Public Safety Announcement: On the subject of password security

[Man From The Future]

Please, service providers...  Use the best possible solution available!

If you can use multiple SHA512 hashes with each different unique salts form different sections of passwords... do it! If you can run that same thing 5 passes... do it!

Don't just go with MD5 + usalt because "no-one will ever get the database". Always prepare for the worst case scenario. HAve graceful hash updates! If a better hashing method becomes available, make users reset their password! (Or have it be done automatically on log in using submitted password for 30 days, and after that time, require reset.)

Thanks for listening, do shout at me if you think this is stupid advice!

[1714077129]

1714077129

[1714077129]

1714077129

[1714077129]

1714077129

[1714077129]

1714077129

[1714077129]

1714077129

[Uzza]

Dual salts would also be good, where one of the salts set in source code. If only the database is compromised, the passwords are safe.

[Rob P.]

Please, service providers...  Use the best possible solution available!

If you can use multiple SHA512 hashes with each different unique salts form different sections of passwords... do it! If you can run that same thing 5 passes... do it!

Don't just go with MD5 + usalt because "no-one will ever get the database". Always prepare for the worst case scenario. HAve graceful hash updates! If a better hashing method becomes available, make users reset their password! (Or have it be done automatically on log in using submitted password for 30 days, and after that time, require reset.)

Thanks for listening, do shout at me if you think this is stupid advice!

Of course users should:

1)  Have a 15+ character password.
2)  Have that password contain a minimum of 2 digits, 2 upper, 2 lower, 2 symbols, none repeating
3)  Have that password be unique to that site

Then you have very little to worry about, unless of course it is stored in clear text.

[Man From The Future]

Please, service providers...  Use the best possible solution available!

If you can use multiple SHA512 hashes with each different unique salts form different sections of passwords... do it! If you can run that same thing 5 passes... do it!

Don't just go with MD5 + usalt because "no-one will ever get the database". Always prepare for the worst case scenario. HAve graceful hash updates! If a better hashing method becomes available, make users reset their password! (Or have it be done automatically on log in using submitted password for 30 days, and after that time, require reset.)

Thanks for listening, do shout at me if you think this is stupid advice!

Of course users should:

1)  Have a 15+ character password.
2)  Have that password contain a minimum of 2 digits, 2 upper, 2 lower, 2 symbols, none repeating
3)  Have that password be unique to that site

Then you have very little to worry about, unless of course it is stored in clear text.

If only people didn't get annoyed when you try to enforce restrictions.

[BioMike]

If you can run that same thing 5 passes... do it!

Aren't you reducing your key space then? Making it less secure.

[Uzza]

Of course users should:
1)  Have a 15+ character password.

A hashing calculation: at one billion hash comparisons a second, a 15 character alphanumeric password will take roughly 7000000 years to compare all combinations.

Aren't you reducing your key space then? Making it less secure.

No, running the result through the hash function again is a very common way to make it safer.
What you basically do is, if they can figure it out, is force them to do multiple hashes for every comparison. This is a direct counter to brute-force attacks.
If they have to spend one second for EVERY combination comparison, then it will be basically impossible for them to brute-force anything.
There are even specific algorithm which are designed just for this.

If you take the above calculation, if they can only do one comparison per second instead of a billion, then it will take 7000000000000000 years instead to test all combinations for one password.

[bcearl]

Ironically I described exactly this case this morning in my guide about passwords:

Note that an online password of a website can become an offline password, e.g. when the website is hacked and the password hashes that the operator stored are leaked.

http://forum.bitcoin.org/index.php?topic=19360.0

[M4v3R]

If you can use multiple SHA512 hashes with each different unique salts form different sections of passwords... do it! If you can run that same thing 5 passes... do it!

We, at BitMarket.eu, had this from the very beginning. It's just a few lines of code people. And the benefit in security is huge.

[Man From The Future]

If you can use multiple SHA512 hashes with each different unique salts form different sections of passwords... do it! If you can run that same thing 5 passes... do it!

We, at BitMarket.eu, had this from the very beginning. It's just a few lines of code people. And the benefit in security is huge.

I congratulate you on this!

I'mma release a small hashing class for secure passwords?

[Rob P.]

If you can use multiple SHA512 hashes with each different unique salts form different sections of passwords... do it! If you can run that same thing 5 passes... do it!

We, at BitMarket.eu, had this from the very beginning. It's just a few lines of code people. And the benefit in security is huge.

Do the community a favor.  Provide the "few lines of code" here for everyone to be able to use.

[bcearl]

Everybody who had a crackable password in the first place is screwed when his wallet is found anyway.

The only way now is to generate a new wallet in a secure space and send the coins there.

[Rob P.]

Everybody who had a crackable password in the first place is screwed when his wallet is found anyway.

The only way now is to generate a new wallet in a secure space and send the coins there.

Huh?  What does this discussion have to do with Wallets?

[bcearl]

Everybody who had a crackable password in the first place is screwed when his wallet is found anyway.

The only way now is to generate a new wallet in a secure space and send the coins there.

Huh?  What does this discussion have to do with Wallets?

If you used the same password for mtgox and encrypted wallet backups, you have to create a new wallet.

[Rob P.]

Everybody who had a crackable password in the first place is screwed when his wallet is found anyway.

The only way now is to generate a new wallet in a secure space and send the coins there.

Huh?  What does this discussion have to do with Wallets?

If you used the same password for mtgox and encrypted wallet backups, you have to create a new wallet.

Who on Earth would use their online web password for a local vault encryption?  Are you kidding me?

[piggybank]

Everybody who had a crackable password in the first place is screwed when his wallet is found anyway.

The only way now is to generate a new wallet in a secure space and send the coins there.

Huh?  What does this discussion have to do with Wallets?

If you used the same password for mtgox and encrypted wallet backups, you have to create a new wallet.

Who on Earth would use their online web password for a local vault encryption?  Are you kidding me?

Have you seen how many people used their username as their password. Or 123456? I'm prepared to believe there is no limit to people's stupidity.

One thing that also got me wondering (perhaps a new topic, but as a newb I can't create a new post) was how secure the sites are which use OpenID? When you take in the password, you can insist on it's complexity, or not in the case of Mtgox. But if you are getting login credential from an OpenID provider surely you are allowing certain accounts to be wide open? Perhaps that's just tough luck for the person who's account that is.

[zhalox]

I once read an article regarding computer & information security, and I have paraphrased its main point by the following statement, and you can quote me on this:

"The only way to ensure security today is by looking into the future and ensuring that you are secure against the security threats and attacks of tomorrow." - zhalox

The article I read was referring to information security in general, but in this context, we are discussing password security.  Practically, this means predicting future innovations in the realm of password cracking/hashing, and being prepared for hash attacks by supercomputers (which is quite possible today actually, as you'll see below).  This is why I would recommend using 30-50 character passwords if possible, using lowercase and uppercase letters (no dictionary words obviously), numbers, symbols, and if possible, even using other characters that are not included on the physical keyboard (i.e., including those Unicode chars that use Alt+4 digit combinations, etc.).  For plenty of examples of these characters, you can press the Windows Key + R (if you're on Windows, of course) and type "charmap.exe" to see some of the characters I'm referring to, such as Greek letters, etc.  However, many sites can't process these kinds of characters, so sometimes it's actually better to use regular characters.

On side note, I once created a nice complex password at a certain large financial brokerage firm located in Manhattan, NYC which contained an underscore character, but the system couldn't process it, so it caused an enormous problem and I ended up being on the phone with their tier 1 technical support team who was working with the IT security engineers who had developed the database, and over the course of being on the phone with them for multiple days, we eventually discovered that a simple underscored in my password had caused major difficulties for their database, in regard to my account.  In other words, just remember to be careful when using secure passwords, since many places can't handle the length or complexity, at least not yet (hopefully they'll wake up and change their databases).

Oh and by the way, for anyone doubting that it's actually quite easy to crack passwords these days, it's important to understand that even 10 character passwords can be hacked extremely rapidly using GPUs (very similar to how us Bitcoin miners are using our cards).  For example, I know of an individual who used an array of 4 Radeon HD 5970s (each one a dual GPU, actually making it 8 GPUs) to crack hashed passwords at over 32 billion passwords a second (for MD5 hashes).  Just stop and think about that before you make another password under 10 characters long without using non-dictionary uppercase & lowercase letters, numbers, symbols, etc.

[Rob P.]

This is why I would recommend using 30-50 character passwords if possible, using lowercase and uppercase letters (no dictionary words obviously), numbers, symbols, and if possible, even using other characters that are not included on the physical keyboard (i.e., including those Unicode chars that use Alt+4 digit combinations, etc.).

And when you create this password, what do you do with it?  You have it memorized immediately?

I use a password vault, the issue there is that I occasionally still have to type the password in by hand.  For most people having a 50 character strong password is going to be brutal, so they'll just write it down. 

If you cannot use the security measure you've adopted, you will bypass them.  That makes it useless for everyone.  I also apply different security strengths based on the site / server I'm accessing.  My Gmail password is HUGE, my banking password is HUGE, my PayPal password is HUGE, but other sites don't necessitate the same level of security.  Harden the high-value targets, always use different passwords, and adjust to what makes your security life usable.

That's just my 0.0001 BTC worth.

[ethwit]

This is why I would recommend using 30-50 character passwords if possible, using lowercase and uppercase letters (no dictionary words obviously), numbers, symbols, and if possible, even using other characters that are not included on the physical keyboard (i.e., including those Unicode chars that use Alt+4 digit combinations, etc.).

And when you create this password, what do you do with it?  You have it memorized immediately?

I use a password vault, the issue there is that I occasionally still have to type the password in by hand.  For most people having a 50 character strong password is going to be brutal, so they'll just write it down. 

If you cannot use the security measure you've adopted, you will bypass them.  That makes it useless for everyone.  I also apply different security strengths based on the site / server I'm accessing.  My Gmail password is HUGE, my banking password is HUGE, my PayPal password is HUGE, but other sites don't necessitate the same level of security.  Harden the high-value targets, always use different passwords, and adjust to what makes your security life usable.

That's just my 0.0001 BTC worth.

Can you recommend a password vault?

[Rob P.]

Can you recommend a password vault?

1Password is my favorite ( http://agilebits.com/products/1Password ).
KeePass (or KeePassX) is a good free alternative (though not as powerful) ( http://keepass.info/ & http://www.keepassx.org/ ).
LastPass in a pinch, but I don't like storing them online and trusting the service provider (didn't work out well for DropBox).

[BCEmporium]

Can you PLEASE cut this bull about attempting to blame users?!
Use a 30 char long pass, alpha upper+lower+numeric+symbols... in the day you format your computer and if you forget to backup the text file with it, please, kiss your account goodbye. And don't even try to access wherever you use it from outside home, as obviously you've no clue whatsoever that password is.

Nerds! People have a life! Good security is passive, is simply there, BAD security is anything that has to nag you to be secure.

Besides, MtGox was "hacked" by the only side nerdness can't do nothing about: the HUMAN factor. Wouldn't make a difference other than slow the attacker a bit to use SHA-512 or any other hashing/crypting flavor. As obvious M'Tux had no clue his db was compromised, so the attacker actually had all the time in the World to do whatever he needed to do.