On the h4xx0ring of p4sswordZ

Publication date: 4 May 2013
Originally published 2012 in Atomic: Maximum Power Computing
Last modified 04-May-2013.

 

Greetings, fellow criminals!

Today, I will be discussing recent happy developments in the profitable and entertaining field of stealing other people's Internet passwords.

This used to be quite annoying. Every now and then some idiot would leave ftp.someidiot.com/secret/passwords.txt just sitting there in plaintext, not the salted password hashes that they should have saved.

But usually it wasn't easy to get the hashed passwords, and then it was unacceptably computationally expensive for us to brute-force our way through passwords of ever-increasing length until we found some that matched the hashes. Brute-force cracking is getting faster and faster, but if the brute-forcing time for an 80486 was "one googolplex years", then even if modern hardware can do it a million times as fast, you're still not appreciably closer to the target.

Password hashes still aren't usually salted, of course, which is great. This is the sort of thing that gives computer criminals a reason to get up in the morning; it's one of the great scandals of computing, like how programs still have buffer-overflow vulnerabilities even though that was a solved problem when colour monitors were a luxury.

(Even today, practical IT security can involve the ignoble surrender of making buffer-overflow attacks more difficult, rather than fixing the code that makes them possible.)

If someone generates a pseudorandom several-character salt and adds it to the password before they hash it, there'll be no known hashes for us to use and instantly get the password.

There are also several well-known more-processor-intensive hashing systems. They don't put a significant extra load on a system that only has to deal with dozens, or even thousands, of new user accounts per hour, but they make brute-force guessing of passwords to match known hashed values take millions of times as long.

Fortunately, a ridiculous number of Web sites and other password systems stick with the old password-hash systems like SHA-1, which were a good idea when a 486 was a fast PC, but which are becoming less and less of a good idea now.

We, the computer criminals, can avoid the problems with brute-force attacks by doing dictionary attacks - trying words from a list, including both actual real "dictionary words" and common modifications and combinations of those words. That finds the people who thought "passw0rd1" or "jamesbond007" were good enough.

But many passwords are still too complicated for this to work, in which case we had to go back to pure brute-force. And if a password's reasonably long, brute-force remains too slow even when you're running at blinding speed against some file on your own system, let alone if you're trying to use a similar attack against some distant server.

Then affordable computers with gigabytes of RAM and fast CPUs came along, allowing the creation of "rainbow tables". A rainbow table provides the effect of reversing the hash of every possible password of a given length, without requiring impossible amounts of storage space. The storage requirements for rainbow tables were still impossible for a long time, but now that gigabytes of RAM and hundreds of gigabytes of disk space are cheap, the poorest among our criminal brethren can afford them.

You don't need rainbow tables for increasingly long passwords any more, though. Faster CPUs and reprogrammable graphics cards have helped us a lot in this area. Brute-force password-cracking boxes used to have to be supercomputers, then they had to be weird things built out of ASICs and FPGAs at universities and intelligence agencies. Now you can create rainbow tables or ignore them entirely and just brute-force from scratch with a normal PC and a few midrange graphics cards, or a box full of said cards if you're fancy.

If you've got a handy botnet to do your bidding, things become even easier. (I wonder if any of you clever little monkeys have used Amazon's EC2 cloud computing system to attack Amazon accounts?)

What's really great, though, is how much both users and operators of passworded Web sites help us out.

Users are often required to use their e-mail address as a username. And they also, delightfully, tend to use the same password for multiple sites.

So when one site or, oh I don't know, the whole Gawker network, leaves a huge pile of hashed login data lying around where one of us can find it, or when idiots like RockYou.com let loose a giant pile of plaintext passwords, we've now got a good chance of being able to log in as those same user-names, using those same passwords, in various other places.

If a user only uses duplicate logins on unimportant sites, then it's not much use to us. Cracking someone's accounts on IMDB and The Pirate Bay and BrickSet only let you give every Rob Schneider movie ten stars, leave adulatory comments about torrents of Belgian cuttlefish pr0n, and say you really wish Lego would bring back Fabuland.

If a given person's login to comment on a poorly-secured crocheting blog is the same as their login for PayPal, though, we're in business!

The big password leaks are great for us in another way, too: They let us see the kinds of passwords that people like to use. This means huge swathes of the brute-force password space can be left to the if-all-else-fails very end of the cracking process. We've now got giant dictionaries of actual passwords, and heuristics to mutate them into other likely candidates, which we can use before slow brute force.

If you're happy with cracking only a quarter of the accounts you attack, you can now get it done before your laptop battery goes flat. (Then later you can brute-force a few of the hard ones, to see if there are more patterns to be harvested!)

I'd especially like to congratulate those among us who, clearly, are responsible for almost all online "password strength tester" sites.

Your average schmuck thinks those sites may actually save the passwords people type into them, for later misuse. That's possible, but terribly unimaginative. These sites' real purpose is, of course, to give good ratings to terrible passwords, like "jamesbond007".

Howsecureismypassword.net says jamesbond007 should take "37 years" to crack. Passwordmeter.com says it's "Good". Testyourpassword.com and Microsoft's checker here both say it's "Medium". Testyourpassword.com actually has a "Common password!" warning feature, but doesn't reckon jamesbond007 warrants it.

The checker at Online Domain Tools has a dictionary-attack function. You have to click a button to use it, but if you do then it'll note that "passw0rd" is guessable because it's just a leet-speak version of "password". This basic level of password-checker functionality is, thankfully, rare.

(One of you busy little bees has probably also made sure your password-cracking dictionary-permutator takes into account that most brilliant password obfuscator that everybody thinks they're the first to have thought of, typing a simple password with fingers offset by one key on the keyboard. Converting "snoopdogg" into "dmpp[fphh" that way will slow down one of us professional miscreants about as much as sticking the Post-it with your password written on it to the underside of a drawer. Or hiding your drugs and money in the toilet cistern, for that matter.)

The Online Domain Tools dictionary-checker also flags "jamesbond007", because both "james" and "bond007" are in its dictionary. It still evaluates the password as "Medium", though. Oh, and it also warns if you've picked one of the top ten thousand passwords (from this list, I think).

On the other hand, though, my Reddit password might be, but isn't, "iki37nnplq". The Online Domain Tools dictionary attack checker thinks that's unsafe because "iki", "nn" and "plq" are all dictionary words. This may be the case, but only if your dictionary contains a large number of two- and three-letter strings that do not resemble actual human words.

(Further exploration of this phenomenon with five pseudorandom-generated - not just mashing-the-keyboard - strings of ten letters was similarly amusing. "ZfXdSXZRco", "iZBPOYLdiQ" and "fNyUTeIZGJ" all rated as "Safe!", but "ZfXdSXZRco" and "yKRmKiXiNR" were both "Not safe!" on the grounds of containing three dictionary words. In the latter case, two of the dictionary words were alleged to be reversed. They were, of course, the well-known words "RNiX" and "RKy".)

The accurately-titled Yet Another Password Meter says jamesbond007 is "Very Weak", but only because it lacks upper-case letters, symbols, and symbols in the middle of the password. Rectify those mistakes by changing it to "Jame$bond007" and now it's "Strong"! Online Domain Tools reckons "Jame$bond007" is "fairly good", with no warnings at all.

Great work, guys! Thanks!

But then there's the Password Strength Meter at My1login.

Those of us who very much like it when people use terrible passwords should probably do something about this site.

It's quite concerning.

My1login correctly, but highly alarmingly from the computer-criminal point of view, says "jamesbond007" is "Very Weak":

Lousy password

And just changing it to Jame$bond007 doesn't help!

What if you totally leet it up, with "J4m3$b0ndoo7"?

Slightly better password

Now it's "medium", time to crack 11 hours, which is again annoyingly accurate.

(You can go further in leet-translation, but once you start getting into "/\/\" for "M" and symbol characters, passwords become too hard for our victims to type.)

Let's try a memorable nonsense word, "gleemboweembo":

Good password

"Very Strong". As indeed it, cursedly, is.

My1login's irritating reliability continued when I tried "vingospib" - that got a "Medium", because it's not very long. Then "golobowobs" got "Strong", because it's longer. Trying "mysupersecretpassword" resulted in a "Very Weak", "because it contains a dictionary word and 3 common passwords".

We can't even try to overload the My1login tester by feeding it very very long passwords, because it seems to do its computation on the client side. Super-long passwords will give your browser a lot to think about, as the "time to crack" number becomes more and more outrageous. When I tried an extremely sensible password composed of 229 characters of keyboard-mashing, for instance, it scored a time-to-crack of "515 billion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion years". And you can keep on typing if you like. (I don't know what the ceiling password length is, but 500 words of Lorem Ipsum made it unhappy.)

Is My1login's Password Generator just as good, my fellow criminals may mow be worrying, or does it generate impossible-to-remember character-salads that are only any use if you're using a password-management service like, for instance, My1login?

Untypeable password

Ah.

Well, at least there's that.

(A gratifyingly large number of Web sites also still give us that most invitingly wide-open of back doors: Password-recovery "security questions" that are a matter of public record.)

Nonsense words like "Pingoflorble", and multi-word passphrases with no fancy substitutions like "speaker cup cable junction" or the famous xkcd "correct horse battery staple", are easy to remember, moderately easy to use and damn near impossible to crack.

Fortunately, to a first approximation, nobody uses them. So we don't have to worry.

We're like burglars passing over the place with the window-bars and alarm stickers in favour of kicking through the fibro next to the security door of the house down the road.

As long as most users stick with fibro walls, other people's identities will continue to fund our lavish lifestyles.

And now, friends, it's time for the traditional Courvoisier drinking competition. And then perhaps a little Lambo racing!

Other columns

Learning to love depreciation

Overclockers: Get in early!

Stuff I Hate

Why Macs annoy me

USB: It's worth what you pay

"Great product! Doesn't work!"

The virus I want to see

Lies, damned lies and marketing

Unconventional wisdom

How not to e-mail me

Dan's Quick Guide to Memory Effect, You Idiots

Your computer is not alive

What's the point of robot pets?

Learning from spam

Why it doesn't matter whether censorware works

The price of power

The CPU Cooler Snap Judgement Guide

Avoiding electrocution

Video memory mysteries

New ways to be wrong

Clearing the VR hurdles

Not So Super

Do you have a license for that Athlon?

Cool bananas

Getting rid of the disks

LCDs, CRTs, and geese

Filling up the laptop

IMAX computing

Digital couch potatoes, arise!

Invisible miracles

Those darn wires

Wossit cost, then?

PFC decoded

Cheap high-res TV: Forget it.

V-Pr0n

Dan Squints At The Future, Again

The programmable matter revolution

Sounding better

Reality Plus™!

I want my Tidy-Bot!

Less go, more show

In search of stupidity

It's SnitchCam time!

Power struggle

Speakers versus headphones

Getting paid to play

Hurdles on the upgrade path

Hatin' on lithium ion

Wanted: Cheap giant bit barrel

The screen you'll be using tomorrow

Cool gadget. Ten bucks.

Open Sesame!

Absolutely accurate predictions

The truth about everything

Burr walnut computing

Nothing new behind the lens

Do it yourself. Almost.

The quest for physicality

Tool time

Pretty PCs - the quest continues

The USB drive time bomb

Closer to quietness

Stuff You Should Want

The modular car

Dumb smart houses

Enough already with the megapixels

Inching toward the NAS of our dreams

Older than dirt

The Synthetics are coming

Pr0nBack!

Game Over is nigh

The Embarrassingly Easy Case Mod

Dumb then, smart now

Fuel cells - are we there yet?

A PC full of magnets

Knowledge is weakness

One Laptop Per Me

The Land of Wind, Ghosts and Minimised Windows

Things that change, things that don't

Water power

Great interface disasters

Doughnut-shaped universes

Grease and hard drive change

Save me!

Impossible antenna, only $50!

I'm ready for my upgrade

The Great Apathetic Revolution

Protect the Wi-Fi wilderness!

Wi-Fi pirate radio

The benign botnet

Meet the new DRM, same as the old DRM

Your laptop is lying to you

Welcome to super-surveillance

Lemon-fresh power supplies

A>B>C>A!

Internet washing machines, and magic rip-off boxes

GPGPU and the Law of New Features

Are you going to believe me, or your lying eyes?

We're all prisoners of game theory

I think I'm turning cyborg-ese, I really think so

Half an ounce of electrons

Next stop, clay tablets

A bold new computer metaphor

Won't someone PLEASE think of the hard drives?!

Alternate history

From aerial torpedoes to RoboCars

How fast is a hard drive? How long is a piece of string?

"In tonight's episode of Fallout 4..."

How hot is too hot?

Nerd Skill Number One

What'll be free next?

Out: Hot rods. In: Robots.

500 gig per second, if we don't get a flat

No spaceship? No sale.

The shifting goalposts of AI

Steal This Education

Next stop: Hardware piracy

A hundred years of EULAs

The triumph of niceness

The daily grind

Speed kings

Alt-tCRASH

Game crazy

Five trillion bits flying in loose formation

Cannibalise the corpses!

One-note NPCs

Big Brother is watching you play

Have you wasted enough time today?

The newt hits! You die...

Stuck in the foothills

A modest censorship proposal

In Praise of the Fisheye

Filenames.WTF

The death of the manual

Of magic lanterns, and MMORPGs

When you have eliminated the impossible...

Welcome to dream-land

Welcome to my museum

Stomp, don't sprint!

Grinding myself down

Pathfinding to everywhere

A deadly mouse trap

If it looks random, it probably isn't

Identical voices and phantom swords

Boing!

Socialised entertainment

Warfare. Aliens. Car crashes. ENTERTAINMENT!

On the h4xx0ring of p4sswordZ

Seeing past the normal

Science versus SoftRAM

Righteous bits

Random... ish... numbers

I get letters

Money for nothing



Give Dan some money!
(and no-one gets hurt)