Bitcoin Forum
November 06, 2024, 02:57:57 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 [4]  All
  Print  
Author Topic: Coinchat doesn't salt or use a strong hash algo  (Read 32221 times)
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
July 12, 2013, 05:06:44 PM
 #61

How is this FUD? So it isn't FUD when he claims that he can hack my site, extorts me to remove bad post, or when he claims I am untrustworthy when I never even did a trade with him? Yet I point out that if one site and alert users has a huge security flaw, which is true from his own words by the screenshot, that is FUD. Cause that makes so much sense.

Hmm... can you calm down? I do not dispute that you found a problem with one of his websites - and hacking claims were nothing to do with what I mentioned.

The problem (as I see it) is that you have said that *all his websites* have the same flaw and you have not proven that (I am pretty sure that he has admitted the problems with the one site).

It looks more like there is some sort of bad blood between you guys rather than just some information about security.

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
July 12, 2013, 05:22:56 PM
 #62

Also I have worked in the industry for long enough that when one problem is found, it is found in every project after it.

Really that does not make sense as you even admitted that he has "improved through learning" his security management in his projects.

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
July 12, 2013, 05:34:53 PM
 #63

So another site that is 2 different bad security practices spread to two different sites.

I can't really be bothered to go through all the previous posts but you did post this (above).

Clearly it is not the *same* problem from the same website so your OP does have a problem when it says as much (the problem is not one of facts now but one of attitudes AFAICT).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
July 12, 2013, 05:39:34 PM
 #64

That is a completely different thing. That is after DeathAndTaxes brought up the password salt issue, which he claims to fix on one site.

If it is a completely different thing then your posting about insecure passwords is just as much a "completely different thing".

Where is your proof that the same code is being used on all the websites?

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
Kouye
Sr. Member
****
Offline Offline

Activity: 336
Merit: 250


Cuddling, censored, unicorn-shaped troll.


View Profile
July 12, 2013, 05:47:19 PM
 #65

If it is a completely different thing then your posting about insecure passwords is just as much a "completely different thing".

Where is your proof that the same code is being used on all the websites?

He has no proof. He's been asking for TF to provide him with proof it is not the case, by letting him check the CoinLender database.
And since then, they're just trying to see who's the most stubborn. This is really becoming stupid.

TF was using static salt on CoinLender, he admitted it, and also admitted this was bad practise.
He then claimed it was fixed, and a "per user" random salt was use to rehash all the passwords.
I doubt this could be a lie.

CoinChat does not use any salt, so is very vulnerable to rainbow attack.

So the conclusion of all this is:
- Don't use CoinChat
- If you do, make SURE you don't use your CoinChat password ANYWHERE else.

/thread

[OVER] RIDDLES 2nd edition --- this was claimed. Look out for 3rd edition!
I won't ever ask for a loan nor offer any escrow service. If I do, please consider my account as hacked.
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
July 12, 2013, 05:51:24 PM
 #66

As I stated before 99.9% of programmers use the same template for hashing and salt handling things across all sites. I think the question you should be asking, is why he doesn't prove that this isn't true, I have already shown proof that this could be an issue. Also if it wasn't an issue why is he extorting my ratings to have it removed? Makes you wonder.

A statistic that you (once again) pulled out of your arse (or ass if you're an American).

He does not need to prove your "accusations" any more than you would need to prove his - whatever he does you will not believe him (and I am pretty sure the same would apply in reverse).

You have only proof of one website so you should change the topic to show that.

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
July 12, 2013, 05:56:24 PM
 #67

Obviously you think the way you think and I think the way I think. If my proof that he has bad security, the certainly his actions are not that of a innocent man.

If you can prove he has bad security (on any other website than the one he admitted to) then why not just do so?

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
Kouye
Sr. Member
****
Offline Offline

Activity: 336
Merit: 250


Cuddling, censored, unicorn-shaped troll.


View Profile
July 12, 2013, 06:03:00 PM
 #68

I have proof, I posted proof. Also how can you even put me in the same category of TF, he has extorted, threaten to hack sites I don't even own anymore, and called me untrustworthy which has no baring. I think for someone that has been called out, he is acting as a guilty party.

Yes, you posted proof that CoinChat passwords were hashed without salting.
Which was clearly admitted by TF.
(Thank you for poiting out this breach, really.)

Then discussing further, he admitted the CoinLender passwords were hashed with static salting.
Which is apparently fixed.

Input passwords are hashed using a user-specific salt.

So my conclusion still stands.
Just keep away from CoinChat.

TF should undo the neg-rep he painted you with, which was a really childish move (I sometimes wonder if TF isn't actually Inaba), and you should keep on warning people not to use CoinChat.


[OVER] RIDDLES 2nd edition --- this was claimed. Look out for 3rd edition!
I won't ever ask for a loan nor offer any escrow service. If I do, please consider my account as hacked.
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
July 12, 2013, 06:08:25 PM
 #69

Instead he attacked me then actually just disproving me.

You made it impossible for him to do so - if you (and him) could let your egos go for a second you'd realise that this helps Bitcoin not at all.

I don't really care for the silly argument but would hope you guys both remember that Bitcoin is more important than any of us. Smiley

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
Kouye
Sr. Member
****
Offline Offline

Activity: 336
Merit: 250


Cuddling, censored, unicorn-shaped troll.


View Profile
July 12, 2013, 06:23:20 PM
Last edit: July 12, 2013, 07:32:41 PM by Kouye
 #70

Fine I have updated the thread to reflect more of what the community is thinking. I still don't agree but I guess facts are facts.

Thanks for that. Now I back your thread title 100%, since MD5 isn't the strongest hash, indeed.

EDIT : Thanks for that. Now I back your thread title 70%, since SHA-256 is pretty secure.

I didn't double check my google search on the scotaloo password hash and got carried on by the title matching the MD5 hash, sorry TF.

[OVER] RIDDLES 2nd edition --- this was claimed. Look out for 3rd edition!
I won't ever ask for a loan nor offer any escrow service. If I do, please consider my account as hacked.
theymos
Administrator
Legendary
*
Offline Offline

Activity: 5376
Merit: 13379


View Profile
July 12, 2013, 06:46:04 PM
 #71

(Keep in mind that this forum does not use a user specific salt.)

Yes, it does.

Even unimportant sites should use a reasonably strong password-hashing scheme IMO. People often use the same password for many sites, so a security breach on even an unimportant site can hurt a lot of people.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
July 12, 2013, 07:16:51 PM
Last edit: July 12, 2013, 07:55:59 PM by DeathAndTaxes
 #72

Fine I have updated the thread to reflect more of what the community is thinking. I still don't agree but I guess facts are facts.

Thanks for that. Now I back your thread title 100%, since MD5 isn't the strongest hash, indeed.

Wait who is using MD5 in 2013?  

Error by quoted user.  Site reportedly uses SHA-2.
DiamondCardz
Legendary
*
Offline Offline

Activity: 1134
Merit: 1118



View Profile WWW
July 12, 2013, 07:19:42 PM
 #73

Fine I have updated the thread to reflect more of what the community is thinking. I still don't agree but I guess facts are facts.

Thanks for that. Now I back your thread title 100%, since MD5 isn't the strongest hash, indeed.

Lmao, MD5.

BA Computer Science, University of Oxford
Dissertation was about threat modelling on distributed ledgers.
Kouye
Sr. Member
****
Offline Offline

Activity: 336
Merit: 250


Cuddling, censored, unicorn-shaped troll.


View Profile
July 12, 2013, 07:21:10 PM
 #74

My bad, it SHA-256, which isn't that weak... Will edit and make amend.  Grin

[OVER] RIDDLES 2nd edition --- this was claimed. Look out for 3rd edition!
I won't ever ask for a loan nor offer any escrow service. If I do, please consider my account as hacked.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
July 12, 2013, 07:54:50 PM
Last edit: July 12, 2013, 08:36:55 PM by DeathAndTaxes
 #75

Even unimportant sites should use a reasonably strong password-hashing scheme IMO. People often use the same password for many sites, so a security breach on even an unimportant site can hurt a lot of people.

This.  Sadly password reuse is a problem and sites shouldn't pretend it isn't.  Also humans generally have a problem coming up with high entropy passwords.  If someone used a particular password even once the odds are someone else on the planet also used it.  Without salt precomputation against known/compromised passwords becomes trivially easy.  

At a minimum:
a) modern cryptographically secure hashing algorithm with no known preimage attacks (second generation RIPEMD, SHA-2, SHA-3, bcrypt*, Scrypt, Whirlpool, etc)*.  
b) 64 bit or greater salt.**
c) hash length of at least 128 bits
d) enforce minimum 8 digit password length ***

An even stronger solution is:
a) use a key derivative function designs to slow down brute force attacks (key stretching). Examples include bcrypt, scrypt, and PBKDF2 ****
b) enforce minimum password length 8 digits is acceptable for higher security applications adding even a single digit (9 digits) can provide significant security ***
c) check users password against lists of known compromised passwords and reject.

For example using bcrypt, requiring a min of 9 characters and ensuring the password isn't on any compromised password dictionary list makes the probability of brute forcing the password negligible even using botnets, cloud computing, or dedicated (non-existent) ASICs.  It is also likely to remain negigible even considering the advancements in computing power over the next couple decades.  For a more exotic solution which provides the site plausible deniability and puts all the security requirements on the user one could use public key signing (Bitcoin address or PGP) as a method of authenticating (logging on) users.

For those who want an appeal to authority this is what NIST recommends as a minimum:  
a) Key Derivative Function: PBKDF2 key using SHA-2 (SHA-3 maybe? but not at the time of this doc)
b) Min salt length: 128 bits
c) Min digest (hash) size: 112 bit
d) Min number of iterations: 1,000 for time sensitive applications (for high security situations that are not time sensitive a much higher iteration count based on available computing power should be used potentially up to 1,000,000 iterations)
e) Min password length: 10 digits for passwords which should consist of mixed symbols, numbers, upper case, lower case (i.e. "D&Twtf?123")
f) Min passphrase length: 30 digits which can be case insensitive alphabetical only (i.e. "my name is death and taxes and death and taxes is my name")

Understand NIST is a US government agency so their exclusion of an algorithm doesn't mean the algorithm is insecure it just means that governments like everything in nice neat packages.  Still there is nothing wrong with following NIST requirements, they just are a little restrictive.

Reference NIST publication 800-132 (Dec 2010)
http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf


Another potential source for "how to do it right" is the Bitcoin wallet source code.  The Bitcoin wallet doesn't store passwords but it does derive the encryption key from the user supplied password.  
It uses PBKDF2 using SHA-2, 256 bit key, tens of thousands of iterations (exact # depends on computing power of wallet).






Notes:
* The entire MD series of cryptographic hashes and SHA-0 are horrible insecure at this point and no new system should even consider them.  Legacy systems should have implemented hashing algorithm upgrades roughly a decade ago.  SHA-1 is cryptographically weakened but faster than brute force preimage attacks against the hash are likely more expensive than brute forcing the passphrase in all but the strongest passwords.  Still given the number of secure alternatives no new project should deploy SHA-1 at this point.

**  NIST recommends 128 bit although that likely is future proofing.  As long as salt is reasonably random and used on a per user basis even 32 bit salt will prevent the attacker from performing any precomputation or parallel attacks.

*** One problem with SHA-2 and similar algorithms is that they are designed to be very fast.  A single high end GPU can perform a billion hashes a second (remember in Bitcoin "1 GH/s" is 2 billion SHA-256 hashes).  This is useful in some applications like HMAC where you need to sign every packet individually as this may mean millions (or potentially hundreds of millions) of packets a second.  On the other hand this speed works against password security.  Unless your website needs to login millions of users per second, every second until the end of time that high speed offers no advantage but it does offer the attacker to attempt a massive number of potential passwords each second.  Strong key derivative functions provide a mechanism for increasing the amount of computing resources necessary to complete a single hash.  If you make a hash take 1000x as long it has a negigible impact on a webserver but it cuts the throughput of an attacker by 1000x.  Imagine an attacker with a given set of resources could break a particular passphrase in 9 hours, 1000x is one year.
whiskers75
Hero Member
*****
Offline Offline

Activity: 658
Merit: 502


Doesn't use these forums that often.


View Profile
July 13, 2013, 03:07:05 PM
 #76

This thread.... *sigh* Tongue

In my opinion:
gweedo isn't actually listening to what TF is saying.

(Side note: what CoinChat does need to do is unban me from it Cheesy)

Elastic.pw Elastic - The Decentralized Supercomputer
ELASTIC ANNOUNCEMENT THREAD | ELASTIC SLACK | ELASTIC FORUM
Pages: « 1 2 3 [4]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!