Opera Software alerts its Opera Web browser Sync users that there is a possibility of hackers gaining access to their passwords. Opera Software issued a security alert on Friday stating that Opera sync was under attack. Users are asked to reset their Opera passwords as well as any links from the sync site.
“Our investigation is ongoing, however, we believe some information, including some users’ passwords or account information (such as login names), may have been compromise,” Tarquin Wilton Jones , Opera’s security blogger.
Wilton Jones said that any passwords saved using the sync system were encrypted or hashed into the system. Wilton Jones said that password resets were primarily for precaution. Opera browser users not using the sync service aren’t required to perform any actions.
Tod Beardsley (senior research manager, Rapid7) commended Opera Software for raising the alarm, but suggested users look into password and account synchronization by themselves with “standalone password managers” that have been purpose-built for security.
Beardsley, in an prepared statement regarding Opera’s sync breach, stated that Opera had not disclosed details about how passwords are stored.
Opera 031 was released in 2015 and password syncing was added. also uses the Nigori protocol as password encryption. Google Chrome browser began to use the Nigori protocol in encrypting synced data around the same time.
A technical description about the encryption scheme Nigori was created by Gregory Szorc (Mozilla engineer):
This (Nigori encryption scheme) takes the user’s passphrase, and then uses PBKDF2 Password Based Key Derivation Function 2 (Password Based Key Derivation Function 2) for keys. It starts by generating a 64 bit salt-key, Suser. This is done using 1001 iterations PBKDF2 with SHA1 as the salt. After that, the program performs 3 more PBKDF2 rivations in order to obtain three 128 bits keys from the original passphrase, using the newly-derived sal key. These are Kuser and Kenc. These PBKDF2 erations count are 1003, 1003, and 1004 respectively. Kenc and Kuser both use AES in their PBKDF2 calculations. Kmac uses SHA-1. Kuser helps to authenticate client and server. Kmac, Kenc, and Kmac can be used respectively to sign or encrypt data. AES-128 is used in CBC mode to encrypt data with a 16-byte IV.
Ben Laurie who wrote the protocol said, regarding Nigori that “it doesn’t imply you have to trust anybody… The storage servers(s) cannot get hold of keying material and, if necessary, you can use splits so each server is unable to attack encrypted secrets.”
Opera Software is unsure of the details behind Opera Software’s storage server implementation and if any were split to provide additional security.
Beardsley noted that “browser-based storage” is a better option than the use of three or four passwords across all accounts. But password managers tend to be more secure and will offer features such password expiration, random password generation, and password expiration.
Opera Software announced that Opera sync users have been notified via email about the incident. The request was to ask them for password changes, including those of their sync and other accounts. Opera Software states that less then 0.5 percent (1.75 million) of its 350,000,000 users use Opera’s sync service.