Re: 6 char passwords and protection against brute force

["Serguei A. Mokhov" <mokhov () cs concordia ca>]

On Thu, 23 Dec 2010, John Wilander wrote:

> Date: Thu, 23 Dec 2010 00:35:13 +0100
>
> · Unsalted hashes, MD5 or SHA1. Rainbow tables already available. Toast.
> · Unsalted hashes, SHA256, SHA512 or the like. Rainbow tables still
> not feasible for these? Easier to brute force six character passwords?
> Guess so.
> · One salt for all passwords, MD5 or SHA1. Quicker to build a custom
> rainbow table based on the known salt or quicker to brute forcing each
> password?
> · One salt for all passwords, SHA256, SHA512 or the like. Probably not
> a rainbow table since it has to be built after the hack. Brute forcing
> of the passwords.
> · One salt per password, stored alongside the passwords in the DB +
> any decent hash algorithm. Rainbow tables not usable so it's brute
> forcing time.
>
> If I'm not mistaken in the list above, dictionary and brute forcing will
> be the weapon of choice as long as we're not facing a static salt or
> plain hashing, huh?

Dictionary and brute forcing would be a the weapon of choice as long as
people's stupidity lasts. And the latter is infinite. It's also orthogonal
to which hashing/salting algorithms are in place.

> That brings us back to the minimum number of characters. Six
> characters is not a lot, and the length of the salt or size of hashes
> will not have a noticeable impact on cracking time.

Indeed. Average users have desktops at home powerfull enough these days to
get the results within their coffee break or two assuming the lame
passwords are around.

> So, is adaptive hashing/multiple hashing the only way to protect short
> passwords?

No, not the only. Aside from user education and lengthening the passwords
to larger pass phrases, or avoiding those altogether by using
certificates, SSH keys, etc. Obviously, this impairs usability from the
average user's POV.

> Are we confident in that Amazon, Apple etc are using such techniques? Do
> they have migration plans? Say SHA1 x 1,000 right now and migration to
> SHA1 x 10,000 in 2011. If done right such hash strengthening should not
> have to involve the real password. Just rehash the current hash another
> 9,000 times.

I think is point is rather moot as we can only speculate here unless
someone on the inside wikileaks something of relevance ;-).

-- 
Serguei A. Mokhov, PhD Candidate                         |  /~\     The ASCII
Computer Science and Software Engineering &              |  \ /  Ribbon Campaign
Concordia Institute for Information Systems Engineering  |   X     Against HTML
Concordia University, Montreal, Quebec, Canada           |  / \       Email!



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------