stefanesser

It has come to my attention that BlackHat EU had talks from Alibaba Security about iOS security topics. It seems to be from the same people that have previously presented at DEFCON. Back then I had publicly discussed how their talk is basically just a summary of other people's work that is heavily miscredited to the wrong people.

Considering this history it is surprising that BlackHat would allow the same people to give a talk again on iOS security topics. But I have given up a long time ago on the BlackHat review board and their decisions, which is one of the reasons why I have stopped submitting to them years ago.

But I am digressing from the actual reason for this GIST. And no it is not about the fact that the talk once again starts with summarizing other people's work and crediting the wrong parties for the work done. In this GIST I want to go over one of the slides from the "summary part" of the talk, because not a single item on that slide is correct information.

So here is the offending slide:

![Fr

stefanesser

After a debate on Twitter how secure or insecure it is to ask #haveibeenpwned with their
k-anonymity check if passwords are compromised (while you are entering the password) I 
have hacked together a small python script that without optimization tries to answer this
question.

We are testing a 20 character password: bananenBrot4321Alarm

Assumption is that the website uses the k-anonymity check that leaks 5 SHA1 characters to
#haveibeenpwned with every attempt. Assumption is that first query happens after X characters
have been entered as password. And then every Y characters another check is executed.

stefanesser

$ python crack-k-anonymity.py 
------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Converting calls: 4,2 for password: bananenBrot4321Alarm (len: 20)
[4, 2, 2, 2, 2, 2, 2, 2, 2]

First call to API: bana (d33a7) ---> this takes long but can be precomputed

 ... loading precalculated result instead of bruteforcing the first prefix

stefanesser

$ python crack-k-anonymity.py 
------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Converting calls: 5,1 for password: bananenBrot4321Alarm (len: 20)
[5, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]

First call to API: banan (4eb10) ---> this takes long but can be precomputed

 ... loading precalculated result instead of bruteforcing the first prefix

stefanesser

$ python crack-k-anonymity.py 
------------------------------------------------------------------------------
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Converting calls: 5,2 for password: bananenBrot4321Alarm (len: 20)
[5, 2, 2, 2, 2, 2, 2, 2, 1]

First call to API: banan (4eb10) ---> this takes long but can be precomputed

 ... loading precalculated result instead of bruteforcing the first prefix