TradeHill – Security Update – Round 1 PCI Compliance / Business Verification etc

[airdata]

Thanks Jared.

I sent an email just now to you.

[1715484583]

1715484583

[1715484583]

1715484583

[1715484583]

1715484583

[1715484583]

1715484583

[1715484583]

1715484583

[1715484583]

1715484583

[Jered Kenna (TradeHill)]

Thanks Jared.

I sent an email just now to you.

You should have a new password in your inbox of the email account that you used.
We've responded by email but let me know if there is any confusion.

-Jered

[phillipsjk]

Well's just the thing: MtGox did salt (AFAIK) and I -did- have a good password and it still bombed, mostly because I believe they only used 1 iteration of MD5.

MD5 hashes are no longer cryptographically secure. If you were indeed using an old password hashed with MD5, the attacker could have generated a collision without guessing your password. However, it is usually easier to guess the password. If you generated the password yourself without using a random number generator, your password may not be as strong as you think it is.

Edit: looks like you still have to have knowledge of both messages to generate a collision.

[makomk]

Edit: looks like you still have to have knowledge of both messages to generate a collision.

I think you actually have to be able to control both messages to generate a collision - that's actually the definition of one. In order to be able to generate a second message that gives the same hash as an existing message you need a preimage attack, and I don't think those are practical against MD5 yet.

[FairUser]

I'd like to see the site log you out after x amount of time of inactivity.
I've rebooted my system several times and have yet to be prompted for a new password when I go to the site.

We've received feedback from users that love not being logged out and more that would prefer the additional security.
We've evaluated the situation and decided to implement logout due to inactivity. Security trumps laziness  
We're coding it in as I write this and it should be live today after extensive testing.

Good man! 

[FairUser]

Edit: looks like you still have to have knowledge of both messages to generate a collision.

I think you actually have to be able to control both messages to generate a collision - that's actually the definition of one. In order to be able to generate a second message that gives the same hash as an existing message you need a preimage attack, and I don't think those are practical against MD5 yet.

I think both of you have gotten a bit off topic here and missed one of the finer points.

Collisions don't matter here since Tradehill will lock your account if you try to login too many times.

[phillipsjk]

It is only off-topic because Tradehill does not use MD5 Hashing, I can't find what hashing they do at the moment.

However, if the database is compromised somehow, account locks after failed login attempts won't help much. That is why you need to choose a secure (likely hard to remember) password. It doesn't matter how convoluted the hash function is; attackers will have the time to do a dictionary attack on their own machines.

That said, (salted) hashing of the passwords is better than storing them in clear-text. It means that most users have time to change their passwords once they learn about the breach. Hopefully Tradehill won't have such a breach.