Re: EasyJet is storing user passwords in the clear

[Dan Kaminsky <dan () doxpara com>]

We agree completely on the 70%.  Re, the 30%--

Salting makes the biggest difference on large datasets, just because even
for 1000 different users you're now working 1000 times faster.  Algorithm
choice matters less.  The speed difference between MD5 and SHA-1 isn't that
significant though:

$ openssl speed md5
Doing md5 for 3s on 16 size blocks: 2985670 md5's in 2.96s
Doing md5 for 3s on 64 size blocks: 2931714 md5's in 3.04s
Doing md5 for 3s on 256 size blocks: 2063380 md5's in 2.98s
Doing md5 for 3s on 1024 size blocks: 956809 md5's in 3.03s
Doing md5 for 3s on 8192 size blocks: 157650 md5's in 2.98s

$ openssl speed sha1
Doing sha1 for 3s on 16 size blocks: 3088016 sha1's in 2.98s
Doing sha1 for 3s on 64 size blocks: 2818497 sha1's in 3.00s
Doing sha1 for 3s on 256 size blocks: 1814907 sha1's in 3.01s
Doing sha1 for 3s on 1024 size blocks: 751942 sha1's in 2.98s
Doing sha1 for 3s on 8192 size blocks: 116496 sha1's in 2.98s

PBKDF2, which basically runs the hash function in a loop, can make a
difference.  But at the end of the day, a leaked password database is bad
news, hashes or not.

On Thu, Feb 25, 2010 at 11:31 AM, Michael Neal Vasquez <
mnv () alumni princeton edu> wrote:

> If I reread your statement, and take it as "70% of people's passwords
> suck"  -- I'd have to agree.  I'd say though, for the remaining 30%,
> algorithm choice, even without salting, can make a difference.  My password
> audits go much quicker when LM is enabled, vs NTLM.  Same for MD5 vs SHA1.
>
>
> On Thu, Feb 25, 2010 at 9:07 AM, Dan Kaminsky <dan () doxpara com> wrote:
>
> > On Thu, Feb 25, 2010 at 10:39 AM, Michael Neal Vasquez <
> > mnv () alumni princeton edu> wrote:
> >
> > > On Thu, Feb 25, 2010 at 8:05 AM, Dan Kaminsky <dan () doxpara com> wrote:
> > >
> > > > Sai,
> > > >
> > > >    I see where you're coming from, but what are the most recent
> > > > statistics on the effectiveness of hash cracking?  Isn't it something like
> > > > 70% of the passwords in the field can be cracked with a minimal amount of
> > > > brute forcing?
> > >
> > > 70% ?
> > >
> > > Plain MD5 perhaps, but I don't think salted, or sha1, etc, have anywhere
> > > near such high success rates.
> >
> > The problem isn't in the algorithm -- it's in the passwords themselves.
> > Salting helps in that the attacker can't amortize the work effort across the
> > entire population, but at the end of the day, even PBKDF2 isn't going to do
> > much against 1234567890 and its ilk.
> >
> > To put it another way, if EasyJet *did* have a breach, they couldn't very
> > well say "It's OK, because the passwords were hashed".
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/