×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Lessons Learned From Cracking 2M LinkedIn Passwords

samzenpus posted about 2 years ago | from the listen-to-the-learnings dept.

Security 198

An anonymous reader writes "Qualys researcher Francois Pesce used open source password cracker John the Ripper to try to crack SHA-1 hashes of leaked LinkedIn passwords. He ran the John the Ripper default command on a small default password dictionary of less than 4,000 words. The program then switched to incremental mode based on statistical analysis of known password structures, which generated more probable passwords. The results? After 4 hours, approximately 900,000 passwords had been cracked. Francois then ran numerous iterations, incorporating older dictionaries to uncover less common passwords and ended up cracking a total of 2,000,000 passwords."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

198 comments

Do not use standard passwords (5, Insightful)

Anonymous Coward | about 2 years ago | (#40283201)

Surely this is not news.

Re:Do not use standard passwords (1)

Anonymous Coward | about 2 years ago | (#40283285)

It's a bit more than that if you bothered to read the summary:

The program then switched to incremental mode based on statistical analysis of known password structures, which generated more probable passwords

So standard passwords aside, go read about Markov chains, which JtR can utilize to bruteforce passwords that follow human rememberability standards.

Re:Do not use standard passwords (0)

Anonymous Coward | about 2 years ago | (#40283373)

It's a bit more than that if you bothered to read the summary:

The program then switched to incremental mode based on statistical analysis of known password structures, which generated more probable passwords

So standard passwords aside, go read about Markov chains, which JtR can utilize to bruteforce passwords that follow human rememberability standards.

The lesson from the article is "Always salt your password hashes". I'm not sure what you're going on about, any password can be memorized.

Re:Do not use standard passwords (4, Insightful)

Qzukk (229616) | about 2 years ago | (#40283471)

Salting doesn't stop brute force crackers like JtR, it only stops attackers from using a rainbow table and/or discovering that two people have the same password.

The real lesson here is just because your password database is hashed (with or without salt) doesn't mean you should let just whoever download the thing.

Re:Do not use standard passwords (1)

Moses48 (1849872) | about 2 years ago | (#40283647)

If they don't know your salt (code based) and you don't allow people to do multiple login attempts on your site, it does effectively stop brute force attacks at your passwords even if your salted hashes get out in the open. Still not the best idea to give out your database.

Re:Do not use standard passwords (1)

Culture20 (968837) | about 2 years ago | (#40283835)

Chances are if someone has access to the password file, they also have access to the program files (maybe even the source code). This of course excludes anyone the first someone distributes the pw file to.

Re:Do not use standard passwords (4, Informative)

Junta (36770) | about 2 years ago | (#40284147)

If you have a salt in *code* (I presume a static one), I would wager it would be easy to discern. A salt is not supposed to be 'secret', it's just supposed to prevent easy identification of common passwords and a simplistic rainbow table attack.

Now if each client had a machine generated salt to append before transmit to server, that actually is servicable. Of course, the standard practice of complete obfuscation of the password through local algorithms is better.

Re:Do not use standard passwords (1)

Kergan (780543) | about 2 years ago | (#40284505)

If the salt used is not part of your password's hash, you're doing it wrong. Salts should be unique per user, not site-wide.

Re:Do not use standard passwords (3, Funny)

Anonymous Coward | about 2 years ago | (#40283649)

The real lesson here is just because your password database is hashed (with or without salt) doesn't mean you should let just whoever download the thing.

Genius. Pure genius. I hope the NSA snaps you right up. It's people like you with keen intellects that can come up with such a conclusion (that no one else has ever even considered) that will save this great nation of ours. Thank you. Thank you.

I'm going to go and change my setup so that my password databases aren't visible to the Internet anymore. It's just incredible. Are you the result of a Mensa genetic engineering experiment or something?

Re:Do not use standard passwords (5, Informative)

ShanghaiBill (739463) | about 2 years ago | (#40283681)

Salting doesn't stop brute force crackers like JtR

Salting doesn't make brute force crackers impossible, but it makes brute force much, much less effective. If I have two million unsalted passwords, I just need to compute a hash for a dictionary word one time and then do two million string comparisons. If I have two million salted passwords, then I need to hash the dictionary word two million times. That is far, far more time consuming.

Re:Do not use standard passwords (1)

zzsmirkzz (974536) | about 2 years ago | (#40283823)

f I have two million salted passwords, then I need to hash the dictionary word two million times.

And if the salts were different on every password were secured separately from the password list, you'd have to try and deduce the salt first, two million times.

Re:Do not use standard passwords (1)

moderatorrater (1095745) | about 2 years ago | (#40284269)

if the salts were different on every password

If it's not then it's not really a salt.

if the salts...were secured separately from the password list

That's not really feasible. Presumably if they have access to the passwords they also have access to the salts. In the end the legitimate application requires access to both, so if they've compromised the application they can probably get both.

Re:Do not use standard passwords (4, Interesting)

zzsmirkzz (974536) | about 2 years ago | (#40284579)

That's not really feasible. Presumably if they have access to the passwords they also have access to the salts. In the end the legitimate application requires access to both, so if they've compromised the application they can probably get both.

It seems perfectly feasible to me.

1) A part of the salt is static and hidden in application code. This means even in the DB of salts is compromised, deduction of the missing piece is still required (as well as knowledge of its existence).

2) In a example setup there are three servers, the Application/Authentication server that is accepting login requests (Server A), the Database server hosting the DB of password hashes (Server B), and the Database server hosting the DB of the password salts (Server C).

3) The servers are configured so that Server A can communicate with the outside world and servers B and C. Server B can only communicate with Server A. Server C can only communicate with Server A.

In this setup the only server than can be remotely compromised is Server A which does not have direct access to either the list of hashes or the list of salts. In order to get this information an attacker would have to take control of Server A and query both databases, one record at-a-time. The search/index key in both databases would be the username, so the attacker would also need the complete list of usernames as well.

Now, I dreamed up this scenario in about 5-10 minutes. Please explain why it's unfeasible and assume security is high priority consideration.

Re:Do not use standard passwords (0)

Anonymous Coward | about 2 years ago | (#40284231)

Jesus, people ... salt your hash. Hell, split the password and put a dynamic salt in the middle.

Re:Do not use standard passwords (3, Insightful)

Bengie (1121981) | about 2 years ago | (#40283731)

But instead of 4 hours to crack 2mil hashes, he would have spent 4 hours per hash for 2mil hashes. It makes a small difference.

Re:Do not use standard passwords (1)

Bert64 (520050) | about 2 years ago | (#40284435)

Worse than that, without salts you can precompute the hashes (eg rainbow tables) and do subsequent attacks far more efficiently against anyone using the same hash type (and unsalted md5, sha-1 and ntlm are extremely common making it well worth the effort of generating tables)...
Tables can be (and often are) shared, thus distributing the required hashing power across a much larger pool of resources.

Re:Do not use standard passwords (3, Informative)

blueg3 (192743) | about 2 years ago | (#40283825)

Salting doesn't stop brute force crackers like JtR, it only stops attackers from using a rainbow table and/or discovering that two people have the same password.

Both of those latter things are significant risks. However, it also substantially slows down brute-force crackers when applied to large password lists.

If you apply a brute-force cracker to a list of, say, a million unsalted password hashes, then you need to only compute the hash of each potential password once and compare the result against all million hashes. With a reasonably good in-memory storage system for the hashes, nearly 100% of your time is spent computing hashes (and not in comparison or password generation). So, with unsalted passwords, cracking a million passwords is as fast as cracking one (but much more lucrative).

With salted passwords, you need to compute the hash of each potential password for each entry in the hash list (since they all, ostensibly, have different salts). So you need to compute a million hashes in order to check one possible password (for the whole list). That is a substantial slowdown. With salted passwords, you are essentially cracking every password in a list separately -- having a large list gives you zero speed benefits.

If a factor of a million slowdown doesn't seem like much, consider that many good password-based encryption system use key strengthening, where the password (and salt) are passed through many chained rounds of hashing. Roughly a million, on modern processors. The whole purpose of this is to slow down brute-force password cracking by increasing the cost of a guess. It's enough of a change that instead of being able to get through a very large keyspace in a reasonable time (with only one hash round), you're stuck only being able to crack very bad passwords (with a million hash rounds). That's a very significant difference.

Re:Do not use standard passwords (0)

Anonymous Coward | about 2 years ago | (#40283567)

It's a bit more than that if you bothered to read the summary:

The program then switched to incremental mode based on statistical analysis of known password structures, which generated more probable passwords

Thank you, Anonymous Coward. Of course I was only referring to default dictionaries, and not to other dictionaries or known password structures. Thank you so much for clarifying.

So standard passwords aside, go read about Markov chains, which JtR can utilize to bruteforce passwords that follow human rememberability standards.

I think I may have a few relevant textbooks at home.

Re:Do not use standard passwords (0)

synapse7 (1075571) | about 2 years ago | (#40283303)

or passwords developed by patterns. If you're password is not 20 random characters, it will probably be cracked with minimal effort from even a "journalist".

Re:Do not use standard passwords (1)

Anonymous Coward | about 2 years ago | (#40283349)

Surely this is not news.

It will stop being news when people stop doing it by the millions, which is to say "never".

Re:Do not use standard passwords (4, Interesting)

Richard_at_work (517087) | about 2 years ago | (#40283377)

The problem is, even passwords that would have been considered "non-standard" 5 years ago is now easily crackable - according to GRC, a password I used 5 years ago consisting of ten characters, alpha numeric, mixed case and a symbol would take just an hour or so to crack. That was quite eye opening.

So what next?

Re:Do not use standard passwords (5, Informative)

Shetan (20885) | about 2 years ago | (#40283513)

So what next?

Two factor authentication.

Re:Do not use standard passwords (-1, Redundant)

Anonymous Coward | about 2 years ago | (#40283901)

Two factor authentication.

or vagina

Re:Do not use standard passwords (2)

Kjella (173770) | about 2 years ago | (#40283587)

Well there's two ways here, online and offline cracking. I imagine LinkedIn has some kind of policy to stop people doing millions of authentication attempts online. If they get the PW from linkedin and can crack it offline then IMO linkedin's security has already failed. If you can get the passwords the hacker can probably get most anything else, so it's just damage control - don't reuse the password on anything you care about. In fact it's a bad idea anyway because you've no idea if someone with legal access at linkedin is snooping passwords to steal other accounts.

I'm guessing my account was in there and my password was weak, but they couldn't access my email, they couldn't access my online bank, post some crap on linkedin if you want but that's probably not going to be more than an "embarrassing moment" and then explaining my account was hacked. And the other services I use hte same password for, wow you can now impostor me on a few forums and whatnot. It's the kind of identity theft I can live with, to be honest. I'm far more concerned about my PC being hacked or entering my important passwords on a scam site than I am about my linkedin password going public.

Re:Do not use standard passwords (5, Funny)

RenderSeven (938535) | about 2 years ago | (#40283871)

What an excellent opportunity! I just told everybody on my LinkedIn account what I *really* thought of them, waited an hour, and told them all my password was hacked. Good times, good times.

Re:Do not use standard passwords (4, Funny)

hoggoth (414195) | about 2 years ago | (#40284163)

Yeah, me too. I told my brother that stealing my girlfriend in the 8th grade was a shitty thing to do and he should stop getting drunk in bars. Then an hour later I told him my account was hacked and that wasn't me who wrote that.

Re:Do not use standard passwords (1)

RenderSeven (938535) | about 2 years ago | (#40284391)

Apparently your account was hacked by your 8th grade girlfriend working with the bartender (hey if you knew she was that tech-savvy you might have held onto her better)

Re:Do not use standard passwords (1)

ciderbrew (1860166) | about 2 years ago | (#40283611)

My house is "secure" but if you are able to start hitting it with industrial equipment and take the roof off my choice of front door key doesn't matter.
When you can down load the whole password file and brute it off line, its just a matter of time. Time to wait for tech to get better and time to press the big red go button to run the code on the bit of fast(n) tech.

So type in a password you couldn't possible recall and each and every time you want to go back to the site - request a new password. This may be a stupid idea; but I end up doing it for a a few sites and I don't even bother to recall the crap I typed in. If I had to log into it every day I'd change, but some (most) sites are just not worth the effort. Protect sites that can rip money from you.

Re:Do not use standard passwords (2)

PReDiToR (687141) | about 2 years ago | (#40284167)

Have you ever heard of Password Hasher [wijjo.com] ?
Mine defaults to even for sites that I'll never visit again I have as standard 26 character upper, lower and symbol passwords that I don't have to remember. All I need to know is the passphrase, something like "0nLy 1 Know Thi$ pA$$phrase!" or "mmm pizza". Makes no odds, you still get a 26 char PW that has Ul$ in it.

I know a lot of people don't use Firefox, but this really is a killer extension.

Re:Do not use standard passwords (1)

Hadlock (143607) | about 2 years ago | (#40283671)

[blockquote]So what next?[/blockquote]So assume your password is going to be compromised eventually (the bigger the service, the greater that chance approaches 1), use a different, randomized password for each website, and rely on "forgot your password?" links for when your browser's cookie times out.
 
For most websites, the "forgot your password?" link + checking your email takes less time than trying to guess if that was a capital P or lowercase p in "p455w0rD".

Re:Do not use standard passwords (1)

Bengie (1121981) | about 2 years ago | (#40283973)

One does have to add that the password would have to be focused on, which doesn't happen with database dumps like these, and it would cost a pretty penny. 10 char password with mixed/etc would take on average 1 year when doing 1 tril checks/sec. To break within an hour, one would need access to ~80-800 peta-flops of compute. Definitely something someone targeting a password could do, but it isn't cheap.

Re:Do not use standard passwords (0)

Anonymous Coward | about 2 years ago | (#40284031)

All those "crackable in n seconds" guestimates are based on the password being hashed in a fast hash algorithm exactly one time. That's why you can make hundreds of millions of guesses a second. If you simply iterate the hashed a 100,000 times, you make it 100,000 times harder to crack.

Re:Do not use standard passwords (0)

Anonymous Coward | about 2 years ago | (#40284737)

Passwords are just *one* of the methods your account is safe. Important sites will limit you to a few guesses before locking down your account and/or will require 2 factor authentication before allowing to login from unknown computer. You know, those "secret questions" that are basically best treated as passwords.

What is the moral of the story is *never* use the same password on more than one website/service/whatever.

YAY the cracked the passwords (1)

Anonymous Coward | about 2 years ago | (#40283243)

They still dont have any account bound to them... so its like owning 2M keys to very specific doors witch resides somewhere in a city of the size of new york. Totaly useless.

Re:YAY the cracked the passwords (2)

TooMuchToDo (882796) | about 2 years ago | (#40283265)

Unless you can derive the username from the password. But heh, what are the odds of that happening? *rolls eyes*

Re:YAY the cracked the passwords (1)

Anonymous Coward | about 2 years ago | (#40283341)

Unless you can derive the username from the password. But heh, what are the odds of that happening? *rolls eyes*

I'm pretty sure that the username for John123 is John.

Re:YAY the cracked the passwords (1)

Anonymous Coward | about 2 years ago | (#40283379)

If I can get your 6.5 million hashed passwords, I can probably get to your userID's. Just because the original leaker didn't post the userID's, doesn't mean they don't have them.

Oh, CAPTCHA = "steals", gotta love that.

Re:YAY the cracked the passwords (3, Informative)

EasyTarget (43516) | about 2 years ago | (#40283339)

... It is only useless if you have a criminal intent.

For those of us who do not actually want to abuse this leak, but instead learn from it, this is a great source of data!
It shows just how *****ingly clueless most people are when it comes to creating a password.
It shows how getting a bit smarter makes your password harder to crack, but still vulnerable to dictionary+statistical attacks.
It shows how 100% random is probably the way to go for anything of value.

Re:YAY the cracked the passwords (2)

brix (27642) | about 2 years ago | (#40283361)

Who is "they"? The public at large has access to the password file but not the account names. However, there's really no telling what the original hacker has. For security purposes, we assume the worst, and that is that someone has both the account names and a password file for which almost a third of the passwords have proven easily cracked.

Re:YAY the cracked the passwords (1)

kuiken (115647) | about 2 years ago | (#40283369)

Except the guy who released the hashes most probably does have the usernames as well.

Re:YAY the cracked the passwords (1)

drunkennewfiemidget (712572) | about 2 years ago | (#40283397)

... as far as you know.

Just because they only leaked the password doesn't mean they don't have the usernames that go with them, intend on cracking the passwords, and then just looking up the matching hashes somewhere else to link accounts to passwords.

Re:YAY the cracked the passwords (1)

Lisandro (799651) | about 2 years ago | (#40283449)

You don't have the account names bounded to each password. There's a pretty good chance whoever got that information has both pieces of the list.

Re:YAY the cracked the passwords (1)

DarkOx (621550) | about 2 years ago | (#40283673)

Somewhere a relation of password hashes to user names must be stored so that the system can check passwords; so the information exists. I think we have to assume who ever it was who crack the site in the first place has that information. They simply opted not to make it public for any number of reasons (few good for anyone with an account).

So its more like they have 2M keys, to specific houses and are jingling them in front of you just to prove it.

gpg (5, Interesting)

Anonymous Coward | about 2 years ago | (#40283269)

gpg - --gen-rand 1 9 | gpg -cat > linkedin.asc

And presto, 72 bits of sweet entropy in your password which you don't even need to remember. It suffices to remember ONE password.
Need your linkedin password?
gpg linkedin.asc | xsel
(and type your one password).

Note that this way your linkedin password is never typed and never shows up on the screen.

Re:gpg (2)

tuffy (10202) | about 2 years ago | (#40283475)

I've tried a similar one-password principle using HMAC digests:

python -c "from hashlib import sha1; from hmac import HMAC; from getpass import getpass; print HMAC('site.com', getpass(), sha1).digest().encode('base64')"

By simply remembering the site name and a strong master password, one can generate a unique password for each site.

Lessons learned? (0)

Anonymous Coward | about 2 years ago | (#40283355)

That would be a new one.

Value of a linkedin account (2)

vlm (69642) | about 2 years ago | (#40283363)

What is the value of a random persons stolen linkedin account... I'm trying to figure out how its not zero. I have a pretty devious mind but I can't think of any way to make money off this with a reasonable chance of success. If you poison enough of the well, the whole data set becomes worthless so you can't threaten to modify data. Maybe they tried to extort money from linkedin inc and failed so they released purely by spite? Post IPO = the titanic has been struck by the iceberg and you've already gotten away, so it doesn't matter how fast the ship sinks, therefore no point in paying extortion fees?

Assuming only a fraction of accounts have been stolen and not the entire user list.... Why do people assume its only a tiny fraction and not the whole list of users? The same people who don't understand the concept of a "salt" must surely be correct when they say only a couple million records are out there. I would assume based on their heroic security performance to date, that ALL records are out there, we just only know about a couple.

Re:Value of a linkedin account (5, Insightful)

Anonymous Coward | about 2 years ago | (#40283417)

It probably has little value, but the account name is an email address. Many people use the same account/pass combination for multiple sites, including perchance their paypal account. If they manage to pull a few million email/password combos from linkedin, I can guarantee you that some of those combinations will match paypal exactly.

Re:Value of a linkedin account (1)

Anonymous Coward | about 2 years ago | (#40283453)

Verified E-mails are supposedly worth money to spammers, especially with a list of trusted e-mail addresses. Then there are all the crossover passwords, so maybe access to 50% of the actual email accounts, and in terms of identity theft, you can get pretty far with just access to an e-mail account.

Re:Value of a linkedin account (1)

Anonymous Coward | about 2 years ago | (#40283455)

What is the value of a random persons stolen linkedin account... I'm trying to figure out how its not zero. I have a pretty devious mind but I can't think of any way to make money off this with a reasonable chance of success.

You're right, using the stolen credential on LinkedIn is pretty much useless. But with 2,000,000 for sure cracked passwords, a bad guy would now have 2,000,000 sets of login credentials try elsewhere. How about amazon.com? Or paypal? How many of those 2 million logins are reused? Even if it were only 1%, that'd still be 20,000 sets of logins for paypal accounts. And there's plenty of money in that.

Disclaimer: I would never do such a thing myself. I've more been on the receiving/victim end of that thought process. Needless to say, I don't reuse passwords anymore.

shared passwords (1)

DogDude (805747) | about 2 years ago | (#40283589)

Most people use the same password in multiple places. I'm guessing that 80% of those Linkedin email/password combinations will also get one into bank accounts, as well.

Re:Value of a linkedin account (2, Informative)

Anonymous Coward | about 2 years ago | (#40283591)

Instead of faking facebook accounts, someone could steal a real linkedin account to do the same:

How spies used Facebook to steal Nato chiefs’ details

NATO'S most senior commander was at the centre of a major security alert when a series of his colleagues fell for a fake Facebook account opened in his name - apparently by Chinese spies.

http://www.telegraph.co.uk/technology/9136029/How-spies-used-Facebook-to-steal-Nato-chiefs-details.html

Re:Value of a linkedin account (1)

Fnord666 (889225) | about 2 years ago | (#40283667)

What is the value of a random persons stolen linkedin account... I'm trying to figure out how its not zero.

Because people have been known to reuse passwords on other sites that might have a non-zero value.

Re:Value of a linkedin account (1)

llZENll (545605) | about 2 years ago | (#40283797)

A very easy way to profit is to release the stolen account data waiting for the negative press to push the stock down.

Re:Value of a linkedin account (1)

Anonymous Coward | about 2 years ago | (#40283949)

How about sending out phishing e-mails to people's contacts with links that could include drive by downloads?

Despite all the news about the LinkedIn hack, people still trust their friends. If someone post a news article in their feed or sends a private message with a link to bit.ly or something, a lot of people will click it.

Easy access to corporate or government accounts? (1)

uslurper (459546) | about 2 years ago | (#40284415)

On linkedin you can see real people.. not just random net accounts. These people list their current job on Linkedin.
Someone could take their passwords, find out what company (or government agency) they work for, and download all their email.
Sell this information to hedge fund managers and investment corporations or tabloids whatever.
$$$ with no ???.

Re:Value of a linkedin account (1)

Kergan (780543) | about 2 years ago | (#40284657)

What is the value of a random persons stolen linkedin account... I'm trying to figure out how its not zero. I have a pretty devious mind but I can't think of any way to make money off this with a reasonable chance of success.

Many people, especially younger people, have a unique weak password. So if you've their login and their password, chances are you can also access their Facebook account, their paypal account, their bank account, etc.

Did he crack any random passphrases? (4, Funny)

khendron (225184) | about 2 years ago | (#40283365)

Like "correct horse battery staple"?

Re:Did he crack any random passphrases? (1)

Anonymous Coward | about 2 years ago | (#40283439)

Like "correct horse battery staple"?

I believe "correct horse battery staple" was the first passphrase they cracked.

The second was "khendron beats dead meme."

Think of the poor crackers. (2)

MRe_nl (306212) | about 2 years ago | (#40283889)

"IfYouCanReadThisYou'reTooCloseToMyPrivats".

"PrivacyIsDeadDon'tYouAgree".

"YouWin,NowFckOff".

"BeingParanoidDoesn'tMeanNobodyIsReadingThis".

Real lesson -- make guessing expensive! (4, Insightful)

redelm (54142) | about 2 years ago | (#40283375)

The predictable whining (and obligatory xkcd rebut) will be to make passwds "stronger", because open hashes or fast guessing is acceptable provider security.

I call BS! More "blaming the victim". Any secadmin/netadmin who has hashes available or allows unthrottled passwd guessing is INCOMPETANT. Staff are paid for professional-level knowledge so users do not need to be concerned.

The work itself is very nice, MD5 hashes can be cracked quickly in massive parallel on GPU hardware. This only matters after the hashes have already been stolen.

Practical security should be more systemic -- the cost of a wrong guess is more than a nanosecond of GPU. There are at least network delays, and in many cases lockouts. The latter make random guessing too costly/slow, especially progressive systems that allow 5 wrongs immediately, 10 in an hour, 20 in a day, and lock hard (manual intervention) above that.

My father had one of the early ATM cards but had me operate the machinery. It had an 8 digit assigned PIN, but dropped quickly to 4 when it was realized the 8 were hard to remember, and swallowing the card after 3 wrong guesses was more than adequate.

Re:Real lesson -- make guessing expensive! (3, Insightful)

slimjim8094 (941042) | about 2 years ago | (#40283535)

What the hell are you talking about?? The problem wasn't the hashing - SHA1 is perfectly strong - it was the lack of salting, which makes attacks like this one possible. And "unthrottled passwd guessing" might be "incompetant" but preventing it doesn't do you a lick of good if you're testing against a list you downloaded.

Yeah, they screwed up. They shouldn't have allowed the password hashes to be compromised, and they should've salted the hashes so they would be essentially worthless if compromised, but that doesn't negate the value of a strong password.

Re:Real lesson -- make guessing expensive! (2)

Lisandro (799651) | about 2 years ago | (#40283595)

While the issue was clearly not the hash algorithm here, it should be noted that SHA-1 is now effectively broken [schneier.com] - you can get collisions in less time than using brute force.

It's still a perfectly usable hash algorithm, but it has been slowly phased out for SHA-2 (SHA-512) for some time now.

Re:Real lesson -- make guessing expensive! (1)

slimjim8094 (941042) | about 2 years ago | (#40283759)

Well, yes... I was being hyperbolic about SHA-1. The reason JtR is making headway is because the hashes are unsalted, not because the hash has problems. But if I understand it, doesn't salting even help with a weak hash? Given the hash of the password, you can perhaps find a colliding cleartext (is that the name for the input string?) in faster-than-bruteforce time but if you don't know the salt it doesn't help you because you can't completely control the input.

Re:Real lesson -- make guessing expensive! (2)

Rich0 (548339) | about 2 years ago | (#40283793)

While SHA1 is broken, I doubt it makes much difference here.

Per your link, you can find collisions in SHA1 with 2^69 hash operations per password.

The people doing the cracking here did CONSIDERABLY fewer operations per password than this.

Sure, everybody should be moving on, but the fundamental issue here is that passwords that people can remember generally don't have enough entropy.

Re:Real lesson -- make guessing expensive! (1)

PhrostyMcByte (589271) | about 2 years ago | (#40284279)

SHA-1, like MD5, is broken for digital signatures. When someone finds a way to reverse a hash back into a password, then it will be broken for passwords.

The only real argument against SHA-1 for passwords is that you can brute-force them rather quickly, but SHA-2 has the same problem. If this is an issue for you, use PBKDF2 or some similar algorithm.

Re:Real lesson -- make guessing expensive! (1)

redelm (54142) | about 2 years ago | (#40283907)

As another reply commented, SHA1 is not "perfectly strong". And yes, salting is an easy assist to hash security. And yes, strong passwords have value, the problem is the human cost. Don't you evaluate user costs?

Unprofessionalism (in IT and elsewhere) transfers costs from the incompetent to users/customers. Of course some costs have to be transferred. But they have a cost-benefit including user costs. Even competent management [rare] will have trouble catching mistransfers because the diffuse user community is "each only slightly inconvenienced" and may not complain (inertia hurdle). Yet in aggregate, the loss is substantial.

Re:Real lesson -- make guessing expensive! (2)

heypete (60671) | about 2 years ago | (#40284081)

Yes, but modern GPUs can compute SHA-1 hashes of various passwords at enormously fast rates. Even if they used per-user salts, it's likely that they would also be acquired during the original compromise: with the salts being known, the attacker could run through the various password possibilities at a high rate of speed.

Using just a plain hashing algorithm, even one like SHA-512, for password security is a bad idea as those hashes are designed (in part) for speed. Using something like PBKDF2 with a high number of iterations would help slow down brute-force attacking. If your system automatically increased the number of iterations over time to keep up with modern hardware, then that would help dramatically.

Something like bcrypt or scrypt could provide similar functionality but also require that the attacker have even more memory in addition to processing power.

Re:Real lesson -- make guessing expensive! (1)

0123456 (636235) | about 2 years ago | (#40284297)

Yes, but modern GPUs can compute SHA-1 hashes of various passwords at enormously fast rates. Even if they used per-user salts, it's likely that they would also be acquired during the original compromise: with the salts being known, the attacker could run through the various password possibilities at a high rate of speed.

Yeah, just TWO MILLION times slower.

Re:Real lesson -- make guessing expensive! (0)

Anonymous Coward | about 2 years ago | (#40283557)

I call BS! More "blaming the victim".

This is Slashdot. Haven't you figured out that blaming the victim, in pretty much all situations, is fashionable here? You're just going to get a lot of blank stares.

Re:Real lesson -- make guessing expensive! (1)

Anonymous Coward | about 2 years ago | (#40283593)

>INCOMPETANT
You don't say.

Re:Real lesson -- make guessing expensive! (1)

14erCleaner (745600) | about 2 years ago | (#40283679)

Locking an account after 20 wrong guesses enables a simple denial-of-service attack by your enemies.
And you mispeled "incompetant".

Re:Real lesson -- make guessing expensive! (1)

Gaygirlie (1657131) | about 2 years ago | (#40284741)

Locking an account after 20 wrong guesses enables a simple denial-of-service attack by your enemies.

Adding an ever-increasing delay for the attacker's IP-address would more-or-less solve both issues.

Re:Real lesson -- make guessing expensive! (1)

kokako (2499876) | about 2 years ago | (#40283945)

I agree that coming at this problem from the side of the user is not only blaming the victim but is ineffective. However, to understand why this is so I think that we need to consider human psychology. Why is that most people continue to use weak passwords, even though all but the lowest of the "low information" users understand the supposed importance of internet security? I assume that it is because they or their circle have not been victims of online identity theft. Until that happens to them, they will continue to use the weak passwords. Why bother with something complicated like a complex and difficult-to-remember password string when there don't seem to be any consequences? If online identity theft with significant monetary or professional consequences becomes sufficiently widespread, you will find that people will suddenly become interested in online security. At that point, however, I am sure that users will clamor for improved security measures on the corporate/server side. At that point, something like a security code of conduct might be appropriate. Corporations would clearly declare that they were following X security practices or adhering to Y set of standards for online security. Getting Joe123 to change his password from password123 to 8}0_(|5-'23a1_E_2_-! is not going to happen.

Re:Real lesson -- make guessing expensive! (1)

Bengie (1121981) | about 2 years ago | (#40284595)

You just mixed a lot of online and offline ideas together. You can't throttle offline cracking, unless you ask the cracker "pretty please with sugar on top".

I haven't heard much of online cracking being an issue because of what you said; one simply can't effectively attempt many passwords without causing a DoS.

"The work itself is very nice, MD5 hashes can be cracked quickly in massive parallel on GPU hardware. This only matters after the hashes have already been stolen." This part is true.

Locking down accounts sounds great until you think of what would happen. Take gmail. Some large bot owner decides to make 20 attempts on every account. Soon no one in the world can access their gmail because their accounts are constantly locked. How long until Google decides to remove account locking on failed attempts?

Some people have mentioned 2 factor auth. One could also filter by location when deciding to block attempts. They could also setup a special URL that is unique per person and can be re-generated. Instead of the normal login page, you get this on-the-side page that is immune to account locks.

I'm sure there are lots of ideas, each with a trade off.

Opportunity! (2, Funny)

Anonymous Coward | about 2 years ago | (#40283469)

Send me your password and I will verify that
-No one else is using it
-It is safe

BONUS: If you send me your credit card information I will tell if you if it's lucky!

THANKS,
"HAPPY DUDE"
742 EVERGREEN TERRACE

"Rules" ? (1)

Marc_Hawke (130338) | about 2 years ago | (#40283605)

Let me admit upfront, I've never explored the world of password cracking. However part of the article doesn't make sense to me. He mentions password based on rules. However he listed the rules and it seemed really strange.

pwdlink from pwlink with the rule "insert d in 3rd position"
pwd4link from pwdlink with the rule "insert 4 in 4th position"
pwd4linked from pwd4link with the rule "append ed"
pw4linked from pwd4linked with the rule "remove 3rd char"
pw4linkedin from pw4linked with the rule "append in"
mpw4linkedin from pw4linkedin with the rule "prepend m"
mw4linkedin from mpw4linkedin with the rule "remove second character"
smw4linkedin from mw4linkedin with the rule "prepend s"
sw4linkedin from smw4linkedin with the rule "remove second character"
lsw4linkedin from sw4linkedin with the rule "prepend l".

Does that mean he made a rule that added a 'd' to EVERY word in his dictionary to try that as a password? Or was his rule "any time you see a 'pw' it might stand for 'password' and therefore adding a 'd' makes sense."?

My point is, these 'rules' don't seem like generic rules at all, rather they sound like an 'after the fact' description of how to change 'pwlink' into 'lws4linkedin'.

Can anyone explain what I'm missing, or did he just add that for 'article filler?'

Re:"Rules" ? (0)

Anonymous Coward | about 2 years ago | (#40283865)

The guy who wrote the article is braindead, that's all

Clearly lsw4linkedin comes from pwd4linkedin (hint: look at your (QWERTY) keyboard). The author however made up some batshit crazy scheme to arrive at lsw4linkedin from pwlink. I guess I could make one to get there from "OMGpinkpony" as well

Re:"Rules" ? (2)

Rich0 (548339) | about 2 years ago | (#40283897)

I'm not an expert, but basically you want to generate a large search dictionary. You start with a small one (like the english dictionary), and then apply rules to generate more words to search. The kinds of rules you listed are typical, and you start applying them individually, and in combination. So, if you have 1000 words, and 10 rules you apply individually, you end up with 10k words. If you allow permutations of 10 rules then you have 1k*10^10 or something like that (depending on the rules order may or may not be important).

Sure, that sounds like a lot of things to test, but compared to a full brute-force search it is still a greatly reduced space.

All of this comes down to diminishing returns. The only way to guarantee getting them all is a full brute-force. However, if you can get 900k with a single pass with common words and a simple set of rules in a few hours, that is probably good enough for most purposes. If all you need is one chances are you just need a dictionary.

Re:"Rules" ? (1)

Anonymous Coward | about 2 years ago | (#40283969)

There are a whole dictionary of rules, and they were all applied to the last "dicitonary" of found passowords. The size of the dictionary decreased on each iteration. the rules listed above are just a list of the rules that happened to be successful, and lead to the "deepest" found password of lsw4linkedin after 10 iterations of this process of applying a dictionary of rules to a dictionary of known used passwords. The rules above are the "lineage" that lead to that specific passoword.

Check your password (-1)

clickclickdrone (964164) | about 2 years ago | (#40283615)

www.leakedin.org/

Re:Check your password (5, Informative)

Jahava (946858) | about 2 years ago | (#40284139)

www.leakedin.org/

Nobody should use this site, period.

You seriously expect people to go to an arbitrary site and enter their password, knowing that the hashes have been leaked alongside account information?

In the kindest possible world this may be seen as a service, but the skeptic in everyone should hear very loud alarm bells. This site could easily log all of the passwords that are entered for "testing", use them to solve the harder-to-brute-force hashes, and deliver to the site operator the resulting account information and plaintext password!

Even if you had the best intentions posting that link, and even if the site actually is completely innocuous, one should never encourage any user to enter their password into a random third-party site. Please take it down immediately.

Re:Check your password (3, Insightful)

glwtta (532858) | about 2 years ago | (#40284561)

In this case, you have all the tools to satisfy your inner skeptic: the source is right there, if you don't trust yourself to read it, it's trivial enough to examine all communication the page does.

As the site says, the passwords are hashed on the client, and nothing but the hash is ever sent to the server.

You make a fair point, but this is Slashdot, we're not supposed to be "users" here.

Real lesson: some web devs should be out of a job (2)

zedrdave (1978512) | about 2 years ago | (#40283637)

If so-called professional websites used proper hashing and salting, even password123 would be a halfway decent password.

Without offline cracking, password weaknesses aren't very exploitable (even the most inept server will shut you down after a couple hundred attempts at brute-forcing your way through an online login).

People like to harp on those "idiots" who pick weak passwords that can be cracked with a rainbow table, but unlike the moron web devs who still fail to salt their password DB in 2012, your grandma is not paid to have basic knowledge of computer security.

Re:Real lesson: some web devs should be out of a j (2, Insightful)

Anonymous Coward | about 2 years ago | (#40284093)

Why is it the devs who get the short end of the stick in most 'xyz should be fired!' comments in this topic?

I've worked at several places (in QA) where the devs were perfectly aware that there were security weaknesses (usually a result of some small system that organically grew into some big web service - but never was designed to be a big web service) - but until something is on fire (read: bad press), management tends to not prioritize highly needed refactoring (lets not argue over what to call it) over new shiny features.

two factor authentication (2)

circletimessquare (444983) | about 2 years ago | (#40283685)

SMS to phone

coming to a computer near you, for everything

SMS to phone. (1)

zentigger (203922) | about 2 years ago | (#40284071)

I barely trust most web-service providers with an email address that can be closed/blocked/changed with little cost or effort. Satan will skate before I start giving out my mobile number!

Re:SMS to phone. (2)

circletimessquare (444983) | about 2 years ago | (#40284281)

then you aren't doing any banking or using Craigslist

I don't use facebook but I believe they are doing phone authentication now too.

It's coming for all sites, I'm sorry. It's good for security, I believe.

Re:SMS to phone. (1)

rwv (1636355) | about 2 years ago | (#40284723)

Satan will skate before I start giving out my mobile number!

I do believe they have roller-derby in hell... so I guess zentigger will be sharing his or her mobile number soon!

On a serious note... I thought that was a clever euphemism for "when hell freezes over".

Some more important questions (3, Insightful)

arcctgx (607542) | about 2 years ago | (#40283717)

We all know that people tend to choose weak passwords, this is not really newsworthy. Ever since the database was leaked, many people, including professionals, have performed various analyses of cracked passwords. This is fine, but I think there are more important things we need to know right now:

1) When exactly was the database leaked? It seems that it's been floating around the internet for some time before it hit the news last week.
2) What the attack vector was?
3) What security measures have been taken by LinkedIn to ensure this will not happen again?

And perhaps one more: is there a relation between LinkedIn, eHarmony and last.fm database leaks? Did the same person/group do this?

isolation 101 (1)

epine (68316) | about 2 years ago | (#40283781)

This is a nice piece of work where he uses incremental modifications of existing password templates to show that password "seasoning" with a few stray twiddles such as s/o/0/ or s/$/! isn't worth much.

linkedin is the only social network I've signed up for, and I visit less than twice a year. Don't think I used a strong password, but I do know I used a password totally unrelated to any other password on any other active account.

Sure beats being the guy with the password lsw4facebook or lsw4citibank on sites that might be easy to guess.

Hackers the movie (1)

bdrees (1015815) | about 2 years ago | (#40283917)

Can they atleast confirm that the top five used password are still God, Love, Sex, etc etc, or what ever they were in that movie?

Must we use truly random passwords? (1)

Anonymous Coward | about 2 years ago | (#40284721)

So this was eye opening for me if nothing else. If you're not going to use something that generates and stores random passwords (say lastpass) - then you're forced to come up with something that you can remember. This means words, modified by "rules" - numbers and symbols attached to it. Basically this guy proved that strategy doesn't work.

So words and any rules applied to them are out. What next? Are we all forced to use truly random passwords for every single darn login we have (which in my case is literally hundreds). What about my current strategy of using obscure model numbers of things I like, and then modifying them? Is this safe or just as stupid as making a password "!pa$$w0rd"?

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...