Lessons Learned From Cracking 2M LinkedIn Passwords 198
An anonymous reader writes "Qualys researcher Francois Pesce used open source password cracker John the Ripper to try to crack SHA-1 hashes of leaked LinkedIn passwords. He ran the John the Ripper default command on a small default password dictionary of less than 4,000 words. The program then switched to incremental mode based on statistical analysis of known password structures, which generated more probable passwords. The results? After 4 hours, approximately 900,000 passwords had been cracked. Francois then ran numerous iterations, incorporating older dictionaries to uncover less common passwords and ended up cracking a total of 2,000,000 passwords."
Re:YAY the cracked the passwords (Score:4, Informative)
... It is only useless if you have a criminal intent.
For those of us who do not actually want to abuse this leak, but instead learn from it, this is a great source of data!
It shows just how *****ingly clueless most people are when it comes to creating a password.
It shows how getting a bit smarter makes your password harder to crack, but still vulnerable to dictionary+statistical attacks.
It shows how 100% random is probably the way to go for anything of value.
Re:Do not use standard passwords (Score:5, Informative)
So what next?
Two factor authentication.
Re:Value of a linkedin account (Score:2, Informative)
Instead of faking facebook accounts, someone could steal a real linkedin account to do the same:
How spies used Facebook to steal Nato chiefs’ details
NATO'S most senior commander was at the centre of a major security alert when a series of his colleagues fell for a fake Facebook account opened in his name - apparently by Chinese spies.
http://www.telegraph.co.uk/technology/9136029/How-spies-used-Facebook-to-steal-Nato-chiefs-details.html
Re:Do not use standard passwords (Score:5, Informative)
Salting doesn't stop brute force crackers like JtR
Salting doesn't make brute force crackers impossible, but it makes brute force much, much less effective. If I have two million unsalted passwords, I just need to compute a hash for a dictionary word one time and then do two million string comparisons. If I have two million salted passwords, then I need to hash the dictionary word two million times. That is far, far more time consuming.
Re:Do not use standard passwords (Score:4, Informative)
Salting doesn't stop brute force crackers like JtR, it only stops attackers from using a rainbow table and/or discovering that two people have the same password.
Both of those latter things are significant risks. However, it also substantially slows down brute-force crackers when applied to large password lists.
If you apply a brute-force cracker to a list of, say, a million unsalted password hashes, then you need to only compute the hash of each potential password once and compare the result against all million hashes. With a reasonably good in-memory storage system for the hashes, nearly 100% of your time is spent computing hashes (and not in comparison or password generation). So, with unsalted passwords, cracking a million passwords is as fast as cracking one (but much more lucrative).
With salted passwords, you need to compute the hash of each potential password for each entry in the hash list (since they all, ostensibly, have different salts). So you need to compute a million hashes in order to check one possible password (for the whole list). That is a substantial slowdown. With salted passwords, you are essentially cracking every password in a list separately -- having a large list gives you zero speed benefits.
If a factor of a million slowdown doesn't seem like much, consider that many good password-based encryption system use key strengthening, where the password (and salt) are passed through many chained rounds of hashing. Roughly a million, on modern processors. The whole purpose of this is to slow down brute-force password cracking by increasing the cost of a guess. It's enough of a change that instead of being able to get through a very large keyspace in a reasonable time (with only one hash round), you're stuck only being able to crack very bad passwords (with a million hash rounds). That's a very significant difference.
Re:Check your password (Score:5, Informative)
www.leakedin.org/
Nobody should use this site, period.
You seriously expect people to go to an arbitrary site and enter their password, knowing that the hashes have been leaked alongside account information?
In the kindest possible world this may be seen as a service, but the skeptic in everyone should hear very loud alarm bells. This site could easily log all of the passwords that are entered for "testing", use them to solve the harder-to-brute-force hashes, and deliver to the site operator the resulting account information and plaintext password!
Even if you had the best intentions posting that link, and even if the site actually is completely innocuous, one should never encourage any user to enter their password into a random third-party site. Please take it down immediately.
Re:Do not use standard passwords (Score:5, Informative)
If you have a salt in *code* (I presume a static one), I would wager it would be easy to discern. A salt is not supposed to be 'secret', it's just supposed to prevent easy identification of common passwords and a simplistic rainbow table attack.
Now if each client had a machine generated salt to append before transmit to server, that actually is servicable. Of course, the standard practice of complete obfuscation of the password through local algorithms is better.
Re:gpg (Score:5, Informative)
http://hashapass.com/ [hashapass.com] have a bookmarklet. Not completely auto, you still need to write in a keyword for the site, but still.. Does a good job.
Re:Do not use standard passwords (Score:4, Informative)
Salt: a random per user number (not an algorithm) used to foil attacks like rainbow tables.
Signature: an algorithm that authenticates a message (like a password).
Typically any secret algorithm is considered security by obfuscation.
So a "salt" generating algorithm would be an obfuscated pseudo-random number generator used in a non-standard way as non-cryptographically secure signature. Yeah, that's the ticket to good security ;^)