heavy! In this post you can find slides, tools and some different keys and values that affect security. Enjoy!

Slide deck from the session at Microsoft Ignite 2016: “Understand credential security: important things you need to know about storing Your Identity”

Keys and values that affect security

We also think it would be great if you knew all the details about storing credentials.
Looking at below you must admit that it would be even hard to pronounce them but it necessary to be familiar with all of the different keys and values that affect security of pretty important data which you use to authenticate. Not copied, written by us directly from our heads.

Tools from the session

Here you can find the most important tools I used during the session!

>> Get the tools from this session <<

SAM
1. bootkey: classes from HKLM\SYSTEM\CCS\Control\Lsa + [class names for: Data, GBG, JD, Skew1] (+arrays’ permutations)
2. F: HKLM\SAM\SAM\Domains\Account\ [F – value]
string aqwerty = “!@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%\0”;
string anum = “0123456789012345678901234567890123456789\0”;
3. rchbootkey: MD5(string created after arytmetic functions with F, aqwerty, anum, bootkey)
4. hbootkey: RC4(key, data) -> RC4(rchbootkey, F)
5. MD5(…,hbootkey,…) -> RC4(…)-> DES(…, F) to get the hash (MD4)

MSDCC2
1. bootkey: classes from HKLM\SYSTEM\CCS\Control\Lsa + [class names for: Data, GBG, JD, Skew1] (+arrays’ permutations)
int[] permutationBootKey = new int[] { 0x8, 0x5, 0x4, 0x2, 0xb, 0x9, 0xd, 0x3, 0x0, 0x6, 0x1, 0xc, 0xe, 0xa, 0xf, 0x7 };
2. PolEKList: HKLM\SECURITY\Policy\PolEKList [default value]
3. lsakey: AES_DECRYPT(key, data) -> AES(bootkey, PolEKList)
4. NL$KM secret: HKLM\SECURITY\Policy\Secrets\NL$KM
5. nlkm_decrypted: AES_DECRYPT(lsakey, NL$KM secret)
6. Cache_Entry{id} -> HKLM\SECURITY\Cache\NL${id}
7. cache_entry_decrypted -> AES_DECRYPT(nlkm_decrypted, Cache_Entry{id})

DPAPI (classic)
A. MasterKey
1. pwdhash = MD4(password) or SHA1(password)
2. pwdhash_key = HMACSHA1(pwdhash, user_sid)
3. PBKDF2(…, pwdhash_key,…), another elements from the file. Windows 10 no domain: SHA512, AES-256, 8000 rounds.
4. Control – HMACSHA512

B. CREDHIST
1. pwdhash = MD4(password) or SHA1(password)
2. pwdhash_key = HMACSHA1(pwdhash, user_sid)
3. PBKDF2(…, pwdhash_key,…), another elements from the file. Windows 10 no domain: SHA512, AES-256, 8000 rounds.
4. Control – HMACSHA512

C. DPAPI blob
Algorithms are written in the blob itself.

DPAPI-NG
A. RootKey
Algorithms
Key derivation function: SP800_108_CTR_HMAC (SHA512)
Secret agreement: Diffie-Hellman

B. DPAPI blob
Key derivation: KDF_SP80056A_CONCAT

After getting the key, there is a need for decryption:
Key wrap algorithm: RFC3394 (KEK -> CEK)
Decryption: AES-256-GCM (CEK, Blob)

Some useful links:

technet.microsoft.com/en-us/library/cc750357.aspx
csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm
csrc.nist.gov/groups/ST/hash/policy.html
nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-175B.pdf

If you have any questions or comments post them below!

 

Comments