Saturday, 4 May 2013

Why you should take hacked sites’ password assurances with a grain of salt

Beware of e-mails that play down the ease of cracking your leaked passcode.

Reputation.com, a service that helps people and companies manage negative search results, has suffered a security breach that has exposed user names, e-mail and physical addresses, and in some cases, password data.

In an e-mail sent to users on Tuesday, officials with the Redwood City, California-based company said the passwords were "highly encrypted ('salted' and 'hashed')," a highly vague description that can mean different things to different people. "Although it was highly unlikely that these passwords could ever be decrypted, we immediately changed the password of every user to prevent any possible unauthorized account access," the e-mail added unconvincingly.

It's unfortunate that companies make such assurances, because they may give users a false sense of security. As Ars has been reporting for nine months, gains in cracking techniques means the average password has never been weaker, allowing attackers to decipher even long passwords with numbers, letters, and symbols in them. Even Ars' own Nate Anderson—a self-described newbie to password cracking—was able to crack more than 45 percent of a 17,000-hash list using software and dictionaries he downloaded online.

Jeremi Gosney, a password cracking expert with Stricture Consulting Group recently explained in an Ars forum post that it's highly unusual for a leaked password list to go uncracked, as suggested by the Reputation.com e-mail.

"It definitely depends on the specific leak we're talking about, but generally speaking, your average security expert/penetration tester/casual password cracker is probably only going to be able to recover at most 50-60% of passwords in any given leak," he wrote. "Seasoned password crackers will likely recover 70-75%; and truly exceptional password crackers will recover 80% or more."

Adding cryptographic salt to passwords is crucial to the safe storage of passwords because it forces password cracking programs to guess the plaintext for each individual hash, rather than guessing passwords for thousands or millions of hashes all at once. (Yes, it also thwarts rainbow-table attacks, but no one uses this method anymore.) But it's easy to overstate the benefits of salting. It in no way slows down the cracking of a single hash, so if an attacker locates the hash belonging to a particular high-value Reputation.com user, the measure does nothing to thwart the cracking of that hash. The security value of salting alone only slows down cracking of large lists by a multiple of the number of unique salts, so that value decreases with each hash that is decoded.

A far more meaningful security measure is the type of algorithm that's used to convert plaintext passwords into cryptographic hashes. If the company used SHA1, SHA3, MD5, or any number of other "fast" hashes, it's extremely likely that at least some of the leaked password data has already been cracked. If, on the other hand, the company used bcrypt, scrypt, PBKDF2 or another "slow" algorithm specifically designed to hash passwords, the chances are significantly lower. Reputation.com makes no mention of the algorithm it used, so users should presume the worst. Anyone who used their Reputation.com password to protect one or more accounts on other sites should change those passcodes immediately. Passwords should be randomly generated by a password-manager, contain a minimum length of 11 characters, and include numbers, letters, and symbols. They should also be unique to each site.

For a deeper dive into the benefits of salting and hashing, see last Saturday's story about the password breach that hit LivingSocial.com. Some of the user comments are especially illuminating.


Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

No comments:

Post a Comment