Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Encryption

Ashley Madison's Passwords Cracked, Soon To Be Released 146

New submitter JustAnotherOldGuy writes with some news that might worry anyone caught up in the Ashley Madison data breach. ("Uh-oh," he says.) Now, besides any other possible repercussions of having one's name on the list of account holders, there's a new wrinkle. The passwords used to secure those accounts were theoretically robustly protected with bcrypt. However, as Ars Technica reports, That assurance was shattered with the discovery of the programming error disclosed by a group calling itself CynoSure Prime. Members have already exploited the weakness to crack more than 11 million Ashley Madison user passwords, and they hope to tackle another four million in the next week or two. This would matter much less if passwords weren't so frequently re-used.
This discussion has been archived. No new comments can be posted.

Ashley Madison's Passwords Cracked, Soon To Be Released

Comments Filter:
  • by Schezar ( 249629 ) on Thursday September 10, 2015 @02:07PM (#50497367) Homepage Journal

    If I were interested and had the access, I'd keep a log of anyone who changed their password on any system that I owned in the next couple weeks.

    I wouldn't do anything with that data. But I'd keep it. If anything interesting happened later, and I could correlate an account on AM with an account on my system that changed its password shortly after this news broke... Well, that data could be interesting.

    Data isn't dangerous. Looking at it and then looking at related information is.

    • by Anonymous Coward

      If I were interested and had the access, I'd keep a log of anyone who changed their password on any system that I owned in the next couple weeks.

      I wouldn't do anything with that data. But I'd keep it. If anything interesting happened later, and I could correlate an account on AM with an account on my system that changed its password shortly after this news broke... Well, that data could be interesting.

      Data isn't dangerous. Looking at it and then trying to fucking blackmail people with it, is.

      There ya go. FTFY.

    • by SQLGuru ( 980662 ) on Thursday September 10, 2015 @02:15PM (#50497433) Homepage Journal

      And that's when anonymized data is no longer anonymized.

      We only publish anonymized data......but you can query down to all white men, aged 24, born in Wisconsin, living in New York city, own an Apple MacBook Air, earn $60k/yr, graduated from NYU, has a degree in Marketing, etc.

      If you can add enough data points, your set gets down to one person -- even though that data is anonymized.

      • Similar to Panopticlick [eff.org]. Even just information that is easily available from your web browser can narrow you down to a specific machine. Who needs to store cookies on machines when you can pretty much identify the machine uniquely anyway.

        • by zidium ( 2550286 )

          I'm always horribly unique whenever I check. Doesn't matter what browser I use.

          • I'm always horribly unique whenever I check. Doesn't matter what browser I use.

            Pro tip: Even in 2010 UA strings in Firefox had become specific beyond the call of duty with build date, rendering engine verision, OS version, and other useless stuff that browser-quirk-sniffing techniques can discard without really breaking your rendering. Erm, I recognize that UA sniffing is stupid with modern pages, but the strings are a vestigial tracking item.
            My getting a UA-changer extension with pre-populated defaults for iPhone 3, iPads or plain Firefox 3.5 back then brought the uniqueness from 1 i

            • I'm not sure how the fonts list helps. On most of my computers I have the default fonts that come with the operating system. I can't think of the last time I bothered to try and install a new one.

          • Running linux blows my uniqueness through the roof.

            User Agent 16.07bits | 1 in 68587.24 | Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36

            Take that one out and my next biggest is 1 in 4987 for Browser plugin details. So overall I end up 1 in c3m browsers.

      • And that's when anonymized data is no longer anonymized.

        Exactly. And a lot of people don't get this.

        The fact is that if there are enough data points for meaningful statistical usefulness, then the data is almost certainly not genuinely "anonymous". It may be somewhat obfuscated or non-obvious, but as you pointed out you can drill down looking for valid (actual) matches and chances are very very good that you'll find them.

    • by Anonymous Coward

      If I were interested and had the access, I'd keep a log of anyone who changed their password on any system that I owned in the next couple weeks.

      I wouldn't do anything with that data. But I'd keep it. If anything interesting happened later, and I could correlate an account on AM with an account on my system that changed its password shortly after this news broke... Well, that data could be interesting.

      Data isn't dangerous. Looking at it and then looking at related information is.

      Creep.

    • by TheCarp ( 96830 )

      So small minded. If you were really interested, you would just log this activity forever, and then you can always mine the data for any date range. Disk is cheap, logs are small.

    • by cdrudge ( 68377 )

      My domain password at work expires sometime in the near future since I got an email that says I need to change it. I guess I must be a AM user because I changed my password shortly after this news broke.

  • How it was done (Score:5, Informative)

    by sinij ( 911942 ) on Thursday September 10, 2015 @02:08PM (#50497373)
    TFA was uninformative. Instead, from http://cynosureprime.blogspot.... [blogspot.ca]:

    Instead of cracking the slow bcrypt hashes directly, which is the hot topic at the moment, we took a more efficient approach and simply attacked the md5(lc($username).”::”.lc($pass)) and md5(lc($username).”::”.lc($pass).”:”.lc($email).”:73@^bhhs&#@&^@8@*$”) tokens instead. Having cracked the token, we simply then had to case correct it against its bcrypt counterpart.

    • Re:How it was done (Score:5, Informative)

      by axlash ( 960838 ) on Thursday September 10, 2015 @02:20PM (#50497473)

      TFA was uninformative. Instead, from http://cynosureprime.blogspot.... [blogspot.ca]:

      Instead of cracking the slow bcrypt hashes directly, which is the hot topic at the moment, we took a more efficient approach and simply attacked the md5(lc($username).”::”.lc($pass)) and md5(lc($username).”::”.lc($pass).”:”.lc($email).”:73@^bhhs&#@&^@8@*$”) tokens instead. Having cracked the token, we simply then had to case correct it against its bcrypt counterpart.

      Or this:

      http://arstechnica.com/securit... [arstechnica.com]

    • Really its a good idea bcos many of hacker try to decry pt the code with md5 hash they use $password is like up to 10 non-salted hashes which is well-protected but nowadays hackers can hack any key or door and anything else. US Government try to increasing the parameter of secure place for people. So we have to secure own door or key you can get help with http://www.locksmithsinscottsd... [locksmiths...tsdale.com] There is lot of example like MD5 : LM, NTLM, md2, md4, md5(md5), md5-half, sha1, sha1(sha1_bin()), sha224, sha256, sha3
      • Can anyone clear this MD5 code for me ! I want to know more about this. And how cracked Ashley Madison' password. means hackers have enough skills to crack them easily.
    • More info (Score:5, Informative)

      by Okian Warrior ( 537106 ) on Thursday September 10, 2015 @03:19PM (#50498057) Homepage Journal

      The Ashley Madison system stored an MD5 hash of the lower-cased username and password on the user's computer, so that they could revisit the site without having to reenter their login info.

      Computing MD5 hash values is much faster than computing bcrypt() values, the hackers already had the username, and both fields were lower-cased.

      They just brute forced the MD5 hash until they got a match. About 90% of the MD5 passwords matched exactly (ie - the passwords were already in lower case), of the remaining 10% they tried uppercasing the individual letters of the password until it matched.

      Security is hard. Basing the MD5 hash on a reduced-space plaintext password was the fundamental error.

      Also there were some administrative lapses. They changed password hash algorithms, and then forced users to change passwords at next login. Many users hadn't logged in in several years, so this left a lot of old, insecurely hashed passwords around.

      Generally poor security for such a sensitive site. Makes me wonder how good other popular sites are at security.

      We really should figure out this security thing.

      Perhaps an open-source fixed-function password keeper (as Mooltipass [indiegogo.com]) in separate trustable hardware would work?

      • Makes me wonder how good other popular sites are at security.

        Poor. Facebook had a flaw that allowed anyone [cnn.com] to post on Mark Zuckerberg's wall, for example.

        We really should figure out this security thing.

        Easy. "The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it." --Robert Morris Sr

      • Perhaps an open-source fixed-function password keeper (as Mooltipass [indiegogo.com]) in separate trustable hardware would work?

        I have one of those. I call it a "brain".

        I worked out a system about 20 years ago for generating passwords that would be fairly secure, yet easy for me to remember.

        Apparently I must be special, because I'm the only person I know who doesn't use a password-keeper of any sort, not even a Post-It stuck to the bottom of my keyboard. (I do allow my browser to store a few passwords for things that don't matter, e.g. the stupid Flash games I occasionally indulge in as a momentary distraction.)

      • by Wattos ( 2268108 )

        This would have been easily circumvented by wiping the current access token key which was used to stay logged in.

        If they had done it, everyone would have to sign in again (a minor inconvenience) but the passwords would have been safe

  • by CastrTroy ( 595695 ) on Thursday September 10, 2015 @02:10PM (#50497395)

    This kind of stuff is the reason I never re-use passwords across services. All my passwords are randomly generated and stored by KeePass [keepass.info]. Sure, it's a little less convenient to have to unlock the password safe in order to get into services, rather than just type in something you've already memorized. But, it's the only way to be sure that having your password compromised on one service won't compromise an account on another service. Even if the service isn't externally compromised, there's probably a lot of systems out there where employees (DB administrators, programmers) can gain access to the passwords from various methods such as logs or unaudited code.

    • This is too hard for the average user to use. While it is good security policy it simply isn't going to happen.

      A much more achievable goal is to get people to use a couple of different passwords which they then grade into the 'don't care if compromised' 'care a little' 'care a lot' 'O fuck no' category. Also I think people should be steered away from the alphanumeric random password idea and towards an easy to remember string of words. maddisoncompromisedmarriagelost is a hell of a password to brute force

      • Watch this year's DEFCON talk on Bitcoin hacking to see why correcthorsebatterystaple actually isn't a good password idea. https://www.youtube.com/watch?... [youtube.com]

        Many attack routines now simply combine many words together, like this, to brute force, so you're not actually looking at entropy based on character length - your entropy is based on number of words, which is far less. In you "maddisoncompromisedmarriagelost" example, you only have an entropy of 4 - which is not, I think you'll agree, a large number. T
        • Oh - specifically, it's at about 16:40 into the video.
        • Watch this year's DEFCON talk on Bitcoin hacking to see why correcthorsebatterystaple actually isn't a good password idea. https://www.youtube.com/watch?... [youtube.com] Many attack routines now simply combine many words together, like this, to brute force, so you're not actually looking at entropy based on character length - your entropy is based on number of words, which is far less. In you "maddisoncompromisedmarriagelost" example, you only have an entropy of 4 - which is not, I think you'll agree, a large number.

          If you're this new to encryption you shouldn't try to sound authoritative - getting entropy so wrong on such a low level means you should perhaps read more before attempting to criticise something.

        • It's not an entropy of 4 for a huge number of reasons, not least that they have no idea I used 4 words. That length password could easily have had 8 words in it, or it could have had none.

    • All it takes is a keylogger to get the master password. There was a recent malware attack (2014) that did this against some of the more popular password managers such as 1Password and...uh...KeePass...on Windows.

      http://arstechnica.com/securit... [arstechnica.com]

      Perhaps, using Time-based Two-Factor authentication such as Google's implementation is a safer bet as a keylogger wouldn't capture the tokens on the device running the authenticator code. Alternatively, use an Out of Bounds message, such as an SMS to convey the cod

    • by cyn1c77 ( 928549 )

      This kind of stuff is the reason I never re-use passwords across services. All my passwords are randomly generated and stored by KeePass [keepass.info]. Sure, it's a little less convenient to have to unlock the password safe in order to get into services, rather than just type in something you've already memorized. But, it's the only way to be sure that having your password compromised on one service won't compromise an account on another service. Even if the service isn't externally compromised, there's probably a lot of systems out there where employees (DB administrators, programmers) can gain access to the passwords from various methods such as logs or unaudited code.

      I think this whole password fiasco has gotten super fucking complicated for a normal human being.

      When you need a password manager application to tell you what to type into the computer, we might as well all just switch to a tokencard system.

      Or better yet, write you passwords down on a card in you wallet. Write you login names down on your password-protected phone. Problem solved. Go ahead and try to hack that system remotely.

    • by leonbev ( 111395 )

      It doesn't give much credence to the "use a tough password that's hard to crack" creedo, though.

      What's the point of using a crazy 20 character password multicase password with special characters if the person storing the password isn't going to encrypt it properly? It's just going to cracked anyway.

      If you can't trust the dumbasses running the sites you visit not do to something REALLY dumb like store it in cleartext, you might as well just use "password" or "qwerty12" as your password and be done with it.

  • Can you really believe that some bad actor either inside or outside such a site won't find a way to ID you?

  • Does this mean I have to change my password of "12345678" back to "Password"?
    • you should use one that a smart physicist has proven has higher entropy than your short 8 character sequence one, "correct battery horse staple"

      • by Anonymous Coward

        You got it wrong. It's "correct horse battery staple". Proof. [xkcd.com]

        In keeping with proper slashdot etiquette, I must now insult you. So here goes: you democrat!

         

        • oh no, using the exact one from the comic would be insecure. you have to change at least two of the words around

    • No, no! That is terribly insecure. Use "P@$$word1234" It has caps, numbers, and special chars, so it's strong.

    • Probably. I hate that this keep happening. I just had to change all my passwords, and I'm having a hard time remembering it. I'm up to password10 now, and I keep forgetting it isn't password9 anymore.

  • If a person knows he used that site, he can just go ahead and change his passwords everywhere else. Probably even without raising suspicion of his spouse.

    • by tnk1 ( 899206 )

      It is mostly a problem if the person doesn't know about this password hack happening. At least some of the people who signed up for that site probably don't understand the full threat and aren't following tech news.

      It's also a problem if there are accounts that this user has forgotten they had, but which use the same password.

  • by raymorris ( 2726007 ) on Thursday September 10, 2015 @03:45PM (#50498327) Journal

    The Ashley Madison developers did a lot of things right. They even used strong encryption for the passwords. They improved their security over time. Yet, a couple of security bugs ended up taking the company down completely. With security, if you score 98 and the attackers score 2, finding two vulnerabilities, the bad guys win. Bugs happen. Security bugs are not okay, however.

    I have a lot respect for good application developers. The blend of skills required is fairly comprehensive - UI design, database, understanding scalability, etc. With your wide breadth of skills, are you fine folks starting to understand that security is HARD, and requires a depth of understanding? That it's one of those things where it is wise to get expert assistance?

    I've been programming professionally for 20 years, and I'm pretty competent; yet I'd never design and implement my own filesystem, because filesystems are HARD to do well. There are maybe a dozen people in the world who have the specialized knowledge and experience needed to design and implement a filesystem that rivals btrfs or even ext4. I KNOW that I don't have that specialized skill. One of my best friends has also been a professional developer for 20 years. Every month, he asks me about a security related issue, because he knows that he's not a security specialist, and that bugs happen, but security bugs are not okay. Will you let those of us who live and breath security 24/7 lend a hand before you release it next time?

    • by cfalcon ( 779563 )

      The Ashley Madison developers fulfilled a lot of management bullet points. They were presumably told to use strong encryption, so they did... incorrectly.

      This will convince exactly 0 people to have their security relevant code audited, inspected, or likely even tested.

      • by gweihir ( 88907 )

        Mad password protection is one of the absolute standard things to check in any security review that deserves the name. Apparently, these people were arrogant in addition to incompetent and though they could do without external review. Save a penny, lose a million (scaled up 10'000 times or so).

    • by gweihir ( 88907 )

      No, they did not do password protection right. Around 15 million only had MD5 as protection, and that is just utterly incompetent. And yes, it is quite possible to secure passwords you have as MD5 better retroactively, just do bcrypt(md5(password)). Apparently nobody cared or understood this.

    • Will you let those of us who live and breath security 24/7 lend a hand before you release it next time?

      Sure, I'd love for you to lend a hand. Really.

      I recently finished a two-year project for a client creating an API for aggregating and analyzing social media data in near-real-time. We could tell where an earthquake happened, minutes after it happens and before it hits the news, by the tweets, to within a few hundred KM of the actual epicenter. It was developed and implemented by myself, who studied mechanical engineering, not CS, and a small team that I led. Why me? Because I am a skilled applications dev

      • People are generally pretty bad at estimating their own level of competence in their work, and the quality of their work, but let's assume that your work is in fact reasonably secure. There are only a few small improvements needed, it doesn't have to be completely rewritten.

        Under that assumption, increased security can be quite affordable. I suspect you'll be very surprised by the low cost of a level 1 analysis. By security I don't just mean protecting confidentiality from malicious actors. If a system

        • Are you the Ray Morris associated with Better CGI? Is there a better way to contact you if I ever do need your services?

          Thanks.
          • I've emailed you through your contact form (which seemed to refresh, rather than confirm receipt of the message) and through the email address listed in your whois.

            I'm on Slashdot a lot too. More often than I should be, if I want to have mod points.

    • by AmiMoJo ( 196126 )

      It looks like someone with a clue implemented the original bcrypt system, but then later someone else came along and added the MD5 hash to making logging in easier. Classic example of a company employing a security expert to write their app, then later someone in management decides it's too much effort for their customers to be secure and tells someone else to make it easier.

      I'm just amazed that AM is still in business. The loss of extremely sensitive data, the revelation about the extremely low male:female

  • Security (Score:5, Interesting)

    by ledow ( 319597 ) on Thursday September 10, 2015 @04:01PM (#50498505) Homepage

    It still gets me.

    You run a huge operation, with thousands of users and millions of dollars flowing through it.

    At which point do you need to stop and think "Actually, I need a server that does NOTHING but authentication, isolated from everything else?"

    Literally a machine that can only communicate Yes or No and maybe a tiny token and every communication to it can only be replied to by yes, no, or issue of a temporary token (which can only be verified by the same machine answering yes or no).

    Changing passwords is a rare, deliberate, easy-to-audit and unusual act - you could literally have a guy who has to press a button to okay each such action. Apart from that, an application has absolutely no need to do anything more than pass on info to a server that can reply yes or no. Whether that's from a initial password login, or checking a temporary token issued, that's all it needs to do.

    It's not the be-all-and-end-all - you can compromise the interface and wait for a user to log on and thus capture a successful transaction - but this outright theft of every login detail and a list of things that, given time, can be turned back into passwords shouldn't be happening, should it?

    I mean, quite literally, a serial cable should be able to handle such information on the scale of a half-decent sized website. Is this user 1's password? No. This is what user 2 claims his password is, can I get a token for that valid for the next hour? Is this token valid for user 2? What more beyond that do you need to program against to authenticate absolutely anything imaginable?

    And even password updates - they operate on the same principle as the way that admins cannot see their user's passwords. We can update them, but we can't actually see what they were and the very act of updating them locks out (and therefore alerts) the genuine user.

    Isolate this stuff. Seriously. An entire network that is air-gapped from your real network and literally the applications either side can ONLY communicate over a protocol that contains the bare minimum of commands. You could do it with an embedded device. Why are places with millions of dollars of business storing anything on a device that can be read back en-masse by even their own staff, let alone a compromised machine on the company's office network or similar?

    • by cfalcon ( 779563 )

      Excellent post. I have a sad answer.

      Pretend you had such a device. It was configurable, open source, and would quickly install off of a disk, creating such a machine from scratch.

      Who is going to buy it from you?

      If it was freely available, who is going to jump through the hoop of making that happen?

      The sad answer is that, it's an excellent solution but not a standard one. So no one is doing it right now.

      There is absolutely a need.

    • by Anonymous Coward

      Because a lot of these services are now on the cloud? Can you put a dedicated authentication box inside a cage somewhere within an AWS datacenter? (I don't know)

      But the larger issue is the cloud is pushing security away from getting better, and much harder. Excellent post btw.

    • At which point do you need to stop and think "Actually, I need a server that does NOTHING but authentication, isolated from everything else?"

      Are there any companies that do this? Seriously.

    • How is what you are describing different than RADIUS [wikipedia.org], TACACS+ [wikipedia.org] or any of the modern SAML [wikipedia.org] implementations? Or even an Active Directory or generic LDAP server? Authentication servers have been around forever, the problem is that the beancounters question why the server isn't doing anything else. As well as identification and authentication, why isn't it also controlling authorization? It has a ton of spare cycles, we could run a DNS or HTTP server on there too! Might as well throw a mail server on there.

      • Server hardware is being commoditsed to the point where for a couple of $k you can have a redundant low power (both in terms of grunt and energy use) system to do this for you. There's no reason this needs to sit on $15000 of hardware, and when it's not sitting on that kind of hardware then frankly the bean counters can go forth and multiply (and not in a mathematical sense).

    • Changing passwords for the purpose of changing passwords may be rare, but I doubt changing passwords because the password is forgotten is. There are sites where I can never remember the password I used, and so have to request a password change every time I log in. (I'm not very methodical in my personal practices.) Since there is no way for a well-designed site to tell me what my password is, it has to allow me to change my previous password.

  • The Wikipedia page for Ashley Madison [wikipedia.org] (amongst many other sources) suggest that a large number of accounts on there were made by Ashley Madison themselves. It would be interesting to know if these 11 million are all from real people, or if some of them are the phony accounts.
    • by cfalcon ( 779563 )

      Why make fake guy accounts? All they need is fake girl accounts. Those accounts are largely legit, and even if they aren't, there's more than enough legit ones.

      • Perhaps GP wants to blackmail female users for non-cash payouts?

        • by rtb61 ( 674572 )

          The whole purpose of the site was not a cheaters match making site is was a cat fishing http://www.urbandictionary.com... [urbandictionary.com] (without any fish) site that targeted people in the right mood when they were visiting porn sites. So get them onto the site, bait them with a few computer generated responses and get them to pay because they now believe they will get free sex. Now keep the baiting going for as long as possible charging them along the way, until the get even more frustrated than they already were when t

      • by SeaFox ( 739806 )

        Why make fake guy accounts?

        For fake testimonials from "real" users?

  • The bcrypt-ed passwords are unbroken. Apparently around 15 Million were stored using a single, non-salted, non-iterated MD5 hash. That many of these are easy to break is no surprise. Still, any user that used a good, high-entropy password is secure with MD5 as well.

  • Once the cracked passwords have been published (presumably by somebody other than Cynosure) they will be analyzed by many of the same people who looked at the LinkedIn passwords and other such databases.

    It's going to be interesting to find out

    • What rules people are using for choosing passwords, 3 years after well-publicized hacks
    • Whether the Ashley Madison passwords are in general more secure
    • Which website had the more secure password, for users with accounts on both and differing passwords
  • I mean, seriously, what AM user has not already changed their password???

Overload -- core meltdown sequence initiated.

Working...