Jump to content

Passwords and you

Linguica

By Linguica
in Doom General

Recommended Posts

Linguica   

Linguica
Posted

In the beginning, programmers who didn't know any better would store user passwords directly:

INSERT INTO tbl_userinfo(password) VALUE('my_password');
This was easy and convenient, but the problems are obvious: if anyone can get a peek at the database, they will instantly have possession of every single password in it.

After not too long, everyone agreed that the best way to store passwords was not the password itself, but the result of a one-way hash function - the idea that you run the password through some special code, and you get out some random-looking gibberish. Then you store the result, and then when you want to verify a password, you take what the user sends you, run it through the same special code, and compare the output to the stored previous output.

The early years of this practice often saw code like this:
INSERT INTO tbl_userinfo(password) VALUE(MD5('my_password'));
This superficially seems ok: instead of "password", you store "5f4dcc3b5aa765d61d8327deb882cf99" which is just a meaningless string of characters. Pretty good, right? Well, no. The biggest, most obvious problem with this is that the same password always hashes to the same result, so everyone using "password" as their password has the same hash. It soon became possible around, oh, say 2002 or 2003, to download big files called rainbow tables where you could quickly look up a given MD5 hash and find the password that produced it.

So next people thought, well, instead of storing the password, why not obfuscate the password first, by, say, adding a secret string of characters to the end BEFORE hashing it? E.g.:
INSERT INTO tbl_userinfo(password) VALUE(MD5(CONCAT('my_password', 'some_secret_salt')))
So now instead of having to look up the hash for "password" you would have to find the hash for "password%XrrS0$wgz&N" or whatever, which would be far more difficult. And this worked OK for a while, except for a few (you guessed it) major problems. The most obvious of these was that, once again, two passwords in the same system would resolve to the same hash value. So if an attacker got the userinfo table and noticed that 1% of all passwords were of a certain hash, he would know that all those users were probably using the same extremely obvious password, and go from there to crack their accounts. The second obvious problem is if an attacker got a hold of the secret salt value - which is not hard to imagine a hacker being able to find - they could use it to try their own offline bruteforcing of common passwords.

So then people thought: well, what if we give each password a completely random salt value, and then store the resulting hash along with the random salt? That way even if an attacker gets a hold of the entire userinfo table, they can only attack a single password at a time, since the salt for each one is totally different:
INSERT INTO tbl_userinfo(password) VALUE(CONCAT(MD5(CONCAT('my_password', 'some_random_salt')), 'some_random_salt'))
And this is good! This is the right way to be storing user passwords! Except, of course, that it forgets to account for the inexorable march of technology - namely, that cracking MD5 hashes is super easy nowadays. As part of the, uh, peace dividend of enormously powerful GPUs for our Call of Duties, some smart people have figured out how to write MD5-hashing programs that run on GPU hardware, resulting in obscenely fast, obscenely parallel MD5 hash crackers that can search the entire possible MD5 hash space in the order of hours or days.

So to combat this, crypto experts nowadays strongly suggest that anyone storing user passwords no longer use simple hashing algorithms like MD5 at all, but something like bcrypt, which uses the proper trend of random salts for all hashes, but is also a much more complex, slow, and memory-dependent algorithm, and which, in particular, is not something that can easily be sped up by custom hardware.

==========

All this is just a long-winded discursion from the fact that a few weeks ago I decided to go through the forums code and upgrade the password security to a more modern and secure method (namely, bcrypt). I was expecting to have to go through and replace a bunch of salted-hash MD5 functions or what have you, since that's what vBulletin programmers circa 2002 were surely using to secure passwords, right?

...

.....

Long story short, I was absolutely mortified to discover that the Doomworld forums stored the bare MD5 hash of the password. No salting - not a secret salt, not a random salt. No salt AT ALL.

So that immediately became my weekend project, and I quickly went through and rewrote all the password-handling code to use a proper modern hashing algorithm, and batch-converted everyone's password hashes in the database over to this new format (which means, if you're paying attention, that it bcrypt-hashed the MD5 hash of the password, but that's of no consequence). I also made sure that everyone's forum cookie, which stores the password hash, would be updated the next time they visited the site.

So that's where we are now - if you're logged in and you're reading this, your cookie now has the new secure hash, and everyone's password hash in the database is stored in the new version. The old bare MD5 hashes have also been present the last few weeks so that people could seamlessly have their cookies update from the old hash to the new hash, but those have been permanently deleted as of right before I posted this thread, so they're gone forever.

So anyways, yeah, that's that. I feel that I should mention that this means that for the past how ever many years, your forums password was in an easily-recoverable form to anyone who might have managed to gain access to the forum database. Obviously everyone is using a unique password for the DW forums and changes it often and never uses the same password for their bank accounts, so this isn't really a problem... RIGHT? But it's something you should be aware of.

Also, just before I deleted all the MD5 hashes for good, I figured I should run a little analysis of the most common DW forum passwords, just for posterity:
SELECT password, COUNT(*) FROM tbl_userinfo GROUP BY password ORDER BY COUNT(*) DESC LIMIT 10

5f4dcc3b5aa765d61d8327deb882cf99 	67
efe6398127928f1b2e9ef3207fb82663 	55
e10adc3949ba59abbe56e057f20f883e 	50
d8578edf8458ce06fbc5bb76a58c5ca4 	27
5f4dee86fdd3db47a041d0345b7aaa50 	22
82e4010701956651c3f653309879aec4 	18
4b51ffe5300dd675c58b126231f1dda4 	18
b4f945433ea4c369c12741f62a23ccc0 	15
827ccb0eea8a706c4c34a16891f84e7b 	13
d9b23ebbf9b431d009a20df52e515db5 	12
You will notice that the most common password on the forums, with 67 users having it, has the MD5 hash of 5f4... hey wait that sounds familiar... oh right, it's the MD5 hash of "password". I should have figured. I leave the rest as an exercise for the Googler, er I mean reader.

0

Share this post

Link to post

andrewj   

andrewj
Posted

Third most popular password is "123456" -- just testing with: echo -n XXX | md5sum

Heh "doomworld" is another one.

And "doom" lol.

0

Share this post

Link to post

chungy   

chungy
Posted

Your third example of storing passwords still isn't really enough. Ideally, you want it stored in a table inaccessible by the forum software (say, by the database superuser) and can only be accessed through functions that login and set the password if the software passes in some other value (such as an email address) which is likewise secret to its eyes.

But hey, it's a start.

0

Share this post

Link to post

Linguica   

Linguica
Posted
chungy said:

Your third example of storing passwords still isn't really enough.

Did you just stop reading there? Yes, it is not enough, and it is considered bad practice to do so nowadays in any event.

0

Share this post

Link to post

printz   

printz
Posted

Good for you. At least Doomworld has been hashing passwords on its database instead of storing them in plain text as I feared. But surely enough, at least when Doomworld was still HTTP, maybe even now but I'm not sure, passwords were indeed sent in clear text during log-in and registration and other operations.

0

Share this post

Link to post

andrewj   

andrewj
Posted
Linguica said:

I don't know if this was on purpose, but google the hash of the 6th most common password in that list...

That was no coincidence.

0

Share this post

Link to post

Graf Zahl   

Graf Zahl
Posted

Well, good to know that the password I am using here is something I do not use anywhere else. ;)

Unbelievable, though, that there's still some fools using 'password' or '123456' or stuff like that. Don't you read anything about security?

Can't the forum software just block such passwords? To hack such an account all an attacker needs is the forum members database and then try to log in with such a common password until they find an account with no protection.

0

Share this post

Link to post

Graf Zahl   

Graf Zahl
Posted

I haven't changed mine in 13 years. But since I only use it here, someone has to hack this forum in order to get it (and logically cannot do any harm on other sites where I have an account.)

0

Share this post

Link to post

GreyGhost   

GreyGhost
Posted

The first small office server I found myself placed in charge of was running on a locally assembled "Imperial" brand PC, guess what the Admin password was?

Graf Zahl said:

Well, good to know that the password I am using here is something I do not use anywhere else. ;)

Meh - I've known people who insisted on using the same password EVERYWHERE, usually for the convenience having to only memorise one password.

0

Share this post

Link to post

Da Werecat   

Da Werecat
Posted
GreyGhost said:

The first small office server I found myself placed in charge of was running on a locally assembled "Imperial" brand PC, guess what the Admin password was?

Was it b6u2tt45bol4l3oc6ks??

0

Share this post

Link to post

fraggle   

fraggle
Posted

Good job. I also noticed that you quietly switched the whole of Doomworld over to https: recently - thanks for that.

0

Share this post

Link to post

Linguica   

Linguica
Posted
fraggle said:

Good job. I also noticed that you quietly switched the whole of Doomworld over to https: recently - thanks for that.

Not the WHOLE thing, just the forums and the /idgames db, although I guess that amounts to pretty much everything that matters. The rest is still defaulted to HTTP, mostly because I haven't bothered going through and fixing all the links.

0

Share this post

Link to post

fraggle   

fraggle
Posted

You might be able to configure the server to all the redirects automatically - that's what I did for my site. Configuration looked like this (I'm using lighttpd, no idea what Doomworld is using):

  $HTTP["scheme"] == "http" {
    $HTTP["host"] !~ "^insecure\." {
      url.redirect = (".*" => "https://soulsphere.org$0")
    }
  }

0

Share this post

Link to post

<inactive>Player Lin   

<inactive>Player Lin
Posted
GreyGhost said:

Meh - I've known people who insisted on using the same password EVERYWHERE, usually for the convenience having to only memorise one password.



I admit I only use one password(with minor changes) because I hate it when I forgot my password over and over and over again(yeah, it always happens after months later), and I don't like wrote down my password on other place...

Except I have to "faceroll on my keyboard" for those sites needed longer length or extra symbols of password...

0

Share this post

Link to post

NuMetalManiak   

NuMetalManiak
Posted

heh, I've always wondered why most people can't come up with decent passwords and always use the least secure ones. I've grown to know that most forms I input a password on require an uppercase letter, a lowercase letter, a number digit, and a fixed length of characters, usually 8 or so. some sites take it much further and make you type a special character like ! or something, and these sites are often the same ones that make you change a password every 80 days or so.

I usually have two types of passwords, one for work-related stuff and one for being elsewhere online (like here). They're both secure enough for me, since I'm not picking the lame common ones. Heck, I never change my leisurely password.

0

Share this post

Link to post

The_MártonJános   

The_MártonJános
Posted

My passwords are alterations of my nickname so otherwordly creatures who can communicate in passwords only would still be aware of how popular and awesome I am. ^^
*Turns ego off* But parallel universes don't even exist. :c

0

Share this post

Link to post

Brad_tilf   

Brad_tilf
Posted

Probably good, then, that my password here is literally the ONLY place I use that password. So, hack away I guess. I generally (for the really secure stuff) use a random password generator algorithm to create these unbelievably complex passwords that even (hopefully) a super computer can't crack but just to be on the safe side, I also use a program to encrypt each key stroke at the hardware level to prevent the individual keys from being discerned (in the event of a keylogger attack).

0

Share this post

Link to post

40oz   

40oz
Posted

Does the passwords list include banned members too? There have been a lot of ban evasion accounts and people who signed up with destructive intentions.

0

Share this post

Link to post

riki2321   

riki2321
Posted
jval said:

Interesting, "qwerty" is less popular than "qweqwe" ....

oh wow your avatar is the same as mine

on topic : woah i didnt believe that it was more famous for qweqwe, i remember when wifi used password z1x2c3v4b5n6m7, we never got problems with our wifi.

0

Share this post

Link to post

Jon   

Jon
Posted
Linguica said:

Long story short, I was absolutely mortified to discover that the Doomworld forums stored the bare MD5 hash of the password. No salting - not a secret salt, not a random salt. No salt AT ALL.


Heh. I knew this, because some aeons ago I gave a hash of my password to arioch to update the DB manually because I couldn't get the reset to work. I had a feeling it was on your hit list :)

Edit: and that password was not my current/last one, for what it's worth; but I've taken the opportunity to refresh my current one anyway. I use 1password and recommend it to any Mac users.

(which means, if you're paying attention, that it bcrypt-hashed the MD5 hash of the password, but that's of no consequence).


That's a neat trick to do all this w/o requiring people to reset. Before I got to that I wondered if you just cracked them all first.

0

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...