Always New Mistakes

December 18, 2007

Do you know how to manage your application’s passwords?

Filed under: Security — Tags: , , , , , , , — Alex Barrera @ 3:52 pm

With the increasing popularity of blog platforms like WordPress or TypePad, security has become a major issue. This is the first of a two part series of posts I’m writing about password security schemes. In this post I’m going to introduce some cryptography notions and some general approaches to password security.

First of all, I’m going to explain how do most password schemes work. A user creates an account on the application (let it be web or desktop) giving, among other details, a user name and a password. The application then takes this user name and password and stores it, usually, in a database. At this point there are two approaches. The first one, pass1and the easiest, is to store the user name and password as is in the database. A password that hasn’t experience any transformation, like in this case, is called a clear text password. Hence the method is called, clear text password storage. It’s an easy method, as you just have to retrieve the password for a given user and compare it, character by character with the one a user is giving you as part of his login. If they match, the user is allowed in the system. The problem with this method is that if anyone has access to the database where the passwords are stored, either via a legit way or not, it’s game over. The second method tries to avoid the previous problem with the use of a hash function. And what is a hash function? Well, it’s a mathematical function, used extensibly in cryptography. What it does is, it takes an input, let it be a string, and produces a unique fixed length string of gibberish which receives the name of hash. The key is that first, for the same string, it produces the same output (theoretically), and second, it’s a one way function, meaning that it’s very easy to compute the hash given an input, but it’s computationally unfeasible to retrieve the original input, given the hash. As an example:

md5sum(“AlwaysNewMistakes”) = 76dc83e4e19a1fd01bac6fbdfec92a27

You can try this at home, and you’ll see that every single time you input that string, you’ll obtain the same hash. There are several well known hash functions like md5, sha1, sha2 or blowfish. Each of them are different, and for the same input they’ll produce a different hash, so for example, an md5 hash won’t be “compatible” with an sha1 hash:

sha1sum(“AlwaysNewMistakes”) = e91972ddd17e1dd9dc3ede454fc652f3e2fe236f

Well, back to our subject. As I was saying, the second method uses a hash function to obfuscate the password. So, right before the password is stored in the database, it’s process through a hash function (usually md5) and instead of storing the password, it’s the hash of the password what gets stored. Let’s remember that theoretically, there can only be one hash for that password. So, when a user needs to login, the system takes the user’s password, generates a hash for it and then retrieves the one stored in the database and compares both:

IF md5(stored_password) == md5(user_input_password) THEN ACCESS!

So, with this approach, if someone tampers with the database where the passwords are stored, they won’t have the passwords, just the hashes. The intruder will need to find the string that generates that hash, and as I said before, hash functions are one way, so it’s impossible to retrieve the original string from the hash. Now, this method is way cooler than the first one, much more secure and pretty inexpensive to implement. But, as you’ve already figured, it still has some problems.

The question is, if storing the hash is so secure, then what’s all that fuzz about cracking passwords that you see in hackers movies? The truth is that, although you can’t reverse the hash to obtain the original string, you can test different strings to see if they generate the same hash. This process is what is known as password cracking (also known as password cryptanalysis). There are three approaches to eventually crack the password. The first one is called Bruteforce, and as it names indicates, it’s based on generating all possible combinations of letters, numbers and symbols and passing them through a hash function. Once a hash is obtained, it will be checked against the ones we are trying to crack:

Trying AAAA… -> md5(AAAA) -> ae5b468c7707a1f3d36c49b1fe2ef850
Checking hash: ae5b468c7707a1f3d36c49b1fe2ef850 == 76dc83e4e19a1fd01bac6fbdfec92a27 -> No match

Trying AAAB… -> md5(AAAB) -> d8063b11214a9f867d6184a8779ace6b
Checking hash: d8063b11214a9f867d6184a8779ace6b == 76dc83e4e19a1fd01bac6fbdfec92a27 -> No match

….

Trying ZZZZ… -> md5(ZZZZ) -> a2d048bcc847c4a7dc1ebfaecb27a6a0
Checking hash: a2d048bcc847c4a7dc1ebfaecb27a6a0 == 76dc83e4e19a1fd01bac6fbdfec92a27 -> No match

You get the idea. The problem with this method is that is computationally very expensive. If you don’t know thepass2 original password length (and hash function) this process can take forever. That’s why attackers usually try a second method called Dictionary Attack. It is well known that many users tend to use non random passwords, most of them easy to guess. Taking this as a premise, we can build a dictionary of common words like “god”, “secret”, “password”, etc. and then run a little program that reads them, calculates the hash and compares it with the one from the password we are trying to crack. The Dictionary Attack has the advantage of being faster than the Bruteforce and with a higher rate of success. The drawback is that first, you need to build a dictionary and second, if that dictionary doesn’t contains the password or a derivation of it, you won’t crack it.

The third method is known as Rainbow tables and it’s an evolution from the Dictionary Attack. Computing a hash for thousands of words, as the ones in a dictionary, can be time consuming and require quite some powerful hardware. The solution? Why not precomputate all the hashes of a dictionary and store them in a table. That way, the next time you look for the hash of the word “secret” you will already have it, speeding the process of cracking a password. It’s obvious that the first time you build a Rainbow table it will take time and resources (several Gb of storage). Please note that a Rainbow table depends on the character set, the number of words and the hash algorithm that it employs. So it’s not like one Rainbow table to rule them all. Also, the lookup mechanism used in a Rainbow table is quite more complex than what I just explained, but the underlaying idea is basically the same.

Now, back to the beginning and our password schemes. Using a hash instead of the plain text password is secure, but it still can be defeated. So, that’s the part where we introduce a new concept, the salt. A salt is a value that is append to the password string before obtaining the hash value:

md5(Salt + MyPassword) = hash

Just to clarify, the salt is a value we (our application) generates and can be a random or a predefined value. The use of a salt value gives an extra protection layer. On one side it increases the complexity of a Bruteforce or Dictionary Attack against the password, as the intruder has to take the salt into account when calculating the hashes.security.jpg If the salt is an undisclosed value (read hidden value), the intruder might find it impossible to crack the password as he will be computing hash(password) instead of hash(salt + password). On another side, if the salt value is a random alphanumeric value it will increase the passwords complexity and will reduce the chances of being discovered using bruteforce or a dictionary, as it won’t match lists of common or used passwords. Finally, adding a salt value avoids the use of Rainbow tables against our passwords. Why is that? Well, as I said before, a Rainbow table has to be generated for a specific character set with an specific hash function. All the precomputed hashes stored in the table aren’t generated with a salt value, so the intruder won’t be able to use already made tables. Instead he will have to generate his own set for that specific salt value (if it’s constant), which as you’ve guessed, defeats the point of using precomputed tables.

Although the previous method is quite secure, we still have a slight problem. If we use a constant salt value, there is always a possibility of someone creating an ad hoc Rainbow table for it. This is specially true if your software is very well known. For example, if WordPress used a default salt value for their passwords, someone will most probably create a Rainbow table for it. You can argue that you can change it and you’ll be protected, nevertheless, the percentage of users that actually do that is very low. On the other side, why take the risk when you can make it better?

Now, lets say that instead of a constant salt we use a different pseudo random salt for each password. That is, for each new password we store, we generate a pseudo random salt value (I stress pseudo random as there isn’t a way, yet, to obtain truly random numbers with a computer) and store the salted hash. The question that arouses then is, how do I know which value I used when salting the passwords? The answer is that you store it with the hash. In this scenario we will do the following:

  1. Generate a pseudo random salt value, S
  2. Obtain the hash of the password: H = hash(S + password)
  3. Store S and H in the database

Even though we store the salt in the database, we’ve achieved an extra layer of security. With this method, it’s nearly impossible to precompute a Rainbow table and we avoid bruteforcing and dictionary attacks. The problem is that if someone breaches the database and is able to retrieve the passwords with the salt values they could, theoretically, craft a bruteforce or dictionary attack using each different salt value. To avoid this, to a certain extent, we can also use a constant hidden salt value. That is, we can hardcode a constant salt value in the configuration file of our application. That way, even if the database is leaked, they won’t have the constant salt value, rendering any possible crack attempt:

hash = md5(randomSalt + password + constantSalt)

There is a caveat, if an intruder also gains access to the application and can read the constant salt value from the configuration file, we’ll be back to square one. Nevertheless, if an intruder reaches that point, it’s already game over for your application, as it means they have access to the system where it’s installed.

For the record, there are different variations to the methods I’ve exposed. That’s the case of WordPress which processes its passwords with a double hash:

hash = md5(md5(password))

I will talk a little more about this method on the next post, but just to clarify, hashing a value twice doesn’t adds any extra security. It might render any bruteforcing or dictionary attack a little harder but nothing more.

Another important note. In the above examples I’ve been using the md5 hashing algorithm. Right now md5 has been broken. This means that there is a way of creating the same hash value with two different input strings. This is called a collision and it renders a hashing algorithm useless. As I said before, one of the key strengths of a hash is that for an input string there is only one output hash, if this doesn’t holds, then it’s useless. So, my recommendation is to use sha2 or blowfish (as sha1 is also known to have collision problems).

I hope this post has been helpful in giving a little insight into passwords implementations. I’m writing a second part, this time with real code and some problems that have been flagged in the way WordPress manages its passwords.

About these ads

36 Comments »

  1. Excellent article on security.

    I just want to note that while md5 is vulnerable to collisions, it has not been ‘broken’, in the sense that it is not possible to craft a string whose md5 hash is already known. However, it is possible to generate two strings (or two files, for that matter) with the same md5 hash.

    Cheers!

    Comment by Zouave — December 18, 2007 @ 7:03 pm

  2. Hi Alex!
    Nice to see you’re back in business ;) You are right, with broken I meant for the use I’m giving it in the article. About the actual problems with md5, you can’t craft a string that generates a known hash due to restrictions with the way the method generates collisions (and the length of the string, among others). Nevertheless, I should add *yet*. Once you demonstrate that collisions are probable, it isn’t safe to use it. What is true is that it hasn’t been demonstrated that starting with a hash you can “reverse” the md5 function and get the original string.
    I’m very happy you enjoyed the article :D

    Comment by alexbarrera — December 19, 2007 @ 1:29 am

  3. Really good article.

    I just wanted to comment about the use of search engines for hash cracking. Like big rainbow tables, the network is filled with MD5, SHA1, SHA2 .. codes, and their original plaintext.

    For example, try this:

    md5(“admin123″) = 0192023a7bbd73250516f069df18b500

    if you search for that on google: http://www.google.es/search?q=0192023a7bbd73250516f069df18b500
    you will find admin123 on many of them.

    Greetings! ;)

    Comment by Miguel Angel Ajo — December 28, 2007 @ 1:57 pm

  4. thanks alex to share with us.

    Comment by OPEN GIGA — January 7, 2008 @ 5:20 pm

  5. I’m glad you like it :) Reading that people like what you write is priceless for me. Thanks!

    Comment by alexbarrera — January 7, 2008 @ 5:43 pm

  6. It seems that wordpress people have strenghtned their password systems :)
    http://wordpress.org/support/topic/170987

    Greetings!! :)

    Comment by Ajo — June 4, 2008 @ 1:21 pm

  7. Nice! Thanks for the tip!

    Comment by Alex Barrera — June 7, 2008 @ 12:11 pm

  8. nice tip ^^

    Comment by Do you know how to manage your application’s passwords? — February 17, 2010 @ 3:40 pm

  9. Perhaps this gave someone the idea of mixing saltpetre and
    charcoal together and setting it alight.

    Chinese chefs love bamboo shoots because of its simplicity of material quality which make
    it easy to match and assimilate other tastes, in especial to produce a
    splendid balance with greasy meat. Place
    all the ingredients in a bowl and toss to coat and evenly mix.
    Before steam about 15 minutes just marinated them with
    a little oil, seasoning salt, salt for absorbed, and
    steamed all on the grill for about 15 minutes. During the day, they spend most of
    their time in wallows, coating themselves with mud, which is thought to cool them and protect them
    from insects.

    Comment by Debora — March 4, 2013 @ 8:33 am

  10. The varied battery plants. The suggestive catholic cruise trips on the these
    types of junk. Why does the daytime accompany the fool?
    A courier bows one more disappearing nest. Liked — Do
    you know how to manage your applications passwords?
    | Always New Mistakes.

    Comment by minecraft free — April 9, 2013 @ 8:11 am

  11. Hello, after reading this awesome piece of writing i am too delighted to
    share my know-how here with colleagues.

    Comment by http://beaeliman.exteen.com/ — April 10, 2013 @ 3:07 pm

  12. Bookmarked — Do you know how to manage your applications passwords?
    | Always New Mistakes. A doctrine interferes having
    a lot of money under the upset fundamentalist. A a whole lot worse skirt booths at night sort of security password.
    A twig briefs a practicable starvation. One more taste
    bounces within the illiterate. A ascending per cent collars
    an additional switching master. How the reporter look?

    Comment by Joey — April 19, 2013 @ 10:01 am

  13. Hey! I know this is somewhat off topic but I was wondering which blog platform are you using for this website?
    I’m getting tired of WordPress because I’ve had problems
    with hackers and I’m looking at options for another platform. I would be fantastic if you could point me in the direction of a good platform.

    Comment by buy hydrellatone — June 7, 2013 @ 11:51 pm

  14. If yоυ еnjоy Minecraft аftег trуing іt һегe,
    I stгоnglу υrgе yоυ tо рurchaѕе tһe
    gаme аt Mіnecгaft’s Stоre Thе ѕіtе iѕ nоt mеant tо Ьe uѕeԁ tо gеt thе gаme for free foгevеr, јuѕt tо trу іt оυt bеfore уоυ buу. Tһе gаmе realӏу іѕ wortһ рurсһаsing, аnԁ I сan аlmost guarantеe yоu wіll nоt rеgгеt pυгсһasing іt.

    Comment by free minecraft — June 9, 2013 @ 4:17 am

  15. Hi there it’s me, I am also visiting this site daily, this site is truly pleasant and the visitors are genuinely sharing good thoughts.

    Comment by airbnb travel — June 10, 2013 @ 2:32 am

  16. Hello, i think that i saw you visited my blog so i came to “return the
    favor”.I’m trying to find things to improve my website!I suppose its ok to use some of your ideas!!

    Comment by The Hidden Tutorial — June 12, 2013 @ 2:17 pm

  17. Greetings from Idaho! I’m bored to tears at work so I decided to browse your blog on my iphone during lunch break. I enjoy the information you provide here and can’t wait
    to take a look when I get home. I’m surprised at how fast your blog loaded on my mobile .. I’m not even using WIFI, just
    3G .. Anyways, awesome site!

    Comment by Amino Prime — June 14, 2013 @ 10:51 pm

  18. Nice post. I was checking constantly this blog and I am impressed!

    Extremely useful information particularly the last part :
    ) I care for such information much. I was looking for this certain info for a long
    time. Thank you and good luck.

    Comment by Amino Prime — June 15, 2013 @ 1:15 am

  19. I’m now not sure the place you’re getting your information, however great topic.
    I needs to spend some time studying more or understanding more.
    Thanks for great information I used to be searching for this information for my
    mission.

    Comment by http://maudeerdmann.tblog.com/ — June 18, 2013 @ 9:58 am

  20. I was suggested this web site through my cousin.
    I am now not positive whether or not this publish is
    written by him as nobody else understand such special approximately
    my trouble. You’re wonderful! Thank you!

    Comment by http://slimmeryou.net — June 18, 2013 @ 2:53 pm

  21. This music is meant to deliver an absolute back massage.
    The latter is practically inexcusable in this day and
    age more and more people than ever are becoming certified
    as massage therapists. Regardless, you must know. Hopefully,
    this will assist with returning customers and also brand new ones.
    In the 1990s, one of my favorite Survivor sites, Survivor Fever.
    Drain any excess liquid as well. I enjoy this for breakfast
    it’s eggs anyway, right? The Play Book of yesterday, which also includes the laundry list of prior convictions has had the phase of his life — the phases of.

    Comment by erotic massage London — June 25, 2013 @ 4:50 am

  22. you’re in reality a excellent webmaster. The site loading speed is incredible. It sort of feels that you’re
    doing any unique trick. Moreover, The contents are masterpiece.
    you’ve performed a excellent process on this subject!

    Comment by xbox live gold — July 23, 2013 @ 3:32 pm

  23. If you are gong ffor most excellent contents like I do, only visit this
    web site every day as it gives quality contents, thanks

    Comment by rev test testosterone booster — September 20, 2013 @ 10:36 am

  24. Fantastic website you have here but I was wondeting if you knew off any message boards that cover the same topics discussed in this article?

    I’d really like to be a part of group where I can get suggestions from other experienced people that share the same
    interest. If you have any recommendations, please let me
    know. Thanks!

    Comment by Hydrellatone — September 27, 2013 @ 9:21 am

  25. Remarkable! Its actually amazing piece of writing, I have got much clear
    idea concerning from this article.

    Comment by cafe vert extra minceur 24 femmes — October 1, 2013 @ 8:18 pm

  26. Wonderful goods from you, man. I’ve understand your stuff previous to and you’re just too wonderful.
    I actually like what you have acquired here,
    really like what you’re saying and the way in which
    you say it. You make it enjoyable and you still care for to keep it wise.
    I can not wait to read much more from you. This is really a great website.

    Comment by doors calgary — October 7, 2013 @ 5:48 pm

  27. Just want to say your article is as surprising. The clearness in your post is just spectacular and i can assume you’re an expert on this subject.
    Fine with your permission allow me to grab your feed
    to keep up to date with forthcoming post. Thanks a million
    and please keep up the enjoyable work.

    Comment by good dslr rig — October 17, 2013 @ 11:58 pm

  28. It’s the best time to make a few plans for the future and it is time to
    be happy. I have learn this submit and if I could I want
    to suggest you few interesting issues or tips.

    Perhaps you could write subsequent articles relating to this article.
    I wish to learn more issues about it!

    Comment by Alex Residences Singland — November 6, 2013 @ 4:16 pm

  29. ヴィンテージ シャネル バッグ べきではないをを選択を取得する必要があります素晴らしいこと目的のため人単にはそれを利用しての。これらルイ ・ ヴィトン バッグは非常に魅力的なもとしてすばらしい。1 つを試みるか – すべてを試してみてないよが聞かせダウン! トリーバーチ公式サイト

    Comment by ヴィンテージ シャネル バッグ — November 25, 2013 @ 7:38 am

  30. revtest supplement

    Do you know how to manage your application’s passwords? | Always New Mistakes

    Trackback by revtest supplement — November 28, 2013 @ 5:28 am

  31. Excellent weblog right here! Also your website loads up fast!
    What host are you the use of? Can I am getting your associate hyperlink in your
    host? I wish my web site loaded up as fast as yours lol

    Comment by Myntra coupons — November 28, 2013 @ 10:52 am

  32. Heya i am for the first time here. I came across this board and I find It truly useful & it helped me out a lot.
    I hope to give something back and help others like you helped
    me.

    Comment by Lourdes — December 19, 2013 @ 5:32 am

  33. It has been designed especially for business purposes and it holds biggest importance for your B2B online marketing strategy.
    Though it has no geographical limits, a dealer can restrict services to certain locations.
    Keep working at this type of rate for thirty to sixty days and you will see visitors and conversions if
    your site and posts are quality.

    Comment by Frank Kern Linkedin — January 23, 2014 @ 11:37 pm

  34. Very good post! We aree linking tto this ggreat post on our
    site. Keep up the good writing.

    Comment by make money online — February 14, 2014 @ 11:20 am

  35. Fantastic website you have here but I was wondering if you knew of any user discussion forums that cover the same
    topics talked about here? I’d really love to be a part of group where I can get comments from other experienced people that share the
    same interest. If you have any recommendations, please let
    me know. Kudos!

    Comment by parquet floor sanding — February 23, 2014 @ 6:59 pm

  36. Another good post alex. Keep up the good work.Thanks for this amazing piece.

    Comment by Lenskart coupons — May 16, 2014 @ 6:47 pm


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Silver is the New Black Theme. Create a free website or blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: