back to article Silly gits upload private crypto keys to public GitHub projects

Scores of programmers uploaded their private cryptographic keys to public source-code repositories on GitHub, exposing their login credentials to world+dog. The discovery was made just before the website hit the kill switch on its search engine or, more likely, the service collapsed under the weight of curious users trawling for …

COMMENTS

This topic is closed for new posts.
  1. Craig 8
    Stop

    More detail is needed

    Before I believe this is a major security cock-up, I want to know how many of those private key files were actually password protected. While it's still inadvisable to post your private keys publicly, even if they're encrypted, there's a world of difference between that and posting just the plan key. All the formats found by the sample searches quoted can, and should be, password protected.

    1. Daniel B.
      FAIL

      Re: More detail is needed

      I'm guessing that the people stupid enough to upload their private keys are the kind of people that had their keygen process go like this:

      $ ssh-keygen

      Generating public/private rsa key pair.

      Enter file in which to save the key (/Users/dummy/.ssh/id_rsa): <enter>

      Created directory '/Users/dummy/.ssh'.

      Enter passphrase (empty for no passphrase): <enter>

      Enter same passphrase again: <enter>

      Your identification has been saved in /Users/dummy/.ssh/id_rsa.

      Your public key has been saved in /Users/dummy/.ssh/id_rsa.pub.

      The key fingerprint is:

      c3:bb:2a:59:a6:3f:2e:12:e3:4f:36:ca:e9:c2:75:e0 dummy@antares.local

      This is one of the widespread bad practices that is sometimes encouraged by some devs. Ditto with having unpassworded MySQL access under the guise of "well, nobody from the outside will ever get access to the box".

    2. Anonymous Coward
      Anonymous Coward

      Re: More detail is needed

      Another reason not to use Open Source software. Yet again we find that code could have been compromised because of the easy to access it nature of Open Source and no one would likely have known....

  2. Robert Helpmann??
    Childcatcher

    Curiouser and Curiouser

    ...the service collapsed under the weight of curious users trawling for the sensitive data.

    It looks like we have a new euphemism for black hats: curious users. Too, I am curious as to whether this might create broader exposure to security risks than simply GitHub accounts.

    1. Bill the Sys Admin
      Terminator

      Re: Curiouser and Curiouser

      I would think it most certainly will if people use their private keys else where.

  3. Anonymous Coward
    Anonymous Coward

    There's always google of course.

    "BEGIN RSA PRIVATE KEY" site:github.com

    1. Zaphod.Beeblebrox
      Meh

      Re: There's always google of course.

      As was mentioned in the article, of course: "At least some of the credentials can still be found using Google and other external web crawlers."

    2. Craig 8
      Facepalm

      Re: There's always google of course.

      Fair play, "BEGIN RSA PRIVATE KEY" site:github.com returns 29,100 results, and "Proc-Type: 4,ENCRYPTED" site:github.com returns 5,200 results, so it does look like the majority of them are in plain, which is pretty dumb.

      1. Anonymous Coward
        Headmaster

        Re: There's always google of course.

        @Craig 8 - I used your search terms and looked through 40 of the hits. Only three were actual keys and not a coding example of a key or some other reference to generating a key. Exclude the term "example" from your search and run it again - far fewer hits.

        1. Anonymous Coward
          Anonymous Coward

          @A Prough

          You haven't understood the idea of scaremongering journalism, have you?

          Now, off you go with your realist world view!

  4. Lee Dowling Silver badge

    Idiots

    Although I doubt that every hit is for a key file that shouldn't be exposed (rather than a bug report mentioning it, or a code comment, or even a slice of code that looks for that line as a sanity check or similar, not to mention test keys and examples), it's still a stupid thing to upload if you are working on software.

    And, as the blog points out, it's called a PRIVATE key in several places for a very good reason. Hell, most software that utilises them (SSH and Apache for a start, I believe) won't let you have them with certain UNIX permissions on the file because they KNOW how stupid that is to do and they'll just refuse to continue.

    It is very interesting, though, what a well-crafted search can do. This is why I never listen to the "oh, no-one will ever know it's there but me" arguments that some admins try to use. They don't need to KNOW it's there. They just need to go looking for things that they know are interesting and the computer will help them find it. I've seen any amount of "private" website administration URL's in the past that were explicitly listed in robots.txt - they were bright enough to know that someone might find their secret area, but too stupid to realise that robots.txt would point you STRAIGHT AT IT if you were querying directly. Of course, the real security thing to do is just not have those folders accessible, which solves all your problems immediately. You can't stumble across a folder that doesn't exist, or is hidden behind a PROPER access control.

    If you have something that needs securing, secure it.

    This is also the reason I hate any and all "indexing" of documents or files. I don't CARE how well you think you've designed the system and encrypted the indices and whatever else. There's no reason to run through my documents folders and even network shares, and record details of everything in there. A file search through a folder is rare enough, and quick enough with modern hardware, that I don't even need an index to find anything I want within a reasonable time and - done properly - does NOT leave traces of even the searches I performed, or the documents I have, on my user account.

    "Oh, look, the administrator's private account with no privileges just searched for a file on the network called X..." - Guess what the next target they will look for is - EVEN if you only use administrator accounts for the absolute minimum where they are necessary - all that does is raise the probability of that file being "interesting" to someone.

    1. Chris Miller

      Re: Idiots

      Showing once again that it's tough to make a system idiot-proof, because idiots are so darned inventive.

      1. Thunderbird 2

        Re: Idiots

        Darwin @ work.

        For every new and improved "Idiot proof system"

        a new and improved idiot shall evolve to overcome it.

      2. Anonymous Coward
        Anonymous Coward

        Re: Idiots

        And these are the proffesionals!

        1. Michael Wojcik Silver badge

          Re: Idiots

          And these are the proffesionals!

          Who are the "proffesional" whats, here? You don't have to be a member of a profession, or indeed employed, to use github.

    2. Jason Bloomberg Silver badge
      Paris Hilton

      Re: Idiots

      Idiots or just not thinking?

      It's a danger of developing out in the open and forgetting its nature. I bet more than one has made the mistake of simply 'copying the whole project' into a repository without thinking what's actually in that project.

      People can quite simply forget what they are working on is open to the public. With tighter integration between private and public storage it gets harder to tell what is private and what is not, and people even forget CD backup, USB sticks and drives are potentially public if ever removed off-site.

      I wonder how many developers are scrambling to see if they have leaked sensitive information, how many can confidently say they never have?

      1. Anonymous Coward
        Anonymous Coward

        Re: Idiots

        As Mr. Bloomberg says above, this is not "idiocy" as some holier-than-thou posters would have us believe, but most likely carelessness.

        Luckily this is the sort of mistake you tend to make once and learn from it. A bunch of devs will also hopefully be getting familiar with SSH key replacement right now.

        Oversights like this can and do happen (a lot, as this demonstrates!), and I appreciate the "security watchers" who have suggested GitHub should block ~/.ssh and similar really mean well, but that's not the way. After all, a project could conceivably upload private keys by design. On the other hand a warning if about to commit something that looks sensitive/passwordish would probably be appreciated, although at the end of the day it's not up to GitHub to babysit their users.

        1. Charles Manning

          Downvotards?

          Why would anyone downvote what AC said above?

          Nothing stupid.

          Nothing inflammatory.

          What moron would downvote that?

      2. edge_e
        WTF?

        Re: Idiots

        Idiots or just not thinking

        Same thing isn't it?

        Maybe you'd like to explain how this is any different to a surgeon leaving a scalpel inside his patient?

  5. Frumious Bandersnatch

    but ...

    isn't ((m ** private) ** public) mod pq = ((m ** public) ** private) mod pq? Maybe some of these users at least have just decided to swap public and private keys for each other? Maybe it's their secret "twist"...

    OK, I'm not really serious. Most likely ssh (or pgp or whatever you use to generate keys and do the crypto) stores public keys in a different format to the private key so they're not interchangeable. But at least with the underlying RSA bit, calling one key public and the other private is just a matter of which one you actually reveal...

    1. Lee Dowling Silver badge

      Re: but ...

      No, they are not equivalent. Maths modulo high primes is the entire security BECAUSE it's not a mechanism that you can just reverse like that, and the private key is not "just a prime".

      In general, the private key contains both the public key and some other large prime, whereas the public key is only a large prime (to get a simple analogy). The public key is actually derivable from the private key (that's how you MAKE a public key!) but NOT vice-versa (or PKE encryption would be useless). The private key contains extra, private information that should not be revealed and is not in any way derivable from the public key within a reasonable length of time.

      If you swap the keys, not only does the file format checking code freak out, but you'll find that you can't get any further. The internal mathematics does (sometimes) involve commutative ciphers when playing with these primes internally, but the "keys" you get out of the end of it are NOT interchangeable.

      1. Frumious Bandersnatch
        Thumb Down

        Re: but ...

        No, they are not equivalent. Maths modulo high primes is the entire security BECAUSE it's not a mechanism that you can just reverse like that, and the private key is not "just a prime".

        In general, the private key contains both the public key and some other large prime, whereas the public key is only a large prime (to get a simple analogy). The public key is actually derivable from the private key (that's how you MAKE a public key!) but NOT vice-versa (or PKE encryption would be useless). The private key contains extra, private information that should not be revealed and is not in any way derivable from the public key within a reasonable length of time.

        OK, so I just happened to have Schneier's Applied Cryptography (2nd edition) on my desk as I read your post. I looked it up and confirmed that what I said earlier is correct. On page 467 it covers generating the public and private keys (which are multiplicative inverses of each other mod (p-1)(q-1)). Then it talks about encrypting and decrypting and finishes by saying "The message could just as easily have been encrypted with d and decrypted with e; the choice is arbitrary". That's exactly (and only) what I said in my post. I think you may need to brush up on how RSA encryption works. In particular, you can't derive either the public key from the private key, or vice-versa. Not without knowing the factorisation of pq, anyway. Nor does the private key contain "extra, private information".

        Compound encryption schemes (involving RSA and something else) are a different matter, as you pointed out. But then, I never actually claimed that you could swap keys there and still have everything work.

        1. Daniel B.
          Boffin

          @Frumious Bandersnatch

          Yes, you're actually right on the RSA algorithm, they're reversible and in fact, signing is done that way, by encrypting with the private key. The reason swapping files doesn't work is because the private key file contains the P and Q primes, so both public and private keys can be derived from the private key file.

          1. Frumious Bandersnatch

            Re: @Frumious Bandersnatch

            Thanks, Daniel B. It's nice to have that validated, even down to my guess that private and public keys don't store the same data . The downvotes I got are unimportant compared to that. Now if Lee Dowling had said that p and q were stored with the private key then I'd happily have conceded the point to him. Maybe he knew that and it's what he was trying to get at, but it's not what came across. I'll give him the benefit of the doubt and say we're all right. Except the downvoters. You still suck.

        2. Anonymous Coward
          Anonymous Coward

          Re: but ...

          You can easily get screwed in this manner even with 'one way' based functions.. Just look at what happened to Sony with the PS3....

          1. Lee Dowling Silver badge

            Re: but ...

            Without getting deep into the maths (which I was trying to avoid because there had been only little mention of the maths at the point I posted), I was trying to show that what you call a "key" in terms of an SSH key file is NOT equivalent to what you might refer to as a key in mathematical cryptographic terms.

            The simple fact that you can derive a public "key" (file) from a private "key" (file), but not the other way around, was what I was getting at. It's a combination of more than just a single number.

    2. Daniel B.
      Boffin

      Re: but ...

      Actually, you'd be right if the format for private and public key were the same, that is if the files were:

      public key: N, e

      private key: N, d

      as with that format, one key can't be derived from the other. But actually, the private key is usually stored like:

      private key: N, e, d, p, q, and other numbers that are derived from these which help for some implementations of RSA.

  6. Parax
    Alert

    I might have already alluded to this in my comment on the four key mistakes article...

    Only worth +2 though.

  7. Just a geek

    Management Pressure?

    I don't think it's all idiots or people being careless, I think a lot of it is down to 'Get It Done' pressure that people are under these days. Management need something done urgently so sysadmins will often find ways around various blocks to get it done with good intentions to fix it later but, of course, later never comes and so this is what you have.

    1. fandom

      In open source projects?

      1. Anonymous Coward
        Anonymous Coward

        "In open source projects?"

        Why not?

  8. YouStupidBoy

    Development code accessed by search engines

    Development code for private firms is often available via your search engine of choice. Just put in the terms 'review board' diff ship view, or some other likely combination. As of a couple of months ago, there were dozens of pages available, including a bunch of code visible for a not-too-insignificant e-commerce site that included the admin override URL and testing logins. Another review board for a different site that was accessible had a link to a SQL table with a couple hundred (not much, admittedly) rows of customer info - name, address, password - all in plain text, although thankfully no payment info.

    I emailed the companies concerned, so I would assume these two are gone. Haven't bothered to check though. But there are many other examples out there.

    On a side note, reading some of the comments on various articles makes me realize how lucky I seem to be to work where I do. Yes, the business needs and what's a priority seems to change on an almost daily basis, certainly weekly, but we have been explicitly told that if doing something right takes more time than a rush job, then the paycheck-signers would rather we do it right. It's probably an attitude that's grown out of the first two years of the business having exactly the opposite mantra, and we're *still* cleaning up the mess that some of the devs left behind, 3 years after they've gone. Some of the most incomprehensible stuff that you'll ever see on dailywtf came straight from our original codebase. The current attitude certainly does reap such benefits, both with staff and customers in the medium to long term, that it amazes me that I see so many people on here whose companies seem to have the opposite approach.

  9. Paul Hovnanian Silver badge

    Simple github filter

    Crawl through user's accounts looking for "BEGIN RSA PRIVATE KEY" followed (after the appropriate string length) by "END RSA PRIVATE KEY" and delete the file. Maybe even triggered by an upload.

    And then sent them an e-mail, Subject: You moron!

    1. Anonymous Coward
      Anonymous Coward

      Re: Simple github filter

      Paul, are you aware of how git (the version control software) works?

      1. Paul Hovnanian Silver badge

        Re: Simple github filter

        Point taken. Once the change is checked in, its probably too late to do anything. I still like the auto-generated "Idiot" e-mail. At least that will give the user an opportunity to revoke his keys and maybe add a line to gitignore.

  10. Herby

    Given the incidence of SSH probes

    This is a real problem. Just about every day I get one or two ip addresses that attempt to use SSH to invade my site. Thankfully I have setup SSH to only allow a few accounts to "enter", but they still fill up my log files.

    The scanners seem to think that if there is an SSH server out there, it must be hiding something. Of course, if there is a telnet server, they seem to ignore it. Go figure!

  11. Anonymous Coward
    Anonymous Coward

    The intelligence of open source coders astounds

    If someone is so stupid as to include their private keys in the upload, should we trust the quality of their code?!?!

    As for the old "it's not stupidity it's just a mistake" excuses being trotted out - bull. Someone so careless and clueless so as to not realise what they have done CLEARLY does not understand what they are doing and is obviously not capable of writing good code.

    If their uploading is so full of elementary mistakes, you can bet their software is likewise riddled with mistakes.

    And if they care so little about their own security, what will they think of yours?

    1. Michael Wojcik Silver badge

      Re: The intelligence of open source coders astounds

      The ability of twits who post anonymously to draw ridiculous sweeping generalizations from anecdote is even more astounding. You leapt so far to that conclusion I'm surprised you didn't achieve escape velocity.

This topic is closed for new posts.

Other stories you might like