As a cloud-based service with a growing user base, Grovo takes our users’ experiences, and especially their security, extremely seriously. Over the past week, we’ve rolled out a number of security and service upgrades that will make Grovo a safer and more responsive product.
What did we do?
We changed our password key derivation to Bcrypt, we upgraded our MySQL database to the latest stable version, and we pushed performance-enhancing code optimizations to the homepage.
What is the effect on Grovo users?
The database update and code optimizations have the site running five times faster than it did before in some places. Across the site, page load times for end users are an average of 150% faster for learners, and 20% faster for trainers.
On the security side, our users’ passwords are now protected under an added degree of security, though this won’t cause any direct impact to users.
How does the new password protection work?
We’ve essentially made our database among the safest sites on the Internet to store your passwords. When you set your password on Grovo, the actual string of characters and numbers you type in never touches our database. If it did, all it would take for an attacker to know your password would be to break into our database. That’s no small feat in itself; our data enjoys the state-of-the-art protection of Amazon Web Services, which is good enough for the CIA. But we wanted to add another level of protection between your password and a malicious actor.
Instead, what we store on our database is a hash digest of your password. This means that when you setup your password on Grovo, your cleartext characters—the name of your dog plus your street address, or whatever it may be—are run through a function that processes them in a specific way, such that the output is a line of characters very different than the ones you put in. This command, which is called a hash function, is one-way, which means that a data thief can’t look at the complex output of characters and figure out the input that created it. In other words, they can’t reverse engineer your password just from looking at the hash. And the hash is the only version of your password that Grovo keeps on file.
We’ve always done all of that. The only new development here is that we’ve upgraded the hashing function that we use to Bcrypt.
What is Bcrypt?
Bcrypt is a key derivation function that outputs long, complicated hashes that can get more complicated when needed. Again, the job of the hashing function (which is also called a key derivation function) is to take your password and perform specific actions on all of it in order to spit out a hash that is as difficult to crack as possible.
There’s no way to make it impossible for someone to guess your password. Armed with just a few inexpensive processors, a brute force attacker could guess every possible combination of every possible character billions of times per second, which means that they would find your correct password combination in a matter of picoseconds. That’s trillionths of a second.
The goal of making password hashes complicated, therefore, is simply to make them cost enough processing power to deter hackers from attempting it. We’ve all heard the joke about the hiker needing to outrun his friend instead of the bear. The same principle applies here. If the hashing function spits out something that is slower — that is, if it costs more processing power, and therefore time, for a hacker to guess — they’ll likely look elsewhere to steal. No home security system can protect you from a nuclear bomb, but it can convince a robber to try a different house. And with AWS, our house is located in a gated compound anyway.
Bcrypt achieves this: the hashes we’re currently storing user passwords as are about 400 billion times harder to crack than previously. (That sounds like a lot, and it is, but it’s perspectivized when you realize that two $200 processors can guess 4.3 billion times per second.) Moreover, Bcrypt can be made to get more complicated at the administrator’s request. That means that as computing power increases, and existing hashes become too cheap to solve, we can tell the function to get more complicated, thus continuing to send attackers elsewhere. By migrating to Bcrypt, Grovo’s password security protocol is in place for a long time.
Anything else coming down the pipe?
A lot more. We’re pushing more code optimizations later on this quarter, so we expect further performance increases shortly. We’re also going to be opening a data warehouse on Amazon Redshift, though users won’t be affected. If you’re interested in learning more about how our engineering team is making Grovo smoother and faster, check out their blog, Grovo Labs.