#1 By: Mark Frauenfelder, September 3rd, 2013 11:08
#2 By: rvitelli, September 3rd, 2013 11:22
How many systems allow a brute-force approach these days? Most security systems usually lock you out after three wrong guesses.
#3 By: SamSam, September 3rd, 2013 11:26
To be clear: a completely random 20-character alphanumeric password is still completely immune to these systems.
36^20 = 1.3x10^31, which is a very, very large number of possibilities.
If you're running 8 million guesses a second, that will still take you 1.7x10^24 seconds, or 500000000000000 centuries.
So now we just all have to use those systems that generate 20-character passwords for us. Rather more inconvenient, but rapidly becoming a necessity.
#4 By: SamSam, September 3rd, 2013 11:29
None. Or at least none at 8 million guesses per second.
The issue is if they have broken into a database and have all the hashed passwords. We used to think that these hashed passwords were safe, because a hash is a "one way" function and you can't recover the plain password from them. That's now no longer the case.
Many, many websites have had their password databases hacked into. As far as we know, the big big ones like gmail have not yet been hacked into, but if the NSA asks Google for their list of passwords, Google can now no longer say "we don't have them" -- the NSA can just say "give us the hashes, then, and we'll work them out ourselves."
#5 By: Clayton Coffman, September 3rd, 2013 11:37
So change your password from "mary had a little lamb" to "mary had a litt1e 1amb 11235."
These "passwords are unsafe zomg!" stories are very lame. Yes, all passwords are crackable if you have the hash or the system allows you to guess a billion times a second.
These stories are like stories about voter fraud. There are very few cases I am aware of where security was breached by cracking a password, yet this is what all the stories are about, probably because every internet moron is aware of "passwords". Security is most often breached by exploiting software bugs and security vulnerabilities. Sometimes these breaches result in the downloading of hashed or plaintext passwords, but this has little to do with password strength.
#6 By: Sean, September 3rd, 2013 11:44
That password is completely crackable, and likely in very short time. All modern password cracking programs use mangling rules based on analysis of millions of actual passwords that have been revealed over the years.
The only defense is very long, completely random passwords, which are a bitch for people to remember so no one uses them.
Edited to add:
The original breach is usually not password related, but those passwords are then harvested and tried everywhere, along with the username or email. It's also a good idea to never reuse passwords, but again, that runs into people's tolerance for remembering tens to hundreds of passwords, for each site.
#7 By: Kango Ru Foo, September 3rd, 2013 11:53
The 8 random upper/lower/number/punctuation password is out. Geeks can handle very long password but only if they are disciplined. Users... well, I don't think they can deal with it. Authentication needs to be re-engineered.
Passwords/Pass phrases are hard enough for people who work with this stuff. How is the average user going to contend? That is the challenge.
#8 By: Sean, September 3rd, 2013 11:58
Last fall, I had the opportunity to take a database of around 120,000 NTLM hashes from my employer, a university, and run a password cracker on them. I used an 8 node GPU cluster with a 40Gbps Infiniband interconnect.
Within 15 minutes, I had 30,000 passwords cracked. After 3 days (ran over the weekend), I had 95,000. Most of the passwords were just awful, though many of them met all the recommended lower-upper-numeric-punctuation things that are supposed to make them harder to guess. Despite this, almost all the passwords fell into one of about 10 patterns, like [word][number][word] or [word][number] and so on.
Many of the words used the "leet-speek" substitutions that make password strength meters on websites happy, but they are completely ineffectual against the password crackers. They're just too predictable.
I've since switched to using a password manager and generating a random, long password for each site I use. Of course, that leaves me vulnerable to the password manager getting cracked, but at least I'm responsible for it, rather than a dodgy website whose developers have never heard of cross-site-scripting or SQL injection.
#9 By: Jason Andresen, September 3rd, 2013 12:01
That's still not a great password. Although the random number at the end will defeat this cracker, it will be hard for a person to remember. 1amb is pointless because all of the crackers will check common character substitutions like this.
Something better would be:
Murray had a loutish lamb
You could add some digits or whatnot to the mix, but they tend to be harder to remember. You want to avoid anything that would appear in Google or in a book somewhere.
What would be even better would be to come up with your own phrase from whole cloth, preferably using a made up word somewhere to make dictionary attacks even harder. Something like:
joyous Buzzards soladat in summer
#10 By: Oskar, September 3rd, 2013 12:02
I'm assuming the hashes weren't salted. That's the obvious solution here, it's shocking that there are places where it isn't standard.
#11 By: Tualha, September 3rd, 2013 12:02
This is pretty funny. Methinks the folks at Salon have never heard of bcrypt.
Lessee, the oclHashcat-plus website says it cracks bcrypt-hashed passwords at an astounding rate of 3,788 per second on the fastest machine tested, which makes it the slowest hash in the list by a factor of over 3. They don't say how many rounds, though. 2^16 rounds takes about 6 seconds to hash on my 7-year-old Athlon box. Now if my password were something like "hunter2" I guess I might be in trouble, but as it is, I'm not gonna lose any sleep.
Now, all the websites I use, that's another matter. Who the hell knows what hashes they're all using? Good thing I know better than to reuse passwords!
I think the title should have been something like "No password is safe from new breed of cracking software, if you use a crappy hash function or do something else stupid". But that's not exactly news, is it?
#12 By: Jason Andresen, September 3rd, 2013 12:04
If you watch a professional password cracker at work, you'll see that they start out slowly, gathering only a few passwords at a time. Once they analyze the passwords their crack rate shoots up because they can use the organization's password requirements to greatly reduce their search space and start attacking the most common patterns.
Ironically, the more stringent and pain in the ass an organization's password policy is, the easier their passwords are to crack. The best policy turns out to be "require at least 14 characters, no further requirements". People will still have bad passwords, but at least they won't make the job as easy for the crackers.
#13 By: Tualha, September 3rd, 2013 12:04
Salt (if sufficiently long) helps in two ways: it prevents the use of rainbow tables, and it forces the attacker to crack one password at a time. Salt isn't the issue here. The issue is weak passwords hashed with fast hash functions.
#14 By: Kango Ru Foo, September 3rd, 2013 12:12
I think humans remembering password is a lost cause. Something else is required. I just haven't seen anything good enough. Even RSA keyfobs have their problems and they are way too expensive.
#15 By: Miramon, September 3rd, 2013 12:12
Let's calm down with these hyperbolic password claims. You can't crack any network service or website password without first totally compromising the servers to break in and download an actual encrypted password file. Even in the hugely unlikely event that an important service doesn't just turn off logins when you fail 5 times in a row, it's still a round trip, probably 5 seconds or so, to submit a login/password combination, and so you can't ever try to brute-force anything through an actual login interface.
So sure, there's been a distressing number of cases where people have actually gotten their hands on password files -- often unsalted, which boggles the mind -- but it's not a trivial slam dunk for some mythical master hacker to just break in anywhere.
#16 By: Sean, September 3rd, 2013 12:21
These particular ones weren't, but since I wasn't running a rainbow table based cracker, hashes would just mean a slight slowing down and no freebies. The passwords would still be just as weak, and the actual hashing operation isn't slowed down at all. So my 95k passwords cracked might have taken 5 days instead of 3.
Or I could just use the 32 node cluster, and up my guess rate accordingly.
#17 By: TheGlitchEcliptic, September 3rd, 2013 12:22
Locks vulnerable to new picking techniques!
Bullet proof glass vulnerable to new higher caliber or armor piercing rounds!
Human life vulnerable to new blunt force trauma!
#18 By: Sean, September 3rd, 2013 12:24
I shake my head when I see things like "must contain a special character, upper case character, and a number" A quick modification of the mangling rules to remove any passwords without those, and the attack space is a lot smaller!
It's often very easy to figure out the rules, since all you need to do is create a dummy account, and they usually tell you right there in highlighted text.
#19 By: Sean, September 3rd, 2013 12:30
You've touched on one of the big problems there. Many (most?) websites don't bother with fancy hashing algorithms and just go with the tried and true fast hash algorithms like MD5. Coupled with the tendency to reuse logins/passwords on multiple sites, and all it takes is one poorly designed website getting cracked and all your credentials are broken.
I'll admit, I've been bitten by this. I set up a Twitter account for a club I'm a member of, using a password I'd used before (on LinkedIn, incidentally) thinking I'd change it later. Later turned out to be when that Twitter account started sending weight-loss spam. Oops.
#20 By: Clayton Coffman, September 3rd, 2013 12:33
Yes, and a 3 billion digit random password is also crackable. All passwords are crackable, with enough time. By mangling a common phrase you increase the number of guesses required, which undermines the entire point of using a password phrase database. Using a common phrase database reduces your number of guesses, but if I have to mangle these 1,000,000 common phrases 1,000,000,000 common phrases the utility reduces.
I mean imagine, say you have a database of 1,000 common phrases and you know that a certain password is one of these phrases with one of the digits replaced by a number (though obviously you could do this with letters or special characters). Lets say the average phrase length is 25 characters (with spaces). That turns each of these common phrases into 25*10 = 250 phrases. Now you're up to 250,000 things to go through. This still isn't too many, but if there are two letters replaced by a number you have 250*250=62,000,500 passwords to search through, replacing three characters brings you up to 15 billion something, and on and on. And this is only counting numerals. If I can replace with numbers and the alphabet three substitutions gives me ~7e17 (70 quadrillion) things to go through.
Yes, you can try and limit this by assuming o's are always replaced with zeros but I don't think this will change things much.
next page →