On passwords and encryption

[Rocinante]

Please note that this thread is not a place to discuss the events of this weekend - once there's solid information to disseminate I'm sure that will be forthcoming - but instead this is to answer some questions I've seen repeated in email and IRC.  Do try to avoid wild speculation and misinformation, and not bring up what so-and-so told you happened this weekend.

I've seen quite a few people question recent events, specifically when told there was a database breach and that passwords should be changed everyone asks, "But aren't they encrypted?"  The answer is yes, of course they are.  But that means nothing.

Passwords tend to be encrypted using what is called a "one-way hash"; this is a mathematical function where given a certain input, a specific output is generated.  However, given the output, you cannot determine mathematically what the input to the function was - it only works in one direction.  Some examples of one-way hashes are MD5, SHA1 and RIPEMD.  See this article for more on hashes.

Now, even though you can't mathematically determine what the input to a hash was, you can still "crack" it through other means.  Some, such as MD5, have particular flaws that make it easier to calculate what the input was when given the hashed output, while for others there's the dictionary attack.  For example, if my password was "p@ssw0rd", one possible hash of that is "A6.WLhKd.rk2M".  While you may not easily be able to reverse that, what you can do is take every word of a dictionary (including variants, such as substituting 1 for i or l, 0 for o, etc) and hash that value to see what you get.  Sooner or later, you're bound to find out that when using the input "p@ssw0rd" you get the same value.  Now without cryptographically attacking the actual hash, you've defeated it because the password itself was weak.

If instead I had used "WA53@WaIOGxL;Qq" as my password.. well, yes you could eventually brute force that value and find that it matches the hashed output.  But that's going to take a lot longer since the password itself is random.  When cracking accounts, you'll get all the easy ones first - people who use their username as a password, or a common dictionary word, followed by those who prepend or append a number, change capitalization, or substitute some numbers and symbols for letters.  So as you can see, it doesn't matter how strong an encryption algorithm is.  If an attacker has your encrypted password, and you have a crappy password, and they know what method was used to encrypt it (which is usually the easiest part of the equation to get) then they can get your password.  It's all a matter of how much CPU time they want to throw at the problem, and how patient they are to get your password as a result.

I invite and encourage any questions on passwords, encryption and security - I'll leave this topic here, even though it will quickly become "off topic" for the forum itself, until a few days have passed and those who would be interested in the idea have seen it here before moving it to the off topic board.

[MitSugna]

Thanks for the heads up!
http://gmailblog.blogspot.com/2009/10/choosing-smart-password.html

[Demolution]

tl;dr: Put in the effort to memorize a longer and more complicated (and thus more secure) password.

Off topic:
Will we get some information on what actually happened this weekend? Or should I not even bother asking this?

[your face]

Check my signature, it's my view of the matter.

Good article, thanks for explaining.

[janev]

Thanks for the heads up. Password changed.

General Question: Is there any way of discerning where else a password may or may not have been used?

[maniaxx]

what about salting?

[Rocinante]

tl;dr: Put in the effort to memorize a longer and more complicated (and thus more secure) password.

Definitely.  I use 1Password on the Mac/iPhone, some use KeePass, and there's plenty of other secure password managers to help you keep track of not only what password is used, but where it's used (or even better, generate long and complex ones everywhere).

Off topic:
Will we get some information on what actually happened this weekend? Or should I not even bother asking this?

I'm pretty sure that's coming very soon.

General Question: Is there any way of discerning where else a password may or may not have been used?

Only using your memory, and trial-and-error.  If you store passwords in Firefox, you can search its list of stored passwords, or there's even a plugin you can get that can dump the list of passwords to a CSV or XML file; pretty sure there's similar methods in all the major browsers.

what about salting?

In short, it helps, but it doesn't prevent.  The long: Salting is adding some extra bit of information to the password, so that the encrypted data consists of the password plus that extra bit; in this way, you tend to create a stronger encrypted string since the data isn't just the password.  However, if you know the salt method used this sometimes doesn't help much.  SMF uses a slightly strange method (and this is published all over the web, as well as the source code, so it's not like I'm divulging anything special here): The encrypted string consists of your username + password + salt.  So the only thing this prevents is a straight dictionary attack, because instead of encrypting every password possible, you have to encrypt every username + password + salt to get a single password.  Programs like "Jack the Ripper", used for brute forcing password databases, work on the principal that there's a small number of salts and the rest of the encrypted strings are just the password.  In the case of my example "p@ssw0rd" above, if four people had the same password you wouldn't know until you tried encrypting that word plus our usernames and the salt, whereas without the method used by SMF you would find all four passwords at the same time.

[gimhael]

FireFox users can install the PasswordMaker plugin to get unique passwords for every website. The advantage is that these unique passwords are autogenerated, so you don't need to carry them with you on an USB stick or something.

[tuple]

keypass here.  You can generate obscene passwords that you'll never remember, and keepass can live on your task bar.  You can right-click copy just the password (which it is set to not show you) and paste it into wherever.  It only lives for a short while in you copy buffer though, so you don't have to worry about pasting it into something else 5 hours later when you get back to your computer 

Linux and windows version, maybe mac, I haven't looked.

[==Troy==]

And what about password strengthening? I.e. taking hash of a hash 20k times (about 1-2 seconds of average PC speed).

[David]

Because that also kills the server.

[MitSugna]

a hash of a hash of a hash of a hash of a hash of a hash of a hash of a hash.... over 9000 times.

Yeah, Hash the Hashing Hashers!

[Nux]

keypass here.  You can generate obscene passwords that you'll never remember, and keepass can live on your task bar.  You can right-click copy just the password (which it is set to not show you) and paste it into wherever.  It only lives for a short while in you copy buffer though, so you don't have to worry about pasting it into something else 5 hours later when you get back to your computer 

Linux and windows version, maybe mac, I haven't looked.

How secure is this basket you're putting all your eggs into? And I don't mean from haxors. How about friends and family with access to your computer?

People you know are generally more aware of and interested in your online stuff than most people.

No, I don't wear a tinfoil hat. It's a tinfoil top hat.

[tuple]

How secure is this basket you're putting all your eggs into? And I don't mean from haxors. How about friends and family with access to your computer?

People you know are generally more aware of and interested in your online stuff than most people.

No, I don't wear a tinfoil hat. It's a tinfoil top hat.

How much do you want?  You can lock the DB with a key you keep on a thumbdrive if you wish, or a password only you know, or both. It only runs in the taskbar if you start the program, not on OS start and the windows version even locks that so you need to reopen the db (with however you've locked it) when you call it back from the taskbar.

You could even store it on an encrypted partition on a usb drive if you want to start getting crazy paranoid

[FisherP]

The PasswordMaker Add-on for Firefox is pretty good. I use that so that every web site has a different password and I only have to remember one.

[Rocinante]

No, I don't wear a tinfoil hat. It's a tinfoil top hat.

Hah!  I don't know what line of business you're in, but in mine tinfoil is too flimsy :>

Tuple spoke about KeePass, I can speak about 1Password - it also has a "master password" which is used to lock the keychain, and has settings which determine how often it locks and when.  You can have a time limit (defaults to 20m), when the machine goes to sleep, or even whenever the screen saver starts as triggers to relock the keychain.

They've got a new system coming out soon where you can point a web browser at a .html file in the keychain (it's just a directory), enter your master password and using javascript access the contents for when you're not at your Mac.  I use this for my Linux machine at work.  Also an iPhone app which has two layers of "security", a four digit PIN you enter to open the app and a password you enter to unlock any of the passwords contained within (though you can loosen restrictions on a case-by-case basis if, for example, you want to only require the PIN for some passwords).

[Bissig]

I don't trust those password managers:

If I lose my head, I will lose all my passwords but probably also all of my life. So losing passwords is the lesser threat.

If I lose the USB stick or the hardisk with the password manager or forget the masterpassword.. I am really fucked.

[David]

I know the passwords to my email.  With that I can reset everything else.
Also, print the list out.  Can't forget the password to a bit of paper.

I'm using keepassx, which is keepass for linux.  It seems to work great.  Keepass2 is supposedly better, but it wouldn't run under mono (I didn't try too hard) and things like Auto-Type don't work on linux, which is kinda a deal breaker.

[Nux]

Thanks for the info.

So as far as I can see, there are only two real disadvantages to using such a tool.

1. Eggs in the basket
If the security on the database is cracked, the security of all your associated accounts are also cracked. A big 'if'? Maybe but it's an inherent flaw nonetheless.

2. Dependency
If you don't learn to remember the individual passwords, you need this tool to log in to your accounts.

I won't be using one of these but I can see why you would.

[beware of troll]

Why is it even bad if someone cracks your password on tremulous.net? They can't even see your email by logging into the account, can they? As long as you didn't use the same username/password combo on a banking website or something, it doesn't seem like a big deal. It's not like you should really care if the hacker(s) want to defame your trem.net reputation.

[mooseberry]

Your email is very much visable in account settings. And if you have the same password on the forums as your email or any other site they know you are on they can get into it. And if you have the same password to your email account they can get anywhere.

[Paradox]

Best password:

the 10,000-10,008th nucleotide pair of your 23rd chromosome

[Demolution]

Best password:

the 10,000-10,008th nucleotide pair of your 23rd chromosome

Brute forced with the aid of The Human Genome Project? 

[Nux]

Best password:

the 10,000-10,008th nucleotide pair of your 23rd chromosome

Armed with that information, I've only got 65,536 strings to brute-force. Muhahahaha!

I'll start with 'gattaca' strings on the off chance you liked that movie so much you restructured your DNA to prove your devotion.

[Paradox]

Or even better. Since encoding is good, RNA encode them.

[Dance Commander]

thank god i used 12345 instead of a word from the dictionary, AMIRITE?

[Rocinante]

thank god i used 12345 instead of a word from the dictionary, AMIRITE?

You, go change the combination on my luggage!

[SlackerLinux]

thank god i used 12345 instead of a word from the dictionary, AMIRITE?

please dont write my password on forums backwards k thx bye :p

[Undeference]

thank god i used 12345 instead of a word from the dictionary, AMIRITE?

Not exactly a dictionary, but does this count?

[silverbak]

Which hashing algorithm was used on the passwords?