This is incredibly misleading. Mathematically, if they find a string that hashes to your password, it is absurdly likely that they have found your password. The 1 in 10[sup]50[/sup] chance that they’ve stumbled upon a hash collision is so small it should not be considered.
What you misunderstand is that you will not have pretty good security. Using a password manager with long randomly generated passwords that are never reused is pretty good security. Any other system or scheme is just piss poor security that you’re fooling yourself into thinking is pretty good.
It’s like if you had a sign on your door that said “Burglars, go away!” and someone said you should put a lock on your door, and your response was “Well, sure, locks are the best strategy, but I’m ok with the pretty good security that my sign provides”.
My financial future is so entangled with my wife’s that withholding the online access passwords to our joint bank accounts seems unlikely to help much. Were I to actually try such a stunt, though, I think to probability of an eventual divorce would suddenly increase considerably. :dubious:
Go change all of your passwords, everywhere, right now, starting with your bank. If you’re very lucky, you might get there before the attackers do and completely clean you out. Then call up the important places, talk to a human, and tell them that your password has probably been compromised. Your password system provides you with zero security.
How bad is it to have a “dictionary word” (some string that might appear in a hackers dictionary) embedded in truly random characters?
For example, will “s&JrPASSWORD3%oP” get picked up sooner than expected because it has the string “PASSWORD” within it? I mean, when “de-hashing”, can the software recognize the presence of this real word within the string and say, “Hey, I’m done here!”?
Someone enlighten me please. There is a lot of discussion here about passwords that are hard or easy to crack. Don’t most websites and other protected systems lock your account if you try X number of login attempts without the right PW/UserID combination?
It seems like even if you had a relatively weak PW, a reputable site would lock-out any hacker attempting a brute force algorithm to access your account.
Not at all. If the hashed values are one bit smaller than the input, then the chances of an input that hashes to a given output is the “right” one is 50/50. For each additional bit the hash result in smaller than the input, the odds are cut in two.
Since hashes are almost always much smaller than the input, the chances of an exact hit are tiny.
The original purpose of hashes, to map a large key range into a small table range, is the origin of hashing into a smaller range. Cryptographic use of hashing functions preserves this. (Unless the system was stupidly designed, where passwords and hash values are both 8 chars, for example. But then again, who thought that any web site would not save passwords only as hashes.)
Is that true for passwords, though? We think of a 20 character password as being “long”, and it might have a 64 byte hash. In this case it is the plaintexts that are the smaller space, and most hashes are unused.
Besides, if someone reverses my password hash two different ways, and one gives “HSJAGhsjay82719SxbnvJAHDIhagd*62” and the other gives “BeiberFan4evaXOXO”, it’s pretty obvious which one is the real PW.
There are a lot of ways to rethink this. The first and most important one is:
RULE NUMBER 1: Always assume, always, that all other steps necessary to crack your account have already occurred. All that is needed is for you to goof up. For instance, by picking a lousy password.
This is a crucial part of not just security, but safety engineering and many other areas. It is incredibly hard to get people to understand this. All it takes is everyone in the chain to think: “What are they chances the other links are weak.” and the next thing you know you have a problem.
In your case, think about this: The crackers try a dictionary attack on 10 million accounts. Sure, they get locked out of each one, but that doesn’t matter. Eventually they will hit an account that has the current test password on the first try. Out of 10 million accounts and trying just 2 or 3 passwords, they are going to get into thousands of accounts. Cleaning that up is a mess for all involved.
As has been shown so many times, web sites get compromised. The password file gets stolen. Hopefully the site is somewhat smart and all the crackers have are the hashes. But now there is no limit on how many attempts can be made.
(I used to do this on a regular basis on a system I had admin privileges on so I could read the shadow password file. One of the so-called admins kept picking words like “spring” as a password. I would run the test program, walk into her office, and tell her her current password. She never got over being shocked that I had figured it out. And she never started using more secure passwords. Oh, and there were scripts posted to Usenet that allowed non-admins to read any file, so I didn’t even need admin privileges.)
And there are many, many other ways Bad Things can happen due to weak passwords.
One thing to keep in mind with security/crypto stuff. There are really smart people out there who know a lot of ways things can go wrong. When they say something is not good, it is not good. You may not understand why. But trust them.
Given a good hash function, there should be no similarity between the hash of “password1” and the hash of “password2.” Assuming that the prefix string is long enough to be strong against dictionary attacks, I see nothing wrong with this scheme.
Most sites are robust against repeated login attempts, as you say, but hashed password hash files get leaked and hackers are free to whack at them as long as they want to.
I’m fairly certain nobody will even be looking for similarity in the hashed values.
I think the key problem with this scheme is that we could probably expect the interval between the first break and subsequent ones to be very short - once the first password is cracked (or known by any means), all substrings of it go into the dictionary - because we know people reuse them - and thus, the scheme has pretty much a single point of failure.
It may well be that the first hurdle in the process is still apparently impossibly difficult, but that’s probably not a reason to fail to erect any further hurdles.
Despite my strong recommendation for using a PW manager I’m going to disagree with this a little bit. If one uses a relatively random, long (e.g. > 15 chars) PW that they modify for every web site they are probably secure enough as long as a hacker doesn’t target them specifically, which is unlikely. In the case of a targeted attack then the schemes will fail, and fast.
As long as every site you use the password on has decent security practices, maybe. But it only takes one nincompoop web admin to store user passwords in clear text for it to be compromised.
Multiple use of the same password: If one site is compromised, all sites are compromised
Short passwords: vulnerable to brute force attack
Limited character set used in passwords and limited length (<15??): vulnerable to brute force attack
Appending, prepending and interpositioning short strings into a password used in multiple locations: vulnerable to dictionary attack. (Dictionary as defined by a hacker.)
Inclusion of site name in password: Once one PW is cracked, the strategy is revealed and (a) used to crack other passwords owned by you and (b) used by hackers in future attacks.
Obfuscation strategies such as letter substitutions, shifting hands on keyboard, writing backwards, double words: strategies known to hackers and included in dictionary attacks.
Correcthorsebatterystaple method: vulnerable to dictionary attack using combinations by persistent hacker. (Length may save you.)
High entropy long passwords with large character set and created by users: difficult to remember, hence difficult to use. May need to be recorded somewhere and so vulnerable to physical attack.
Long passwords created by user with non-transparent mnemonic device: likely to contain substrings that introduce vulnerability to dictionary attack with combinations.
Use of password manager: mostly perceived risks – small absolute risk. Objections include, anticipated inconvenience, sense of overkill, objection to cloud storage (can be mitigated), eggs in one basket problem, fear of inside attack by PW manager provider or malware, sense of not being in control (“I don’t know any of my passwords”), potentially limited access if using unfamiliar device. However, probably the only thing to proect against keyloggers.
I don’t think I have missed anything. I am currently using strategy #9 except where I am restricted by stupid password rules. On reflection, I am going to take steps to increase the character set I use. Compared with other people I only have a small number of online passwords anyway (maybe 30) and most of these are low stakes security risks like this site. If my life gets more complex i will go for a reputable PW manager but I would rather not have to carry a USB stick around with me wherever I go and I am reluctant to use cloud storage.
This is ridiculously hysterical. First off, how the heck is anyone going to clear out your bank account with online access? Banks aren’t functionally retarded. They aren’t going to send a wire transfer for your entire balance to the Cayman Islands based on online access. Something like that is going to need a signed form and they will be doing verification beyond an online password and what can be gleaned from their website.
Second, there are literally thousands of banks in the US. No hacker is going to try a bunch of combinations of passwords and each of those sites to gain access. For one, it’s far too much effort and second, like I said before, what exactly are they going to do with my online access?
It’s fairly difficult to do wire fraud. Governments are very concerned about things like terrorism, money laundering, and drug trafficking. Any foreign transfer of money is going to be scrutinized, and anything found to be fraudulent will be shut down very quickly.
The hackers are going to do this. They are going to try to log in to your e-mail and blast our e-mails like this:
Or some variation thereof. Then they are going to try and get your dumb acquaintances to send money through Western Union to the “hotel manager”.
Presumably they’re trying more likely possible passwords first, which makes it very likely that they’ll hit your password before a possible collision, unless you used a random method to generate a long one in the first place.
The attack vector that we’re talking about is that a hacker gets access to the stored hashes. In that case, they don’t have to go through the normal login interface, they can simply hash possible passwords and compare them against the known hashes as fast as they have power to compute it.
In general, this is not correct. A good password hash is going to be at least 256 bits, which is 32 ascii characters. The vast majority of people use passwords shorter than 32 characters.
A good password will be salted before being hashed, so the salt+hash is longer, but the salt isn’t secret, so it doesn’t increase the search space of the password, it just means that you can’t precompute hashes easily.
Let’s back up and talk about how security works in the web world. When you create a password at the SDMB, it takes that password and makes what is called a hash. So for example, if your password is “a” the hash will be “B98SoJU34r” and if your password is “b” the hash will be “89Ldfg83”*. It then stores that hash in the database. When you log in, you send in “a”, the server runs a function and gets “B98SoJU34r”. It sees that “B98SoJU34r” matches what it has on record and lets you in.
So how does the website do this? There is something called a cryptographic hash function. These are complicated beasts and difficult to do well. So essentially everyone uses the same code. It’s too deep of a subject to explain here, but there are three key factors:
(1) The output of the function is essentially random compared with the input.
The key point of this is that if I have inputs 11111111 and 11111112, the outputs will be totally different from each other. Thus, knowing what 11111111 outputs gives me absolutely no information about what 11111112 will produce.
(2) It is essentially impossible to find the input given an output.
If, for example, the output is “B98SoJU34r”, as I said before, there’s no way for you to calculate that the input was “a”. To the point where even if I gave you every computer in existence, you wouldn’t figure it out before the Sun envelopes Earth.
(3) Calculating the output given an input takes a trivial amount of time.
In other words, I can calculate that “a” results in “B98SoJU34r” thousands of times a second.
So how do crackers get passwords? It’s simple. They try every combination they can think of until they get something that matches a record in the database. For example, in the SDMB DB there is a record that says:
User: treis
Password-Hash: “3SD93SgDE”
They are going to have a program that does:
Input: “a”, Output: “B98SoJU34r”… no
Input: “b”, Output: “43ZDFL324”… no
Input: “c”, Output: “C324SDSAD”… no
Input “d”, Output: “3SD93SgDE” … BINGO!
They got an output that matches what is stored for my account, and they know that the input for that is “d”. Ergo, they now have my plain text password.
So the key is to make passwords that come from a big pool of possible values. If we start at one letter or number we get:
10 numbers * 26 letters = 260 possibilities. Assuming a computer can try 5,000 passwords a second, obviously this will take a fraction of a second to figure out.
If we do two characters:
260 * 260 = 67600 possibilities. Now we are talking about seconds.
Three:
260 * 260 * 260 = 17,576,000 possibilities. Now we are talking about minutes.
Four:
260 * 260 * 260 * 260 = 4,569,760,000 possibilities. Now we are talking about days
Five:
260 * 260 * 260 *260 * 260 = 1,188,137,600,000 possibilities. Now we are up to thousands of years.
Ok, so five or more characters should be fine, right? The problem is that our hackers are smart and don’t just randomly guess. Let’s say they start with common words. There are about 200,000 common words in the English language. Assuming 5,000 operations a second, that takes 40 seconds to do. So let’s do what others have suggested and shift our word. So instead of:
router we shift each letter to the right and our password is: “tpiyrt”. That looks a lot more secure. Certainly, no one is going to sit down and type that in. However, it’s trivial to write a program that takes each letter and shifts it. Let’s say I write a program that tries every English word and every keyboard shift. So now instead of 200,000 words, I have 1,000,000 (The original word plus up, down, left, and right shift). So now it takes me 200 seconds instead of 40 seconds to try every English word. That’s not much of an increase of security.
So now we are going to be clever and substitute numbers for letters. So instead of router, we have r0ut3r. But our hackers are clever too. They will now take every English word and replace every “e” with “3”, t with “7”, o with “0”, etc. And they will do so in combinations. So it will try rout3r, r0uter, and r0ut3r. Let’s say that increases the complexity by a factor of 10. Now, if we are shifting and doing number replacement, we are up to about an hour to try every English word. Again, we have no practical increase in security.
So why does multiple random words work? Let’s say you pick 4 words out of the 200,000 or so common English ones. The possibilities are now:
200,000 * 200,000 * 200,000 * 200,000 = 1,600,000,000,000,000,000,000 combinations. To try every one of those combinations we are talking 10,147,133,434 years. Or roughly 60% of the age of the universe.
So what else doesn’t work?
(1) Random numbers at the end/beginning of a word. Making our password, router0756 increases complexity by 10,000. In other words, we go from 40 seconds to about 5 days. So a noticeable bump, but not a lot.
(2) Famous quotes. There are a ton of sites that have collated various quotes. There are lyrics websites. There are open source books. Wikipedia exists. I can trivially write a scrapper that goes to a famous quote website and gets me every quote on the webpage. Say there is 100,000. It takes me 20 seconds to try everyone. There are 800,000 words in the bible. It takes me ~160 seconds to try every two word quote. Another ~160 to try every three word quote. Another ~160 to try every four word.
(3) “Random” strings. For example, we have this example from before:
A seemingly gibberish password. Ah, but remember our computers are masters at gathering and manipulating data. Like (2) I can take every famous quote, apply this algorithm, and try every combination in a matter of minutes.
The absolute key is random random random. If it’s not random, it’s not secure. There are vast datasets out there covering everything. Anything you can think of is out there. Street names, zip codes, pet names, whatever. Let’s say there are 10,000 common street names and numbers typically are under 1,000. That’s 10,000,000 possibilities, or a mere 30 minutes of crunching for my cpu. If it’s not random, it’s not secure.