PeopleSoft (Oracle) PSCipher Encryption Weakness
Vendor: PeopleSoft
Product: People Tools
Version: 8.4x
Platform: Multi-platform
Title: Weak Encryption
Description:
PeopleSoft uses PSCipher() for encryption/hashing purposes. Based on
observations from the output of PSCipher() and on our familiarity with the
cryptographic library objects and methods used in the JCA/JCE, we were able to
surmise PSCipher() uses the password-based encryption algorithm as defined in
RSA Laboratories, "PKCS #5: Password-Based Encryption Standard," version 1.5,
Nov 1993.
In addition, based on PSCipher() output, the DES key used by PSCipher() is a
fixed string, probably stored in a number of system directories. Knowledge of
this key would greatly benefit password dictionary attacks against PSCipher()
encrypted passwords. A fairly knowledgeable attacker could easily determine
what this fixed key is.
Based on the length of a password the algorithm pads and then outputs 8 byte
values, using cipher block chaining mode for 8 byte blocks, output using base64
encoding. Consequently, passwords patterns of the following are readily
observed:
PSCipher(x1x2x3x4x5x6x7x8) = C1
PSCipher(x1x2x3x4x5x6x7x8y1?.yi) = C1C // block C varying up to i=8
PSCipher(x1x2x3x4x5x6x7x8y1?.y8z1?.zi) = C1C2C //block C varying up to i=8
For example,
PSCipher(12345678) = VsQZcQDrTFJg93xDQKeGJA==
PSCipher (123456789) = VsQZcQDrTFLZN5WgnZfo1w==
Note: Here VsQZcQDrTF corresponds to the 8 bytes ?12345678? encrypted with
base64 encoding performed after cipher out. Also note that, as is seen in this
example, the algorithm used by PSCipher() outputs encrypted text in 8 bytes
streams. If a user chooses a 9 character password, the first 8 bytes of this
will be the same for this password and an 8 character password using the same
first 8 characters. Hence, a dictionary attack for a 9 character password can
be done using the first 8
characters plus any additional characters.
In effect, increasing password length does not give an exponential increase in
password strength, significantly aiding a dictionary attack against passwords.
For example, suppose for simplicity only 10 characters are used for password
composition. Compare a full 9 character password exhaust of 109 with a 108
+ 10 exhaust.
Vendor Solution: (Provided by Oracle)
In Enterprise PeopleTools 8.47 and above, PeopleTools provides Triple DES
encryption (i.e 3DES) for increased data security. The PSCipher Utility has
been enhanced to provide a command line utility to encrypt a variety of text
values stored in various configuration files throughout your system. In
addition, the PSCipher includes the following features:
? Dynamic Key generation: The ability to generate unique encryption keys.
? Version maintenance: The key file maintains a version history of all previous
versions of the keys, which enables text previously encrypted to be encrypted
or decrypted.
Important additional information:
It is important to provide proper scope to the usage of PSCipher. PeopleSoft
does NOT use PSCipher for the following encryption purposes:
- PSCipher is NOT used for the encryption of ANY application data
- PSCipher is NOT used for the encryption of ANY data stored in the PeopleSoft
DB.
- ALL user passwords stored in the DB are hashed using the SHA-1 Secure Hash
Algorithm
In the instances where PSCipher is used within the PeopleSoft environtment,
adherence to Security Best Practices would ensure that those IDs protected with
PSCipher encryption would have minimal access to the system (additional access
would be unnecessary and not recommended). Additionally, and also in
accordance to best practices, these passwords should only be persisted in
secured areas of the system.
PScipher is NOT a general purpose routine. The decryption routine is NOT made
available. Therefore customers should not be using this routine for their own
use to 'protect' other kinds of data.
PeopleSoft routinely reviews the overall security posture of its products, and
we provide robust processes and communication channels for our customers and
3rd party organizations to provide feedback and information about possible
security weaknesses. These matters are given the highest level of attention
and analysis and PeopleSoft endeavors to provide resolutions and fixes at the
earliest possible time.
Vendor Trail:
December 04 PeopleSoft contacted
December 04 PeopleSoft confirms
October 05 PeopleSoft provides solution
Febuary 06 Release
Contributers:
Dr. Larry Wargo
Barrett McGuire
Matt Fotter
In-depth analysis is available at http://www.i-assure.com