[Link] Why You Don't Use MD5 For Passwords

  • (3 Pages)
  • +
  • 1
  • 2
  • 3

40 Replies - 4579 Views - Last Post: 13 June 2013 - 09:57 AM

#1 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6037
  • View blog
  • Posts: 23,432
  • Joined: 23-August 08

[Link] Why You Don't Use MD5 For Passwords

Post icon  Posted 28 May 2013 - 02:53 AM

*
POPULAR

An insightful Ars Technica article on how easy it is to crack MD5 passwords, even those you might think are fairly secure.

Quote

The list contained 16,449 passwords converted into hashes using the MD5 cryptographic hash function.
...
The most thorough of the three cracks was carried out by Jeremi Gosney, a password expert with Stricture Consulting Group. Using a commodity computer with a single AMD Radeon 7970 graphics card, it took him 20 hours to crack 14,734 of the hashes, a 90-percent success rate.
...
The increasing power of hardware and specialized software makes it trivial for crackers to combine these ingredients in literally billions of slightly different permutations. Unless the user takes great care, passwords that are easy to remember are sitting ducks in the hands of crackers.


Is This A Good Question/Topic? 6
  • +

Replies To: [Link] Why You Don't Use MD5 For Passwords

#2 baavgai  Icon User is online

  • Dreaming Coder
  • member icon

Reputation: 5780
  • View blog
  • Posts: 12,594
  • Joined: 16-October 07

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 28 May 2013 - 04:05 AM

*
POPULAR

Interesting. However, this is not a problem with MD5 as initially implied. "these so-called one-way hashes" Snide buggers.

The article describes your basic brute force dictionary attack. It then goes on to describe how various permutations are chosen, but it's still just a brute force attack. Any hash function is vulnerable to such an attack.

Fast is relative. MD5 and SHA512 are not light years away in speed. And with the cached dictionary attack initially described, there's no difference at all. The computational complexity of a hashing algorithm will not save you from hackers, because it still has to be simple enough to actually use.

Bottom line: don't share your password hashes. Um, duh.
Was This Post Helpful? 6
  • +
  • -

#3 ThrowsException  Icon User is offline

  • D.I.C Head

Reputation: 33
  • View blog
  • Posts: 83
  • Joined: 21-February 12

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 28 May 2013 - 04:49 AM

The article makes a good point mentioning salts. I'd think any new application now would have almost no excuse not to use them if they are storing passwords to at least say they did the best they could to stop someone from dumping a whole password table in seconds in case of a breach.
Was This Post Helpful? 1
  • +
  • -

#4 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6037
  • View blog
  • Posts: 23,432
  • Joined: 23-August 08

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 28 May 2013 - 05:54 AM

Quote

Bottom line: don't share your password hashes. Um, duh.


And prevent SQL injection and lock down your servers by allowing only logins via using public key cryptography. Ideally limit logins to known IPs.

Use the vast resources of OWASP.
Was This Post Helpful? 4
  • +
  • -

#5 Linesofcode  Icon User is offline

  • D.I.C Head

Reputation: 6
  • View blog
  • Posts: 62
  • Joined: 23-May 13

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 28 May 2013 - 06:01 AM

This will only work if hackers actually have access to database. If they not, and if they're only attempting to login in a website, a simple solution to prevent this, even with MD5, is very simple.

Password + 'word from website creator' encrypt.
Was This Post Helpful? 0
  • +
  • -

#6 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6037
  • View blog
  • Posts: 23,432
  • Joined: 23-August 08

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 28 May 2013 - 06:09 AM

Right, but one thing to make clear: one-way hashing is NOT encryption, because encryption by definition is two-way.

Hackers get access to databases primarily through SQL injection vulnerabilities which are widespread and propagated by poorly-written, outdated tutorials which appear at the top of the Google rankings. I really wish there were some way to get Google to de-rank those.
Was This Post Helpful? 2
  • +
  • -

#7 Linesofcode  Icon User is offline

  • D.I.C Head

Reputation: 6
  • View blog
  • Posts: 62
  • Joined: 23-May 13

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 28 May 2013 - 06:18 AM

Yes, the problems always comes from SQL injections.. but why? Because of bad code practices and not because of which hash algorithm was used to encrypt passwords.

I can't talk by experience in other web language further than PHP, but people who continue to develop in PHP, have the tendency to not adapt to the new PHP releases.

This post has been edited by Linesofcode: 28 May 2013 - 06:19 AM

Was This Post Helpful? 0
  • +
  • -

#8 baavgai  Icon User is online

  • Dreaming Coder
  • member icon

Reputation: 5780
  • View blog
  • Posts: 12,594
  • Joined: 16-October 07

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 28 May 2013 - 06:29 AM

"prevent SQL injection" Also kind of a duh. And yet, you still see crap like "where username=" + (unsanitized text from web page) all the time.

View PostJackOfAllTrades, on 28 May 2013 - 08:54 AM, said:

lock down your servers by allowing only logins via using public key cryptography


I actually considered doing this on one of my work servers, but I'm sure someone would freak. It's an easy sell for *nix: no more password typing or only type once. For Windows, which has dismal two part key support, not so much.

Still, always setting up and using keys is a great habit to be in, even if the server is still open to passwords.
Was This Post Helpful? 1
  • +
  • -

#9 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6037
  • View blog
  • Posts: 23,432
  • Joined: 23-August 08

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 28 May 2013 - 06:44 AM

Quote

I can't talk by experience in other web language further than PHP, but people who continue to develop in PHP, have the tendency to not adapt to the new PHP releases.


Yep. And all newcomers Google tutorials and find the ones I noted in the previous post. It's trying to fight an endless cycle of ignorance.

Quote

I actually considered doing this on one of my work servers, but I'm sure someone would freak. It's an easy sell for *nix: no more password typing or only type once.


All access to our production systems requires logging into a single internal system and using your SSH key to log into the remote if you have access, but we're a Linux shop (which, I may add, is getting us into a little bit of trouble when most of our customers seems to be Windows-based).
Was This Post Helpful? 2
  • +
  • -

#10 Skydiver  Icon User is online

  • Code herder
  • member icon

Reputation: 3469
  • View blog
  • Posts: 10,691
  • Joined: 05-May 12

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 28 May 2013 - 09:25 PM

View Postbaavgai, on 28 May 2013 - 07:05 AM, said:

The computational complexity of a hashing algorithm will not save you from hackers, because it still has to be simple enough to actually use.

But the computational complexity of public key cryptography will?

I just wanted to understand the thrust of the argument for using public key cryptography for logins. Won't the public part of the key still be retained in some database (whether encrypted or not)? So let's say a hacker manages to get access to the database. Is the argument that it doesn't matter since it's a public key anyway, anybody could attack it irregardless of whether it was kept in the private database or not? Is all the security then based on it will take a lot longer to determine the private key based on the public key even with a known plaintext attack or chosen plaintext attack?

Minor follow-up: Did some reading and it looks like that RSA stands up well to known plaintext and chosen plaintext attacks. So just like with the MD5 case, somebody will have to brute force the factorization to determine the private key based on the public key.

This post has been edited by Skydiver: 28 May 2013 - 09:57 PM

Was This Post Helpful? 0
  • +
  • -

#11 baavgai  Icon User is online

  • Dreaming Coder
  • member icon

Reputation: 5780
  • View blog
  • Posts: 12,594
  • Joined: 16-October 07

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 29 May 2013 - 04:01 AM

I'm not following. It's not a question of computational complexity for things like RSA so much a search domain.

You've stolen my public key. Now what? I'll give it to you, no worries. But in order to make any use of it, you'll need to figure out my private key. So, you start generating private keys and feeding them some text to see if they're good.

Here's my public key:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDxENP/Jfd+IUQiYdjLif92h+zWxPL/2aBKUW/PtFNlDaebMay751C2jWqhsFLJtrBtOuM1sf5LCFFPN8hmpRs6VTqCIiK0ft5Ko8bx6Swal2iD4g07Ys8ePOcKGT00et2UXu0uT2BL4zP5VXIcFF95QLKer5TO1zbzoe4H/KxgvsC1nMLypGIl6CkemgD7ZTB50moeziHaqCiRM9l0HpUeS0tbi0fcNi7gBsFA6XhZix8q73xiwGomEyztVBBg7GYIzb345cf/1dJecvXfeEYDOyODdUVI6LEktp4acAA5nkkhAjZP/fxciZt7yt4atrIqHBCW7HIGVy53mb9GqQE9 baavgai@DIC



You now need to generate all possible private keys and run a test... It's "salted," that is it has a pass phrase, so no real assumptions can be made. No dictionary will help you. No logic can be applied to significantly reduce the possibles.

You will have to run through every valid combination until you hit this:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,4BF0D9C73AF424CCC7684EB4C585F151

dvC6cctpluChCYCUfYcSwkXeVGEIHbQk5eOYucMTdR5A7LkAMyN0nzaOjZaTDiZ0
POCPE7VCJLmW3i2Q8NO2bDuweLwDD6nwenWzetO3SDJON01Gp9kAoVLaW68HKEj+
rMYe9rsyRLPwD+tqypVZlzSJWpN3R3vis77//UmoY9Kum785PqVvl5EKPwKQHHBO
6kVT5dnr67UsJO69kNESrg2ctLnSqiKZMVyC6KvZB67ezO6Xg1szoTQLM5av0GE8
OB42npL3mXVHpMpQRL8vlWLTEqV3QO+etKVtc514cQvbTUaAM3oSQnpq/EPhWe3F
28zGBMnubKfFZRt3zNuL2ces8aR5TWxLGcS8pY9GqFRPFGB4Bf4iJ07AFzHC2U7c
1br4ZpTFQNw0l3xJ9dpEg4QyAIpCQ/vR/b6AQVWn32/WUdVfvyMlZNWAnTkVi9OD
DQ2UrtctbyG7klp+Q1pFBE3d67q/mnYpCCOZUHXKnjTq+Eu2kTDBN/sl0Mfm2cm1
hq5zPwx5NxsTd69Ami3ZzZjgZmnDcp5Y9Ga3f4qRckSza1G/xd2XOKay+oXisE+O
UGUt5bcIcAVoIdYxP46nMTbvnU9C1w7tDv/8tw3LN1IRWT76qoNLu5Oo8rB0TFra
0wBS4zk3Cyar5Ai7Du1gNJh1T/gycht0RghE5Yz3sovZ2Q98nUzfxFqkdjCWfaRu
SK5m5vgtfJNG1QydEqZsVleTxp6eja/qg9jUpHHyR5dAvJ8TuCcyXeTpedPGZy/X
pf0NHhCsGVxCgEEwUccss7WoGq2MW6iC+xCjpExzkJaZVHj8O5HAo8brJ3reb07V
8cpjNt68yWiiX/U1bEWSzd+irrKBJoHIinXDgHzeeUH2r3KJsmG14febWkCpMc7c
5PedjA7g9+bYb4Mpp4uEHy2s7tcH4oRn9oInWN43VQte4mYo6saofSyeO4yuOZP5
wl1CUndmLUae7oH8PXC1u7Eju8Sw4HgfJyUZyIQe97w7SRmcrjN+09nFn1OT2YtC
NcLCZEqRxYVtmWDQ0ld+rkRX/HIwXo0VUj67ZiYTg0I5Od3+3+x8YpFS4gXEV/S0
trTUeRVCFWbJ7WLfuXR6GYxbHAUCgkK9IqDqr6IIp7tt2EXLXEd/LFarXBlL/9AS
yfRnqw0UZmVmmM2iNtTPRBO+CR5bu1A4FpRhvOi9CSAFRtUAhUEWgRGNFl6G9DjT
DTfMNKS0lCKz/QJhwOtVyvaEI6SgNszkiZZgQtgTxK9MTZ5eIDZuWsudJk437qKR
wL2cZslnT83opwzDfBvawrthNIJzv14q3hkMQzP3E1hiXEKbteJvftOdUj8xj8uU
nRiKnv2kawBcZFU8bEZJJ4po54YcVnDlFCdsvsKoBX6cTPNCPUHX23n39axXrE83
gU86JFUM014DzmXRKdbKbzH0kxblW9OVvwEyCdBCd5LIlAnMjsw4MulazfVAJ+t5
CnTPcVwW/RJWqLR9QrqmM/mB64bIDjtIs2ERIl7SyU7Rb0oN08hC/siaCok3pKoE
cmhL/Gnxb5pe/1Z9OqDTMWPUasZ0RqEj3W+k4fTfrr8CE8sTmT4HdYFMIeMd1Vf7
-----END RSA PRIVATE KEY-----



Good luck with that.
Was This Post Helpful? 4
  • +
  • -

#12 Skydiver  Icon User is online

  • Code herder
  • member icon

Reputation: 3469
  • View blog
  • Posts: 10,691
  • Joined: 05-May 12

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 29 May 2013 - 06:08 AM

But it's not that every private key that must be tested... There are some constraints on what the private key can be based on the public knowledge of the modulus n. If n can be factored, then the private key can be solved for. So far, though, factoring of large numbers is hard and it is this that provides the large search space.

(I'm weak at math, so I tend to just follow the general concepts rather that the mechanics, so I'm sorry if I'm being vague.)

Anyway, if it's a matter of search space, why not require longer passwords, but continue to use a hash? Our schools often require us to memorize (at times useless) things. Why not memorize a song, a personal manifesto, a favorite song and use that as a password? But then we hit the stumbling block of having to type in that extra long password each time. :)

I do like this quote:

Quote

The basic truth is that, in order to find the factors of a composite number, we're pretty much stuck with using brute force: Divide the number by all the primes you can get your hands on until one of them goes in evenly. There are plenty of ways to improve on this approach (the Number Field Sieve currently being the best), but they are complicated, and all they do is allow you to narrow the scope of the search. They don't reduce the search enough to make this problem tractable in general.

http://www.muppetlab...ox/txt/rsa.html

I guess, my main complaint is that just 20 years ago, people said that password hashes are "secure" because it would be too expensive to do a brute force attack because it would take too long, yet with disk space and bandwidth becoming cheaper, rainbow tables have become viable means of performing a brute force attack. e.g. Let somebody else precompute the hashes and all you need to do is compare and hope you get lucky. And as the article at the beginning of this topic had shown, even computing power has become cheap enough to do a brute force even without the rainbow tables. What if we had access to some 3 letter agency's collection of primes to treat as a prime number equivalent of a rainbow table?
Was This Post Helpful? 0
  • +
  • -

#13 Michael26  Icon User is offline

  • DIC-head, major DIC-head
  • member icon

Reputation: 349
  • View blog
  • Posts: 1,502
  • Joined: 08-April 09

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 29 May 2013 - 06:47 AM

Quote

The five-server system uses a relatively new package of virtualization software that harnesses the power of 25 AMD Radeon graphics cards. It achieves the 350 billion-guess-per-second speed when cracking password hashes generated by the NTLM cryptographic algorithm that Microsoft has included in every version of Windows since Server 2003.

http://arstechnica.c...ord-in-6-hours/
When i see articles like that i think to myself
"Can't you limit the password guessing to only 3 times, and if that fails start over."

Does that make sense?
Was This Post Helpful? 0
  • +
  • -

#14 no2pencil  Icon User is offline

  • Toubabo Koomi
  • member icon

Reputation: 5182
  • View blog
  • Posts: 26,886
  • Joined: 10-May 07

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 29 May 2013 - 06:56 AM

View PostMichael26, on 29 May 2013 - 09:47 AM, said:

"Can't you limit the password guessing to only 3 times, and if that fails start over."

If the database list of passwords is captured, it can be pulled locally. There the entire login process can be recreated & replicated.

Then the correct password is only used once on the live server.
Was This Post Helpful? 1
  • +
  • -

#15 baavgai  Icon User is online

  • Dreaming Coder
  • member icon

Reputation: 5780
  • View blog
  • Posts: 12,594
  • Joined: 16-October 07

Re: [Link] Why You Don't Use MD5 For Passwords

Posted 29 May 2013 - 08:19 AM

View PostSkydiver, on 29 May 2013 - 09:08 AM, said:

(I'm weak at math, so I tend to just follow the general concepts rather that the mechanics, so I'm sorry if I'm being vague.)


Me too. But, I do struggle on. Particularly if it caches my interests.

Something odd about some really strong cryptography is that it is JUST math. As programmers, we tend to think of data as a collection of bytes. If programming encoders, we often automatically think in terms of manipulating those bytes. Many standard hash algorithms work on streams of bytes. But for encryption...

Instead of bytes, take all those bits and make one giant integer out of it. Now play math games with your giant number. Then send the giant number back to bytes.

The many encryption schemes rely on this fact:

Quote

The most difficult integers to factor in practice using existing algorithms are those that are products of two large primes of similar size, and for this reason these are the integers used in cryptographic applications. The largest such semiprime yet factored was RSA-768, a 768-bit number with 232 decimal digits, on December 12, 2009. This factorization was a collaboration of several research institutions, spanning two years and taking the equivalent of almost 2000 years of computing on a single-core 2.2 GHz AMD Opteron. Like all recent factorization records, this factorization was completed with a highly optimized implementation of the general number field sieve run on hundreds of machines.
-- http://en.wikipedia....r_factorization


In related news, Google is investing in quantum computers: http://www.usatoday....mputer/2358423/

How is this related? Turns out, the only really interesting thing they've managed to do with a "quantum" computer thus far is, wait for it, factor really big numbers. More here: http://en.wikipedia....r%27s_algorithm

The connection isn't really being noted by the media. Theoretically, a working quantum computer could crack most encryption with little effort. But why would the company in command of so much internet traffic be interested in that?
Was This Post Helpful? 2
  • +
  • -

  • (3 Pages)
  • +
  • 1
  • 2
  • 3