Cracking JWT tokens: a tale of magic, Node.js and parallel computing - WebRebels Oslo, 5 June 2018

Transcript

1. Cracking JWT tokens Cracking JWT tokens a tale of a

   tale of magic magic, , Node.js Node.js and and parallel computing parallel computing Oslo - 5 JUN 2018 Luciano Mammino ( Luciano Mammino ( ) ) @loige @loige loige.link/jwt-crack-oslo 1

2. loige.link/jwt-crack-oslo 2

3. Luciano... who? Luciano... who? Visit my castles: - (@loige) -

   (lmammino) - - (loige.co) Twitter GitHub Linkedin Blog Solution Architect at with @mariocasciaro with @andreaman87 with @ Podgeypoos79 3

4. Based on prior work Based on prior work Chapters 10

   & 11 in (book) 2-parts article on RisingStack: " " Node.js design patterns ZeroMQ & Node.js Tutorial - Cracking JWT Tokens github.com/lmammino/jwt-cracker github.com/lmammino/distributed-jwt-cracker 4

5. Agenda Agenda What's JWT What's JWT How it works How

   it works Testing JWT tokens Testing JWT tokens Brute-forcing a token! Brute-forcing a token! 5

6. — RFC 7519 — RFC 7519 is a compact, URL-safe

   means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted. JSON Web Token (JWT) JSON Web Token (JWT) 6

7. eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZX eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZX NzYWdlIjoiaGVsbG8gcGVvcGxlIn0.II7XQbjvDC NzYWdlIjoiaGVsbG8gcGVvcGxlIn0.II7XQbjvDC Hkt3UOh6weHY6tRcemT0gxRVmA6W6uZ8A Hkt3UOh6weHY6tRcemT0gxRVmA6W6uZ8A 7

8. OK OK Let's try to make it Let's try to

   make it simpler... simpler... 8

9. JWT is... An URL safe, stateless protocol for transferring claims

   9

10. 10

11. URL safe? 10

12. URL safe? stateless? 10

13. URL safe? stateless? claims? 10

14. URL Safe... URL Safe... It's a string that can be

    safely used as part of a URL It's a string that can be safely used as part of a URL (it doesn't contain URL separators like " (it doesn't contain URL separators like "= =", " ", "/ /", " ", "# #" or " " or "? ?") ") unicorntube.pl/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9... 11

15. Stateless? Stateless? Token validity can be verified without having to

    interrogate a Token validity can be verified without having to interrogate a third-party service third-party service (Sometimes also defined as "self-contained") 12

16. What is a claim? What is a claim? 13

17. some information to transfer some information to transfer identity identity

    (login session) (login session) authorisation to perform actions authorisation to perform actions (api key) (api key) ownership ownership (a ticket belongs to somebody) (a ticket belongs to somebody) 14

18. also... also... validity constraints validity constraints token time constraints token

    time constraints (dont' use before/after) (dont' use before/after) audience audience (a ticket only for a specific concert) (a ticket only for a specific concert) issuer identity issuer identity (a ticket issued by a specific reseller) (a ticket issued by a specific reseller) 15

19. also... also... protocol information protocol information Type of token Type

    of token Algorithm Algorithm 16

20. In general In general All the bits of information transferred

    with the token All the bits of information transferred with the token 17

21. eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZX eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZX NzYWdlIjoiaGVsbG8gcGVvcGxlIn0.II7XQbjvDC NzYWdlIjoiaGVsbG8gcGVvcGxlIn0.II7XQbjvDC Hkt3UOh6weHY6tRcemT0gxRVmA6W6uZ8A Hkt3UOh6weHY6tRcemT0gxRVmA6W6uZ8A 18

22. eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9. .eyJtZX eyJtZX NzYWdlIjoiaGVsbG8gcGVvcGxlIn0 NzYWdlIjoiaGVsbG8gcGVvcGxlIn0. .II7XQbjvDC II7XQbjvDC Hkt3UOh6weHY6tRcemT0gxRVmA6W6uZ8A Hkt3UOh6weHY6tRcemT0gxRVmA6W6uZ8A

    3 parts 3 parts separated by "." separated by "." 19

23. 20

24. HEADER HEADER: : eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp XVCJ9 XVCJ9 20

25. HEADER HEADER: : eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp XVCJ9 XVCJ9 PAYLOAD PAYLOAD: :

    eyJtZXNzYWdlIjoiaGVsbG8gcGVvc eyJtZXNzYWdlIjoiaGVsbG8gcGVvc GxlIn0 GxlIn0 20

26. HEADER HEADER: : eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp XVCJ9 XVCJ9 PAYLOAD PAYLOAD: :

    eyJtZXNzYWdlIjoiaGVsbG8gcGVvc eyJtZXNzYWdlIjoiaGVsbG8gcGVvc GxlIn0 GxlIn0 SIGNATURE SIGNATURE: : II7XQbjvDCHkt3UOh6weHY6tRcem II7XQbjvDCHkt3UOh6weHY6tRcem T0gxRVmA6W6uZ8A T0gxRVmA6W6uZ8A 20

27. Header Header and and Payload Payload are are encoded encoded

    let's decode them! let's decode them! Base64Url Base64Url 21

28. 22

29. HEADER HEADER: : 22

30. HEADER HEADER: : eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 22

31. HEADER HEADER: : {"alg":"HS256","typ":"JWT"} {"alg":"HS256","typ":"JWT"} 22

32. HEADER HEADER: : PAYLOAD PAYLOAD: : {"alg":"HS256","typ":"JWT"} {"alg":"HS256","typ":"JWT"} 22

33. HEADER HEADER: : PAYLOAD PAYLOAD: : {"alg":"HS256","typ":"JWT"} {"alg":"HS256","typ":"JWT"} eyJtZXNzYWdlIjoiaGVsbG8gcGVvc eyJtZXNzYWdlIjoiaGVsbG8gcGVvc

    GxlIn0 GxlIn0 22

34. HEADER HEADER: : PAYLOAD PAYLOAD: : {"alg":"HS256","typ":"JWT"} {"alg":"HS256","typ":"JWT"} {"message":"hello people"}

    {"message":"hello people"} 22

35. HEADER HEADER: : The decoded info is JSON! The decoded

    info is JSON! PAYLOAD PAYLOAD: : {"alg":"HS256","typ":"JWT"} {"alg":"HS256","typ":"JWT"} {"message":"hello people"} {"message":"hello people"} 22

36. HEADER HEADER: : {"alg":"HS256","typ":"JWT"} {"alg":"HS256","typ":"JWT"} alg: alg: the kind of

    algorithm used the kind of algorithm used "HS256" "HS256" HMACSHA256 Signature HMACSHA256 Signature (secret based hashing) (secret based hashing) " "RS256 RS256" RSASHA256 Signature " RSASHA256 Signature (public/private key hashing) (public/private key hashing) " "none none" NO SIGNATURE! " NO SIGNATURE! (This is " (This is " ") ") infamous infamous 23

37. PAYLOAD PAYLOAD: : {"message":"hello people"} {"message":"hello people"} Payload can be

    anything that Payload can be anything that you can express in JSON you can express in JSON 24

38. PAYLOAD PAYLOAD: : "registered" (or standard) claims: "registered" (or standard)

    claims: iss: issuer ID ("auth0") sub: subject ID ("[email protected]") aud: audience ID ("https://someapp.com") exp: expiration time ("1510047437793") nbf: not before ("1510046471284") iat: issue time ("1510045471284") 25

39. PAYLOAD PAYLOAD: : "registered" (or standard) claims: "registered" (or standard)

    claims: { "iss": "auth0", "sub": "[email protected]", "aud": "https://someapp.com", "exp": "1510047437793", "nbf": "1510046471284", "iat": "1510045471284" } 26

40. So far it's just metadata... So far it's just metadata...

    What makes it safe? What makes it safe? 27

41. SIGNATURE SIGNATURE: : II7XQbjvDCHkt3UOh6weHY6 II7XQbjvDCHkt3UOh6weHY6 tRcemT0gxRVmA6W6uZ8A tRcemT0gxRVmA6W6uZ8A A A Base64URL

    Base64URL encoded encoded cryptographic cryptographic signature signature of the header and the payload of the header and the payload 28

42. With HS256 With HS256 signature = HMACSHA256( base64UrlEncode(header) + "."

    + base64UrlEncode(payload), secret ) header payload secret SIGNATURE + + = 29

43. If a system knows the If a system knows the

    secret secret It can verify the authenticity It can verify the authenticity of the token of the token With HS256 With HS256 30

44. Let's create a token from scratch Let's create a token

    from scratch runkit.com/lmammino/create-jwt-token 31

45. Playground for JWT Playground for JWT JWT.io JWT.io 32

46. An example An example Session token 33

47. Classic implementation Classic implementation cookie/session based cookie/session based 34

48. 35

49. Browser Server 35 Sessions Database

50. Browser 1. POST /login user:"luciano" pass:"mariobros" Server 35 Sessions Database

51. Browser 1. POST /login 2. generate session id:"Y4sHySEPWAjc" user:"luciano" user:"luciano"

    pass:"mariobros" Server 35 Sessions Database id:"Y4sHySEPWAjc" user:"luciano"

52. Browser 1. POST /login 2. generate session id:"Y4sHySEPWAjc" user:"luciano" user:"luciano"

    pass:"mariobros" 3. session cookie SID:"Y4sHySEPWAjc" Server 35 Sessions Database id:"Y4sHySEPWAjc" user:"luciano"

53. Browser 1. POST /login 2. generate session id:"Y4sHySEPWAjc" user:"luciano" user:"luciano"

    pass:"mariobros" 3. session cookie SID:"Y4sHySEPWAjc" 4. GET /profile Server 35 Sessions Database id:"Y4sHySEPWAjc" user:"luciano" SID:"Y4sHySEPWAjc"

54. Browser 1. POST /login 2. generate session id:"Y4sHySEPWAjc" user:"luciano" user:"luciano"

    pass:"mariobros" 3. session cookie SID:"Y4sHySEPWAjc" 4. GET /profile 5. query id:"Y4sHySEPWAjc" Server 35 Sessions Database id:"Y4sHySEPWAjc" user:"luciano" SID:"Y4sHySEPWAjc"

55. Browser 1. POST /login 2. generate session id:"Y4sHySEPWAjc" user:"luciano" user:"luciano"

    pass:"mariobros" 3. session cookie SID:"Y4sHySEPWAjc" 4. GET /profile 5. query id:"Y4sHySEPWAjc" 6. record id:"Y4sHySEPWAjc" user:"luciano" Server 35 Sessions Database id:"Y4sHySEPWAjc" user:"luciano" SID:"Y4sHySEPWAjc"

56. Browser 1. POST /login 2. generate session id:"Y4sHySEPWAjc" user:"luciano" user:"luciano"

    pass:"mariobros" 3. session cookie SID:"Y4sHySEPWAjc" 4. GET /profile 5. query id:"Y4sHySEPWAjc" 6. record id:"Y4sHySEPWAjc" user:"luciano" 7. (page) <h1>hello luciano</h1> Server 35 Sessions Database id:"Y4sHySEPWAjc" user:"luciano" SID:"Y4sHySEPWAjc"

57. JWT implementation JWT implementation 36

58. 37

59. Browser Server 37

60. Browser 1. POST /login user:"luciano" pass:"mariobros" Server 37

61. Browser 1. POST /login user:"luciano" pass:"mariobros" Server Create Token for

    "luciano" Add signature 2. create JWT 37

62. Browser 1. POST /login 3. JWT Token {"sub":"luciano"} user:"luciano" pass:"mariobros"

    Server eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJz dWIiOiJsdWNpYW5vIn0.V92iQaqMrBUhkgEAyRaCY 7pezgH­Kls85DY8wHnFrk4 Create Token for "luciano" Add signature 2. create JWT 37

63. Browser 1. POST /login 3. JWT Token {"sub":"luciano"} user:"luciano" pass:"mariobros"

    Server eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJz dWIiOiJsdWNpYW5vIn0.V92iQaqMrBUhkgEAyRaCY 7pezgH­Kls85DY8wHnFrk4 4. GET /profile eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJz dWIiOiJsdWNpYW5vIn0.V92iQaqMrBUhkgEAyRaCY 7pezgH­Kls85DY8wHnFrk4 Create Token for "luciano" Add signature 2. create JWT 37

64. Browser 1. POST /login 3. JWT Token {"sub":"luciano"} user:"luciano" pass:"mariobros"

    Server eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJz dWIiOiJsdWNpYW5vIn0.V92iQaqMrBUhkgEAyRaCY 7pezgH­Kls85DY8wHnFrk4 4. GET /profile eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJz dWIiOiJsdWNpYW5vIn0.V92iQaqMrBUhkgEAyRaCY 7pezgH­Kls85DY8wHnFrk4 Token says this is "luciano" Signature looks OK 5. verify Create Token for "luciano" Add signature 2. create JWT 37

65. Browser 1. POST /login 3. JWT Token {"sub":"luciano"} user:"luciano" pass:"mariobros"

    6. (page) <h1>hello luciano</h1> Server eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJz dWIiOiJsdWNpYW5vIn0.V92iQaqMrBUhkgEAyRaCY 7pezgH­Kls85DY8wHnFrk4 4. GET /profile eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJz dWIiOiJsdWNpYW5vIn0.V92iQaqMrBUhkgEAyRaCY 7pezgH­Kls85DY8wHnFrk4 Token says this is "luciano" Signature looks OK 5. verify Create Token for "luciano" Add signature 2. create JWT 37

66. Browser 1. POST /login 3. JWT Token {"sub":"luciano"} user:"luciano" pass:"mariobros"

    6. (page) <h1>hello luciano</h1> Server eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJz dWIiOiJsdWNpYW5vIn0.V92iQaqMrBUhkgEAyRaCY 7pezgH­Kls85DY8wHnFrk4 4. GET /profile eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJz dWIiOiJsdWNpYW5vIn0.V92iQaqMrBUhkgEAyRaCY 7pezgH­Kls85DY8wHnFrk4 Token says this is "luciano" Signature looks OK 5. verify Create Token for "luciano" Add signature 2. create JWT Note: Only the server knows the secret 37

67. Cookie/session Cookie/session Needs a database to store the session data

    The database is queried for every request to fetch the session A session is identified only by a randomly generated string (session ID) No data attached Sessions can be invalidated at any moment JWT JWT Doesn't need a session database The session data is embedded in the token For every request the token signature is verified Attached metadata is readable Sessions can't be invalidated, but tokens might have an expiry flag VS VS 38

68. Another great JWT use case Another great JWT use case

    Creating Secure Password Reset Links Creating Secure Password Reset Links loige.link/jwt-pwd-reset 39

69. JWT LOOKS GREAT! JWT LOOKS GREAT! But there are pitfalls...

    But there are pitfalls... 40

70. Data is public! Data is public! 41

71. Data is public! Data is public! If you have a

    token, If you have a token, you can easily read the claims! you can easily read the claims! 41

72. Data is public! Data is public! If you have a

    token, If you have a token, you can easily read the claims! you can easily read the claims! You only have to Base64Url-decode the token header and payload and you have a readable JSON 41

73. There's no token database... There's no token database... ...if I

    can forge a token ...if I can forge a token nobody will know it's not nobody will know it's not authentic! authentic! 42

74. DEMO DEMO JWT based web app github.com/lmammino/sample-jwt-webapp BUILT WITH 43

75. Given an HS256 signed JWT Given an HS256 signed JWT

    We can try to " We can try to "guess guess" the " the secret secret! ! 44

76. How difficult can it be? How difficult can it be?

    45

77. Let's build a distributed Let's build a distributed JWT token

    cracker! JWT token cracker! npm.im/distributed-jwt-cracker npm.im/distributed-jwt-cracker 46

78. The idea... The idea... 47

79. The idea... The idea... Take a valid JWT token Take

    a valid JWT token 47

80. The idea... The idea... try to "guess" the secret and

    validate the token against it try to "guess" the secret and validate the token against it Take a valid JWT token Take a valid JWT token 47

81. The idea... The idea... if the token is validated, then

    you found the if the token is validated, then you found the secret secret! ! try to "guess" the secret and validate the token against it try to "guess" the secret and validate the token against it Take a valid JWT token Take a valid JWT token 47

82. The idea... The idea... YOU CAN NOW YOU CAN NOW

    CREATE AND SIGN CREATE AND SIGN ANY JWT TOKEN ANY JWT TOKEN FOR THIS FOR THIS APPLICATION APPLICATION! ! if the token is validated, then you found the if the token is validated, then you found the secret secret! ! try to "guess" the secret and validate the token against it try to "guess" the secret and validate the token against it Take a valid JWT token Take a valid JWT token 47

83. Magic weapons Magic weapons 48

84. Magic weapons Magic weapons Node.js Node.js 48

85. Magic weapons Magic weapons Node.js Node.js ZeroMQ ZeroMQ 48

86. Magic weapons Magic weapons Node.js Node.js module module jsonwebtoken jsonwebtoken

    ZeroMQ ZeroMQ 48

87. ZeroMQ ZeroMQ an open source embeddable an open source embeddable

    networking networking library library and a and a concurrency framework concurrency framework 49

88. The brute force problem The brute force problem "virtually infinite"

    solutions space "virtually infinite" solutions space all the strings (of any length) that can be generated within a given alphabet (empty string), a, b, c, 1, aa, ab, ac, a1, ba, bb, bc, b1, ca, cb, cc, c1, 1a, 1b, 1c, 11, aaa, aab, aac, aa1, aba, ... 50

89. bijection (int) ⇒ (string) bijection (int) ⇒ (string) if we

    sort all the possible strings over an alphabet Alphabet = [a,b] 0 ⟶ (empty string) 1 ⟶ a 2 ⟶ b 3 ⟶ aa 4 ⟶ ab 5 ⟶ ba 6 ⟶ bb 7 ⟶ aaa 8 ⟶ aab 9 ⟶ aba 10 ⟶ abb 11 ⟶ baa 12 ⟶ bab 13 ⟶ bba 14 ⟶ bbb 15 ⟶ aaaa 16 ⟶ aaab 17 ⟶ aaba 18 ⟶ aabb ... 51

90. Architecture Architecture Server Server Client Client Initialised with a valid

    JWT token and an alphabet coordinates the brute force attempts among connected clients knows how to verify a token against a given secret receives ranges of secrets to check 52

91. Networking patterns Networking patterns Router channels: dispatch jobs receive results

    Pub/Sub channel: termination signal 53

92. Server state Server state the solution space can be sliced

    into the solution space can be sliced into chunks chunks of fixed length (batch size) of fixed length (batch size) 54

93. Server state Server state the solution space can be sliced

    into the solution space can be sliced into chunks chunks of fixed length (batch size) of fixed length (batch size) 0 3 6 9 ... 54

94. Server state Server state the solution space can be sliced

    into the solution space can be sliced into chunks chunks of fixed length (batch size) of fixed length (batch size) 0 batch 1 3 6 9 ... 54

95. Server state Server state the solution space can be sliced

    into the solution space can be sliced into chunks chunks of fixed length (batch size) of fixed length (batch size) 0 batch 1 batch 2 3 6 9 ... 54

96. Server state Server state the solution space can be sliced

    into the solution space can be sliced into chunks chunks of fixed length (batch size) of fixed length (batch size) 0 batch 1 batch 2 batch 3 3 6 9 ... 54

97. Server state Server state the solution space can be sliced

    into the solution space can be sliced into chunks chunks of fixed length (batch size) of fixed length (batch size) 0 ... batch 1 batch 2 batch 3 3 6 9 ... 54

98. Initial server state Initial server state { "cursor": 0, "clients":

    {} } 55

99. The first client connects The first client connects { "cursor":

    3, "clients": { "client1": [0,2] } } [0,2] 56

100. { "cursor": 9, "clients": { "client1": [0,2], "client2": [3,5], "client3":

     [6,8] } } Other clients connect Other clients connect [0,2] [3,5] [6,8] 57

101. Client 2 finishes its job Client 2 finishes its job

     { "cursor": 12, "clients": { "client1": [0,2], "client2": [9,11], "client3": [6,8] } } [0,2] [9,11] [6,8] 58

102. let cursor = 0 const clients = new Map() const

     assignNextBatch = client => { const from = cursor const to = cursor + batchSize - 1 const batch = [from, to] cursor = cursor + batchSize client.currentBatch = batch client.currentBatchStartedAt = new Date() return batch } const addClient = channel => { const id = channel.toString('hex') const client = {id, channel, joinedAt: new Date()} assignNextBatch(client) clients.set(id, client) return client } Server 59

103. Messages flow Messages flow 60

104. Messages flow Messages flow JWT Cracker Server JWT Cracker Client

     60

105. Messages flow Messages flow JWT Cracker Server JWT Cracker Client

     1. JOIN 60

106. Messages flow Messages flow JWT Cracker Server JWT Cracker Client

     1. JOIN 2. START {token, alphabet, firstBatch} 60

107. Messages flow Messages flow JWT Cracker Server JWT Cracker Client

     1. JOIN 2. START {token, alphabet, firstBatch} 3. NEXT 60

108. Messages flow Messages flow JWT Cracker Server JWT Cracker Client

     1. JOIN 2. START {token, alphabet, firstBatch} 3. NEXT 4. BATCH {nextBatch} 60

109. Messages flow Messages flow JWT Cracker Server JWT Cracker Client

     1. JOIN 2. START {token, alphabet, firstBatch} 3. NEXT 4. BATCH {nextBatch} 5. SUCCESS {secret} 60

110. const router = (channel, rawMessage) => { const msg =

     JSON.parse(rawMessage.toString()) switch (msg.type) { case 'join': { const client = addClient(channel) const response = { type: 'start', id: client.id, batch: client.currentBatch, alphabet, token } batchSocket.send([channel, JSON.stringify(response)]) break } case 'next': { const batch = assignNextBatch(clients.get(channel.toString('hex'))) batchSocket.send([channel, JSON.stringify({type: 'batch', batch})]) break } case 'success': { const secret = msg.secret // publish exit signal and closes the app signalSocket.send(['exit', JSON.stringify({secret, client: channel.toString('hex')})], 0, () => { batchSocket.close() signalSocket.close() exit(0) }) break } } } Server 61

111. let id, variations, token const dealer = rawMessage => {

     const msg = JSON.parse(rawMessage.toString()) const start = msg => { id = msg.id variations = generator(msg.alphabet) token = msg.token } const batch = msg => { processBatch(token, variations, msg.batch, (secret, index) => { if (typeof secret === 'undefined') { // request next batch batchSocket.send(JSON.stringify({type: 'next'})) } else { // propagate success batchSocket.send(JSON.stringify({type: 'success', secret, index})) exit(0) } }) } switch (msg.type) { case 'start': start(msg) batch(msg) break case 'batch': batch(msg) break } } Client 62

112. How a chunk is processed How a chunk is processed

     Given chunk [3,6] over alphabet "ab" [3,6] ⇒ 3 ⟶ aa 4 ⟶ ab 5 ⟶ ba 6 ⟶ bb ⇠ check if one of the strings is the secret that validates the current token 63

113. const jwt = require('jsonwebtoken') const generator = require('indexed-string-variation').generator; const variations

     = generator('someAlphabet') const processChunk = (token, from, to) => { let secret for (let i = from; i < to; i++) { try { secret = variations(i) jwt.verify(token, pwd, { ignoreExpiration: true, ignoreNotBefore: true }) // finished, password found return ({found: secret}) } catch (err) {} // password not found, keep looping } // finished, password not found return null } Client 64

114. Demo Demo 65

115. Closing off Closing off 66

116. Is JWT safe to use? Is JWT safe to use?

     67

117. Definitely Definitely YES! YES! Heavily used by: 68

118. but... but... 69

119. Use a strong (≃long) Use a strong (≃long) secret secret

     and keep it SAFE! and keep it SAFE! Or, even better Use RS256 (RSA public/private key pair) signature Use RS256 (RSA public/private key pair) signature Use it wisely! Use it wisely! 70

120. But, what if I create But, what if I create

     only only short lived tokens short lived tokens... ... 71

121. JWT is STATELESS! JWT is STATELESS! the expiry time is

     contained in the token... if you can edit tokens, you can extend the expiry time as needed! 72

122. Should I be worried about Should I be worried about

     brute force brute force? ? 73

123. Not really Not really ... As long as you know

     the basic rules ... As long as you know the basic rules (and the priorities) to defend yourself (and the priorities) to defend yourself 74

124. TLDR; TLDR; JWT is a JWT is a cool &

     stateless™ cool & stateless™ way to way to transfer claims! transfer claims! Choose the right Algorithm With HS256, choose a good secret and keep it safe Don't disclose sensitive information in the payload Don't be too worried about brute force, but understand how it works! 75

125. Takk! @loige @loige https://loige.co https://loige.co loige.link/jwt-crack-oslo 76

126. Credits Credits vector images vector images designed by freepik designed

     by freepik an heartfelt thank you to: @AlleviTommaso @andreaman87 @cirpo @katavic_d @Podgeypoos79 @quasi_modal 77