he/she has a point though.
these days any password breach has usually come from a site being compromised and the hacker gaining access to the user database rather than your actual password being guessed/cracked.
Getting the user database only gets you the hashed passwords. You still have to crack them.
he/she has a point though.
these days any password breach has usually come from a site being compromised and the hacker gaining access to the user database rather than your actual password being guessed/cracked.
Yeah a process I covered in detail in post #35.
The password still needs to be cracked even when the use database is stolen.
I think wading in to a two page thread assuming that you can correct everyone without reading any of the posts is a little naïve.
Particularly when you are wrong and the information you need is already in the thread.
A polite comment would have sufficed to further the discussion. Over inflated ego, is a terrible thing to live with. You probably think people like it.
Actually, with the advent of GPGPU, OpenCL etc, using the power of massively parallel graphics cards has made brute-forcing quite practical again.
Indeed, but almost all sites will lock out brute force and if you use 2-factor then it becomes irrelevant. Plus, most use dictionaries not random strings, so it's best to use a psuedo-random string.
What you're biggest risks are, are people guessing it (so don't use anything obvious) and phishing, so don't be an idiot.
A polite comment would have sufficed to further the discussion. Over inflated ego, is a terrible thing to live with. You probably think people like it.
There is simply no call for that kind of rudeness or personal attack.
Indeed, but almost all sites will lock out brute force and if you use 2-factor then it becomes irrelevant. Plus, most use dictionaries not random strings, so it's best to use a psuedo-random string.
What you're biggest risks are, are people guessing it (so don't use anything obvious) and phishing, so don't be an idiot.
In my view the biggest risk is a website losing it's password and email database. Someone cracking your password off line then using those login details to login to other sites. Incrementally gaining access to your email, PayPal, banking until they completely own you.
................
There is also of course no way to know how a password was generated when you are trying to crack it.
Obviously, but that doesn't stop anyone making guesses about how passwords could be formed, and generating 'dictionaries', for want of a better word.
Incidentally, is there anything in the encryption method to enforce a 1:1 relationship between the password and the encrypted version? Because if a many-to-one is possible, a hacker doesn't need to have the actual password, merely a password which gives the same result.
Obviously, but that doesn't stop anyone making guesses about how passwords could be formed, and generating 'dictionaries', for want of a better word.
Incidentally, is there anything in the encryption method to enforce a 1:1 relationship between the password and the encrypted version? Because if a many-to-one is possible, a hacker doesn't need to have the actual password, merely a password which gives the same result.
There is no way to generate a hash of fixed length that is completely collision resistant. Obviously really because otherwise you could encode an entire book in to one 128 bit hash. But it is likely that in the space we are talking about there are not many collisions. Especially where the password is shorter than the hash.
Sure you have dictionaries and attack strategies for password cracking. Password lists. Brute force. But compounding four dictionary words is not something I have seen. And even if it's in someone's plan where would it be. And there are still a lot of combinations. Like I say four dictionary words has the same entropy as 11 alpha numerics. And that is before you throw in the odd capital.
If you've not heard of hashing and salting i guess you've never heard the TWit Security podcast
If you've listened to one of those episodes you would have heard both those terms!
No I hadn't really heard of those before.
Although I had heard the term "hash" in respect of using an MD5sum to verify an ISO download, for instance. But hadn't really thought about what it was or how it related to security.
Incidentally, is there anything in the encryption method to enforce a 1:1 relationship between the password and the encrypted version? Because if a many-to-one is possible, a hacker doesn't need to have the actual password, merely a password which gives the same result.
Hashing takes a large input and reduces it to a smaller input, so by its very nature there has to be collisions. It can't be a 1:1 relationship. The question is how likely are such collisions to occur, and is it possible to (easily) deliberately generate collisions?
MD5 in particular suffers from this. Given an MD5 digest it is possible to generate an input that will generate that digest. This isn't the same as decrypting the MD5 hash - the input string will very likely not be the original password - but it will match when used as the password.
Because of this MD5 is broken for serious cryptographic work, and not recommended for password hashing.
Hashing takes a large input and reduces it to a smaller input, so by its very nature there has to be collisions. It can't be a 1:1 relationship. The question is how likely are such collisions to occur, and is it possible to (easily) deliberately generate collisions?
MD5 in particular suffers from this. Given an MD5 digest it is possible to generate an input that will generate that digest. This isn't the same as decrypting the MD5 hash - the input string will very likely not be the original password - but it will match when used as the password.
Because of this MD5 is broken for serious cryptographic work, and not recommended for password hashing.
all of that is undoubtedly true but i think it may somewhat overstate the case.
passwords using the full suit of characters a-z A- Z 0-9 and !"£$%^&*()}{@:<>? have a little over 6bits of entropy. the md5 hash is 128 bits so unless a password is over 20 notably over characters long you are still better off attacking the password than looking for a collision. in the space where the input is small compared to the hash there are, i believe, only a handful of collisions.
there is some weakness in md5 that give a preimage attack (one where you are trying to find something that has a hash the same as one you are looking for) 2^123.4 complexity rather than the 2^128 that it should be. it's still not the best way though because you would much rather find the actual password.
the whitepixel project with 4 GPU's managed 33billion md5/s, even using the preimage attack the idea that md5, for password hashing at least is broken is largely theoretical.
so yes the NSA probably have a rainbow table that allows them to look up md5 hashed passwords. but what is feasible... lets say they can put 10,000 gpus to the task and run it for 5 years giving them 13,008,600,000,000,000,000,000 or 10^22 hashes that they could look up instantly it's still only a 12 digit alpha numeric or 11 digits with symbols.
If you're the NSA/GCHQ etc you can just bypass all this password crap and visit a tame judge and get a warrant and extract all the data you want at your leisure
What I'm talking about is a collision attack. Due to flaws in the design of md5, there is a collision attack that takes seconds to run on typical home hardware. This isn't an attack on the password itself - you don't end up with the plaintext password, but rather with an input that can be used to fool a password check using an md5 hash.
Thanks flagpole and ianx, but now you're getting way beyond my level of comprehension. I'm not worried about it, though - an explanation is unnecessary.
What I'm talking about is a collision attack. Due to flaws in the design of md5, there is a collision attack that takes seconds to run on typical home hardware. This isn't an attack on the password itself - you don't end up with the plaintext password, but rather with an input that can be used to fool a password check using an md5 hash.
it says they can find collision pairs in 2^26.3 (rather than 2^64 which it would be for brute force) not that they can find something with a specific hash in that time.
it's an interesting paper but it does not speak to hashed passwords.
and even if you could find a reverse hash in short computational time it wouldn't help with salted passwords. or other sites with different salts and or algorithms.
Comments
Yeah a process I covered in detail in post #35.
The password still needs to be cracked even when the use database is stolen.
A polite comment would have sufficed to further the discussion. Over inflated ego, is a terrible thing to live with. You probably think people like it.
Indeed, but almost all sites will lock out brute force and if you use 2-factor then it becomes irrelevant. Plus, most use dictionaries not random strings, so it's best to use a psuedo-random string.
What you're biggest risks are, are people guessing it (so don't use anything obvious) and phishing, so don't be an idiot.
There is simply no call for that kind of rudeness or personal attack.
In my view the biggest risk is a website losing it's password and email database. Someone cracking your password off line then using those login details to login to other sites. Incrementally gaining access to your email, PayPal, banking until they completely own you.
Obviously, but that doesn't stop anyone making guesses about how passwords could be formed, and generating 'dictionaries', for want of a better word.
Incidentally, is there anything in the encryption method to enforce a 1:1 relationship between the password and the encrypted version? Because if a many-to-one is possible, a hacker doesn't need to have the actual password, merely a password which gives the same result.
There is no way to generate a hash of fixed length that is completely collision resistant. Obviously really because otherwise you could encode an entire book in to one 128 bit hash. But it is likely that in the space we are talking about there are not many collisions. Especially where the password is shorter than the hash.
Sure you have dictionaries and attack strategies for password cracking. Password lists. Brute force. But compounding four dictionary words is not something I have seen. And even if it's in someone's plan where would it be. And there are still a lot of combinations. Like I say four dictionary words has the same entropy as 11 alpha numerics. And that is before you throw in the odd capital.
My point exactly......Suggest you reflect on your post if that's how you feel...
If you've not heard of hashing and salting i guess you've never heard the TWit Security podcast
If you've listened to one of those episodes you would have heard both those terms!
No I hadn't really heard of those before.
Although I had heard the term "hash" in respect of using an MD5sum to verify an ISO download, for instance. But hadn't really thought about what it was or how it related to security.
MD5 in particular suffers from this. Given an MD5 digest it is possible to generate an input that will generate that digest. This isn't the same as decrypting the MD5 hash - the input string will very likely not be the original password - but it will match when used as the password.
Because of this MD5 is broken for serious cryptographic work, and not recommended for password hashing.
all of that is undoubtedly true but i think it may somewhat overstate the case.
passwords using the full suit of characters a-z A- Z 0-9 and !"£$%^&*()}{@:<>? have a little over 6bits of entropy. the md5 hash is 128 bits so unless a password is over 20 notably over characters long you are still better off attacking the password than looking for a collision. in the space where the input is small compared to the hash there are, i believe, only a handful of collisions.
there is some weakness in md5 that give a preimage attack (one where you are trying to find something that has a hash the same as one you are looking for) 2^123.4 complexity rather than the 2^128 that it should be. it's still not the best way though because you would much rather find the actual password.
the whitepixel project with 4 GPU's managed 33billion md5/s, even using the preimage attack the idea that md5, for password hashing at least is broken is largely theoretical.
so yes the NSA probably have a rainbow table that allows them to look up md5 hashed passwords. but what is feasible... lets say they can put 10,000 gpus to the task and run it for 5 years giving them 13,008,600,000,000,000,000,000 or 10^22 hashes that they could look up instantly it's still only a 12 digit alpha numeric or 11 digits with symbols.
http://www.win.tue.nl/hashclash/On%20Collisions%20for%20MD5%20-%20M.M.J.%20Stevens.pdf
that is not what the paper says.
it says they can find collision pairs in 2^26.3 (rather than 2^64 which it would be for brute force) not that they can find something with a specific hash in that time.
it's an interesting paper but it does not speak to hashed passwords.
and even if you could find a reverse hash in short computational time it wouldn't help with salted passwords. or other sites with different salts and or algorithms.