lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 25 Feb 2010 11:36:17 -0500
From: Dan Kaminsky <dan@...para.com>
To: Michael Neal Vasquez <mnv@...mni.princeton.edu>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: EasyJet is storing user passwords in the clear

We agree completely on the 70%.  Re, the 30%--

Salting makes the biggest difference on large datasets, just because even
for 1000 different users you're now working 1000 times faster.  Algorithm
choice matters less.  The speed difference between MD5 and SHA-1 isn't that
significant though:

$ openssl speed md5
Doing md5 for 3s on 16 size blocks: 2985670 md5's in 2.96s
Doing md5 for 3s on 64 size blocks: 2931714 md5's in 3.04s
Doing md5 for 3s on 256 size blocks: 2063380 md5's in 2.98s
Doing md5 for 3s on 1024 size blocks: 956809 md5's in 3.03s
Doing md5 for 3s on 8192 size blocks: 157650 md5's in 2.98s

$ openssl speed sha1
Doing sha1 for 3s on 16 size blocks: 3088016 sha1's in 2.98s
Doing sha1 for 3s on 64 size blocks: 2818497 sha1's in 3.00s
Doing sha1 for 3s on 256 size blocks: 1814907 sha1's in 3.01s
Doing sha1 for 3s on 1024 size blocks: 751942 sha1's in 2.98s
Doing sha1 for 3s on 8192 size blocks: 116496 sha1's in 2.98s

PBKDF2, which basically runs the hash function in a loop, can make a
difference.  But at the end of the day, a leaked password database is bad
news, hashes or not.

On Thu, Feb 25, 2010 at 11:31 AM, Michael Neal Vasquez <
mnv@...mni.princeton.edu> wrote:

> If I reread your statement, and take it as "70% of people's passwords
> suck"  -- I'd have to agree.  I'd say though, for the remaining 30%,
> algorithm choice, even without salting, can make a difference.  My password
> audits go much quicker when LM is enabled, vs NTLM.  Same for MD5 vs SHA1.
>
>
> On Thu, Feb 25, 2010 at 9:07 AM, Dan Kaminsky <dan@...para.com> wrote:
>
>>
>>
>> On Thu, Feb 25, 2010 at 10:39 AM, Michael Neal Vasquez <
>> mnv@...mni.princeton.edu> wrote:
>>
>>> On Thu, Feb 25, 2010 at 8:05 AM, Dan Kaminsky <dan@...para.com> wrote:
>>>
>>>> Sai,
>>>>
>>>>    I see where you're coming from, but what are the most recent
>>>> statistics on the effectiveness of hash cracking?  Isn't it something like
>>>> 70% of the passwords in the field can be cracked with a minimal amount of
>>>> brute forcing?
>>>>
>>>>
>>>
>>> 70% ?
>>>
>>> Plain MD5 perhaps, but I don't think salted, or sha1, etc, have anywhere
>>> near such high success rates.
>>>
>>
>> The problem isn't in the algorithm -- it's in the passwords themselves.
>> Salting helps in that the attacker can't amortize the work effort across the
>> entire population, but at the end of the day, even PBKDF2 isn't going to do
>> much against 1234567890 and its ilk.
>>
>> To put it another way, if EasyJet *did* have a breach, they couldn't very
>> well say "It's OK, because the passwords were hashed".
>>
>
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ