Info about the recent attack

[theymos]

On September 3, an attacker used a 0-day exploit in SMF to gain administrative access to the forum. This went unnoticed until September 9, when he inserted some annoying JavaScript into all pages. The forum was at this point shut down.

The attacker was capable of running arbitrary PHP code, and he could have therefore copied all password hashes and read all personal messages. He also could have done all of the things that admins can normally do, such as editing/deleting/moving posts.

Passwords

It is not known for sure that the attacker copied any password hashes, but it should be assumed that he did.

SMF hashes passwords with SHA-1 and salts the hash with your (lowercase) username. This is unfortunately not an incredibly secure way of hashing passwords.

The password you used on the forum should be assumed to already be compromised if your password had:
- Less than 16 characters, numbers only
- Less than 12 characters, lowercase only
- Less than 11 characters, lowercase+numeric
- Less than 10 characters, lowercase+uppercase
- Less than 9 characters, lowercase+uppercase+numbers
- Less than 8 characters, all standard characters

If you have only 2-3 more characters than what I listed above, then you should assume that your password will be compromised at some point in the future.

No matter how strong your password was, it is a good idea to change your password here and wherever else you used it.

Database state

Backups exist of the previous database state, but it has been decided to continue with the latest state to avoid losing thousands of posts. If you notice that any posts are missing or changed, let me know.

Also, it's possible that the attacker took control of some accounts. If you are being impersonated, email me and I'll reset your password to its previous value.

More attack info

The attacker first paid for a donator account so he could change his displayed username. The displayed username field is not escaped properly, so he was able to inject SQL from there. He took over Satoshi's account, and from Satoshi's administrative interface he was able to inject arbitrary PHP code by modifying the style template.

The attacker probably used these user accounts, though his level of access would allow him to forge this data:
brad
EconomicOracle
Economic Oracle
SwimsuitPaul
BitcoinsInMyLoins

He probably used these IP addresses:
74.242.208.159
74.242.205.69
152.14.219.223
152.14.247.62
74.242.205.161
74.242.206.245
74.242.208.159
74.242.235.132
98.69.157.69
98.69.160.187
41.125.48.26
150.206.212.72

(Thanks to Mark Karpeles for finding most of this info.)

Change of hosting

Mark Karpeles is now hosting the forum's server. The forum is still owned by Sirius, as it has always been. There will be no policy changes.

Signed version of this message

[1714707745]

1714707745

[1714707745]

1714707745

[c_k]

Everyone should use lastpass.com and generate the longest password a site will accept (or just 32 random characters/numbers is sufficient imo) plus save that on lastpass.com

It's too easy and there is no excuse not to do it.

[johnj]

I'm curious as to how it is a "0 day" attack when it's been patched in SMF 2.x and a few other versions previous of that, long long LONG ago.

This needs to be addressed, if true.

[deepceleron]

Everyone should use lastpass.com and generate the longest password a site will accept (or just 32 random characters/numbers is sufficient imo) plus save that on lastpass.com

It's too easy and there is no excuse not to do it.

https://www.grc.com/passwords.htm or http://www.random.org/passwords/?mode=advanced
If you want a random password like Sj|y.f@6CMIOO|:*+aFa}8OWYqWR(o<B4. No gox hacker would have been able to crack your passwords if they were that strong.

[Cryptoman]

theymos, thanks for getting the site back up so quickly.  I'm sure it ruined your weekend.

[phelix]

thanks for the info, theymos. please continue to keep things as transparent as possible.

[BkkCoins]

I'd like to see vBulletin used as well. I've read that it takes lower cpu load than most php free boards and it has some features I think would be nice here. Ubuntu forums and many other busy forums run on it. I know it costs some money but not that much.

Edit: I don't know if there is an import tool for vB. I'd hope so because losing past posts and all the info held in them is not really an option.

[theymos]

I'm curious as to how it is a "0 day" attack when it's been patched in SMF 2.x and a few other versions previous of that, long long LONG ago.

This needs to be addressed, if true.

It may be fixed in 2.0, but 1.1.14 is still officially supported by SMF.

If we're ever willing to upgrade to 2.0, we'll probably just use some other forum software.

[BkkCoins]

I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.

Is it likely that passwords were changed on many/most accounts or did you wipe out old ones at some point?

BTW if the hacker still has some fingers in here then forcing us to enter our password for changing would expose the password. So hopefully some script wasn't modified to send passwords to him when an attempt was made to change it...

(Not a big problem for me as all my passwords are different and random 25 char strings)

[hightax]

Wow.  Well I would claim surprise but this is a bitcoin project... so...

Also, simple injection is hardly a "0-day" exploit.  The fact that you guys had completely unsanitized input on your forums software means you're every bit as responsible for the hack.

[The Script]

This is so irritating.  So if I have a 14 character password with lower case + numbers + symbols what are the odds it will be cracked?  I guess I should probably just change it anyway, to be safe.  Good thing I don't use it anywhere else otherwise this would be even more irritating.

[Incomer]

Wow.  Well I would claim surprise but this is a bitcoin project... so...

Also, simple injection is hardly a "0-day" exploit.  The fact that you guys had completely unsanitized input on your forums software means you're every bit as responsible for the hack.

Not a zero day exploit anyway. This problem was identified ages ago and patched in SMF 2.x, if you are only running 1.x you are pretty much walking around with your pants down waiting to have your nuts twisted.

[c_k]

Wow.  Well I would claim surprise but this is a bitcoin project... so...

*yawn* anything on the Internet related to money is a target

[pekv2]

Great to see it back up.

[theymos]

I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.

You have the same password that you had before the attack.

[ataranlen]

Glad to see things are back up and running. Thanks for the update on what happened!

[Transisto]

I had some hope the forum would stay closed for longer,
To show people this place is is no way essential to the Bitcoin system.
It would have allowed people to look for alternative sources of information and would have stabilized/strengthened the value of BTC in the long run.

This place has become such a hell with noobs and the #1 target of fear mongering speculators.

Thanks for the day off

[BkkCoins]

I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.

You have the same password that you had before the attack.

Hmnm. Well something has gone wrong. I use a pwd safe and call up and paste in my previous password and it rejects it. My password had 25 chars including letters, number, symbols. Unless the validity of symbols was changed at some point I don't know why it won't work now. I've probably only used it once when created as typically I'm "always logged on".

[theymos]

Hmnm. Well something has gone wrong. I use a pwd safe and call up and paste in my previous password and it rejects it. My password had 25 chars including letters, number, symbols. Unless the validity of symbols was changed at some point I don't know why it won't work now. I've probably only used it once when created as typically I'm "always logged on".

The name of the password field has changed. Maybe that affects it?

[BitcoinStars.com]

Great Job Guys 

[repentance]

I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.

You have the same password that you had before the attack.

Hmnm. Well something has gone wrong. I use a pwd safe and call up and paste in my previous password and it rejects it. My password had 25 chars including letters, number, symbols. Unless the validity of symbols was changed at some point I don't know why it won't work now. I've probably only used it once when created as typically I'm "always logged on".

If your password had been changed I don't think you'd have still been logged into the forum when it came back online.

[molecular]

Everyone should use lastpass.com and generate the longest password a site will accept (or just 32 random characters/numbers is sufficient imo) plus save that on lastpass.com

It's too easy and there is no excuse not to do it.

+ 1

I started using lastpass.com (there are alternatives too, like keypass and others) after the mtgox incident. I have come to love it.

[tsupp4]

Change of hosting

Mark Karpeles is now hosting the forum's server. The forum is still owned by Sirius, as it has always been. There will be no policy changes.

Signed version of this message

Your statement sounds kind of different to this info:
http://bitcoinmedia.com/mt-gox-taking-over-bitcointalk-the-official-u

Mark Kapeles aka MagicalTux is part of Mt.Gox, right?

[theymos]

Mark Kapeles aka MagicalTux is part of Mt.Gox, right?

Yes.

Your statement sounds kind of different to this info:
http://bitcoinmedia.com/mt-gox-taking-over-bitcointalk-the-official-u

He is providing free hosting. He is not "taking over Bitcointalk". In that IRC excerpt I even say that Sirius will retain control of the DNS.

[theymos]

Also, that "security advisory" is inaccurate. The security breach had nothing to do with Flash. That was misinformation spread by the attacker, probably. They used a fake quote purporting to be from Sirius.

[arsenische]

I'd like to see the file with leaked hashes

[nhodges]

Everyone should use lastpass.com and generate the longest password a site will accept (or just 32 random characters/numbers is sufficient imo) plus save that on lastpass.com

It's too easy and there is no excuse not to do it.

Online password stores are still a single point of failure, IMO. Great idea, but use KeePass or some other local solution that you can back up and secure with ease.

[BkkCoins]

I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.

You have the same password that you had before the attack.

Hmnm. Well something has gone wrong. I use a pwd safe and call up and paste in my previous password and it rejects it. My password had 25 chars including letters, number, symbols. Unless the validity of symbols was changed at some point I don't know why it won't work now. I've probably only used it once when created as typically I'm "always logged on".

If your password had been changed I don't think you'd have still been logged into the forum when it came back online.

I'm pretty sure the password wouldn't matter.
Usually a session id is stored in the login cookie not a password.

I've used Keepassx on Ubuntu for years and never had it mis-remember a password. I guess I should go thru the "lost password" process now...

[pekv2]

Online password stores are still a single point of failure, IMO.

A solution like lastpass is great for a few reasons.

You passwords are encrypted.

LastPass uses SSL exclusively for data transfer even though the vast majority of data you're sending is already encrypted with 256-bit AES and unusable to both LastPass and any party listening in to the network traffic

Lastpass has a backup method, securely and not securely. I use not securely and rar them password protected encrypted.

WinRAR offers you the benefit of industry strength archive encryption using AES (Advanced Encryption Standard) with a key of 128 bits.

My passwords are always accessible to me whether lastpass is offline or not.

[TiagoTiago]

Why upgrading to the most recent version of SMF is worse than switching to a whole'nother forum backend? They didn't make it backward compatible?

[theymos]

Why upgrading to the most recent version of SMF is worse than switching to a whole'nother forum backend? They didn't make it backward compatible?

There are many modifications that are incompatible.

[TiagoTiago]

They don't provide a way to convert the data to the new format or somthing like that?

Or you mean there are some addons you use that are essential that haven't been updated to be compatible with the latest version nor have equivalent alternatives made for the latest version?

[d33tah]

If he could run arbitrary PHP code, maybe it's not just the hashes he collected... He might have also injected some code BEFORE hashing, thus gaining plaintext. I don't know all the hack details, but does it sound possible to you?

Also, it took you a while to recover.

[opticbit]

so when an attacker finds that you have an extremely secure password, they can now guess that you have a password wallet somewhere, and go after that

[JonHind]

The vulnerabilities in 1.1.14 have been known for a LONG time. You can hardly call what SA did a 0-day exploit. While 1.1.14 might still be 'supported', it is full of security holes. The admins of this site have been aware of these vulnerabilities for a while, as quite a few people (myself included) have pointed out the dangers of using 1.1.14.

Any admin hosting a site which deals with discussions of a financial nature who couldn't even be bothered to upgrade along the 1.1.xx path (yet alone switch to v.2) should hang their head in shame.

As for giving the database, including all PM's, and also the hosting of the site to the owner of the largest bitcoin exchange, I'm gobsmacked.

I took my $$$'s and BTC's out of Mt:Gox at the time when Bruce was visiting their company. I stopped trusting Mt:Gox when MagicalTux was white-knighting Bruce, refusing to address the evidence that was being provided (not the rumours I might add, just the evidence), and for allowing a convicted fraudster into his company's HQ. After this silent take-over of the forums, I trust Mt:Gox as much as I trust PayPal.

I have my $$$'s in my account now, and my BTC's are sitting in an offline USB stick in the gamble that they will be worth something after all this shit settles down. I'm sitting this one out.

[theymos]

If he could run arbitrary PHP code, maybe it's not just the hashes he collected... He might have also injected some code BEFORE hashing, thus gaining plaintext. I don't know all the hack details, but does it sound possible to you?

It is possible.

[Dusty]

thanks for the info, theymos. please continue to keep things as transparent as possible.

+1

[theymos]

Any admin hosting a site which deals with discussions of a financial nature who couldn't even be bothered to upgrade along the 1.1.xx path (yet alone switch to v.2) should hang their head in shame.

What are you talking about? This is the latest upgrade in the 1.1.xx path.

I am not aware of any other vulnerabilities. If vulnerabilities exist, report them to me and I will take the forum down until they are fixed.

[TiagoTiago]

Though if the intention was to steal data, the defacement stuff would be a dumb move, if they stayed hidden they could have stole shit for much longer.

[molecular]

Also, it took you a while to recover.

I'm sure you could've done it much faster and you would run such a site much more securely than theymos.
I'm also sure you'd gladly give up your weekend for no money to recover from a hack.
And I'm also pretty sure you would easily take a bashing from 11-post-know-it-alls without whining.

Thanks to theymos, sirius and whoever else helped in recovery and running the site. I hope you'll keep the forums up in the future. You're doing a great job! Thanks for the transparency, too.

[JonHind]

Any admin hosting a site which deals with discussions of a financial nature who couldn't even be bothered to upgrade along the 1.1.xx path (yet alone switch to v.2) should hang their head in shame.

What are you talking about? This is the latest upgrade in the 1.1.xx path.

Sorry, I stand corrected. Weren't you running 1.1.13 until very recently? I still stand by the other points raised though.

I am not aware of any other vulnerabilities. If vulnerabilities exist, report them to me and I will take the forum down until they are fixed.

How to keep abreast of security vulnerabilities in SMF 1.1.14 - From there you should be able to click your way to discovering less known vulnerabilities. Also, a tip: Check your plugins for holes.

If you need any further help, I normally charge £200ph an hour for IT consultancy, though I've never worked on any site which has ever used SMF. PM me if you are interested and I will forward you my wallet info.

[wumpus]

He is providing free hosting. He is not "taking over Bitcointalk". In that IRC excerpt I even say that Sirius will retain control of the DNS.

Please please please tell him to not host this forum on any server even close to a server for the trading site. I'd hate to see it used as an attack vector.

[TiagoTiago]

Where can i find more information on what exactly is in the way of upgrading to 2.somthing?

[theymos]

Where can i find more information on what exactly is in the way of upgrading to 2.somthing?

I need updated versions of these mods (some of them might already exist or be covered by the new core):
Custom Profile Field Mod
Edit_Display_Name_Permission
Ignore Boards
Prevent Adding Signature Images And Links
Ignore user

There are also two major custom modifications:
- Membergroup membership based on time online as well as posts
- Advanced CAPTCHAs

I'd also like to use the same theme we have now.

I'd really prefer to move to some other forum software rather than upgrade, though. SMF is not well-written.

[pekv2]

Valid question.

theymos, did they have access to our IP's connected to our user accounts by any chance?

[knightmb]

Valid question.

theymos, did they have access to our IP's connected to our user accounts by any chance?

As admin, they would have access to all, including that.

[pekv2]

Valid question.

theymos, did they have access to our IP's connected to our user accounts by any chance?

As admin, they would have access to all, including that.

omy. Well, for the hell of it, I've taken the listed IP's in OP, did whois, got the IP ranges and popped them in my blockzones of my firewall.

[kokjo]

you did say that he paid, right?

are you able to trace his payment back to an account on some of the exchanges?

[mizerydearia]

I cannot recall where I read it, but I think theymos (was it someone else?) mentioned that only a few bitcoin community members were contacted by email regarding volunteers for hosting the forum.  Is it possible to shed some light on the people that were contacted so the community knows who were the only people that had opportunity to volunteer to host the forum?

[theymos]

you did say that he paid, right?

are you able to trace his payment back to an account on some of the exchanges?

He paid to 1JadERuRgxMgrNcpCPmG35wbYkb7d6jZkw.

[im3w1l]

you can go hunter2 my hunter2-ing hunter2!

[Are-you-a-wizard?]

I'm done with this bullshit. Every month my password is leaked by fail bitcoin sites and their shit security.

Yes, I use different passwords for each site. I don't give a flying fuck.

This is unacceptable,
bye

[kokjo]

you did say that he paid, right?

are you able to trace his payment back to an account on some of the exchanges?

He paid to 1JadERuRgxMgrNcpCPmG35wbYkb7d6jZkw.

then can you have some of the exchanges to check, who cashed out to that address.
or trace it back to when the coins last come in contact with an exchange.

make a list of involved addresses, and then check them.

you could get an account/address(real world) of the attacker.

[makomk]

How to keep abreast of security vulnerabilities in SMF 1.1.14 - From there you should be able to click your way to discovering less known vulnerabilities. Also, a tip: Check your plugins for holes.

Ah, so you can't actually point to any then? I even Googled for this specific vulnerability when I noticed theymos's post about it - nada.

(It looks like SMF 2.0 probably doesn't have this vulnerability due to a much-needed restructuring of how they handle the database, but I'm not sure I'd trust it to be secure; whoever rewrote SMF should've spotted there was something fishy about the existing code if they were security-conscious.)

[haploid23]

my password has 11 characters total: 1 symbol, 8 letters, and 2 numbers. what are the chances it gets broken into after it's hashed?

[ovidiusoft]

my password has 11 characters total: 1 symbol, 8 letters, and 2 numbers. what are the chances it gets broken into after it's hashed?

After hashing, very little. But:

The attacker was capable of running arbitrary PHP code, and he could have therefore copied all password hashes and read all personal messages. He also could have done all of the things that admins can normally do, such as editing/deleting/moving posts.

You should assume that if you entered your password while logging in after sept 3rd, it was intercepted while still in plaintext. Change it.

[EskimoBob]

DO NOT USE WEBSITES TO GENERATE YOUR PASSWORDS

There is a good chance that your new and shiny password is stored for later attacks!

Create 4 random passwords which contains no special characters and are 10 characters long:

Code:

cat /dev/urandom| tr -dc 'a-zA-Z0-9' | fold -w 10| head -n 4

Create 4 random passwords which DO contains special characters and are 12 characters long:

Code:

$ cat /dev/urandom| tr -dc 'a-zA-Z0-9-_!@#$%^&*()_+{}|:<>?='|fold -w 12| head -n 4| grep -i '[!@#$%^&*()_+{}|:<>?=]' 

[fadisaaida]

The vulnerabilities in 1.1.14 have been known for a LONG time. You can hardly call what SA did a 0-day exploit. While 1.1.14 might still be 'supported', it is full of security holes. The admins of this site have been aware of these vulnerabilities for a while, as quite a few people (myself included) have pointed out the dangers of using 1.1.14.

Seriously i spent 5 minutes trying to see where did you point it out before ? am i blind ?

[deepceleron]

He paid to 1JadERuRgxMgrNcpCPmG35wbYkb7d6jZkw.

That address was funded with exactly 10BTC with this transaction on 9-3.
We see that wallet that funded the 10BTC sent a remainder back to itself at address 1GzKzdZ7KxXboxz6ehJFqJ9vv6EFdvuBYm. Those remainder coins get sent around for a while with wallet-aggregating payments, and then they are sent to a new address with all the other little coins on 9-4 to 1FLipaPNU3FHWJz6NFetzTN6xBsjvRXKhS. Current balance? 4500BTC. That kinda looks like an exchange savings account too, so they could have gone into an exchange.

I followed a few of the coins into the sending wallet all the way back to them being mined and sent from a pool account (if the haxor was the one who mined them, the pool address owner could reveal the account), and googled some of the addresses, and they haven't been posted prominently as 'donation' addresses or such. A more extensive dump than my manual exploring could get a picture of all the addresses in the wallet and what else they've been doing, and if any of the addresses have leaked out on the internet to be matched to an identity, or have coins that have gone through an exchange.

[kokjo]

He paid to 1JadERuRgxMgrNcpCPmG35wbYkb7d6jZkw.

That address was funded with exactly 10BTC with this transaction on 9-3.
We see that wallet that funded the 10BTC sent a remainder back to itself at address 1GzKzdZ7KxXboxz6ehJFqJ9vv6EFdvuBYm. Those remainder coins get sent around for a while with wallet-aggregating payments, and then they are sent to a new address with all the other little coins on 9-4 to 1FLipaPNU3FHWJz6NFetzTN6xBsjvRXKhS. Current balance? 4500BTC.

I followed a few of the coins into the sending wallet all the way back to them being mined and sent from a pool account (if the haxor was the one who mined them, the pool address owner could reveal the account), and googled some of the addresses, and they haven't been posted prominently as 'donation' addresses or such. A more extensive dump than my manual exploring could get a picture of all the addresses in the wallet and what else they've been doing, and if any of the addresses have leaked out on the internet to be matched to an identity, or have coins that have gone through an exchange.

ithink that its most likely that the coins came direcly from an exchange. i dont know why, but the acount balances are odd, and the timing between the transactions is fast(indicating some kind of online wallet, at least in my mind)

[ShadowOfHarbringer]

Where can i find more information on what exactly is in the way of upgrading to 2.somthing?

I need updated versions of these mods (some of them might already exist or be covered by the new core):
Custom Profile Field Mod
Edit_Display_Name_Permission
Ignore Boards
Prevent Adding Signature Images And Links
Ignore user

There are also two major custom modifications:
- Membergroup membership based on time online as well as posts
- Advanced CAPTCHAs

I'd also like to use the same theme we have now.

I'd really prefer to move to some other forum software rather than upgrade, though. SMF is not well-written.

Apparently.

Moving to PHPBB or vBulletin is a solution to only one of your problems.
Another one is that the forums are so heavily trolled & flooded with pointless/spam post that it has become difficult to actually discuss about something seriously here.

This forum lacks a Slashdot-like moderation system. Slashdot has probably the best moderation system in the world. It automatically filters out all spam & scam messages with high effectivness. Also, it severely decreases the level of trolling.

[JeffK]

Where can i find more information on what exactly is in the way of upgrading to 2.somthing?

I need updated versions of these mods (some of them might already exist or be covered by the new core):
Custom Profile Field Mod
Edit_Display_Name_Permission
Ignore Boards
Prevent Adding Signature Images And Links
Ignore user

There are also two major custom modifications:
- Membergroup membership based on time online as well as posts
- Advanced CAPTCHAs

I'd also like to use the same theme we have now.

I'd really prefer to move to some other forum software rather than upgrade, though. SMF is not well-written.

Apparently.

Moving to PHPBB or vBulletin is a solution to only one of your problems.
Another one is that the forums are so heavily trolled & flooded with pointless/spam post that it has become difficult to actually discuss about something seriously here.

This forum lacks a Slashdot-like moderation system. Slashdot has probably the best moderation system in the world. It automatically filters out all spam & scam messages with high effectivness. Also, it severely decreases the level of trolling.

Slashdot's moderation system, much like reddit's, only filters out non-groupthink.


I really have a hard time believing this was a 0-day, especially with the last version of the forum being so dated - it sounds like a CYA excuse.

[mikeo]

I'd like to see vBulletin used as well. I've read that it takes lower cpu load than most php free boards and it has some features I think would be nice here. Ubuntu forums and many other busy forums run on it. I know it costs some money but not that much.

Edit: I don't know if there is an import tool for vB. I'd hope so because losing past posts and all the info held in them is not really an option.

@theymos,

I own a copy of VBulletin that is not in use and would gladly donate it to you for use here if you want to pursue migrating.

[SoreGums]

Create 4 random passwords which contains no special characters and are 10 characters long:

Code:

cat /dev/urandom| tr -dc 'a-zA-Z0-9' | fold -w 10| head -n 4

Create 4 random passwords which DO contains special characters and are 12 characters long:

Code:

$ cat /dev/urandom| tr -dc 'a-zA-Z0-9-_!@#$%^&*()_+{}|:<>?='|fold -w 12| head -n 4| grep -i '[!@#$%^&*()_+{}|:<>?=]' 

that's pretty neat little script - cheers

I'm going to stick to lastpass though...

[bitstarter]

Just glad to have it back

[superpc]

How could they let this happen?  The security of this forum is vital to your users.  This should have not happened today.  The admins need to upgrade the version of this forum's software(well, PHP) to SMF 2.0 or switch to PHPBB or VBulletin.

[makomk]

I really have a hard time believing this was a 0-day, especially with the last version of the forum being so dated - it sounds like a CYA excuse.

If it was a security vulnerability in the forum software, and it wasn't caused by one of the mods they installed, it pretty much has to be. There are no relevant public vulnerabilities for SMF 1.1.14 or 1.1.13. (Though having looked closer, I'm not sure if it is a vulnerability at all... decidedly dodgy code at the very least though.)

[dvide]

I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.

Is it likely that passwords were changed on many/most accounts or did you wipe out old ones at some point?

BTW if the hacker still has some fingers in here then forcing us to enter our password for changing would expose the password. So hopefully some script wasn't modified to send passwords to him when an attempt was made to change it...

(Not a big problem for me as all my passwords are different and random 25 char strings)

I'm also having this problem. Funny thing is, if I use incognito mode to get a new session I can log in using my old password, but it's not accepting it for changing my password.

[antares]

Simple Question, besides it's beyond that other things that have been said in this thread.
This one is @theymos directly:
Would it have been so damn hard to take the forum down and insert a little static HTML page, indicating to users that the site was offline and being worked on?

actions like simply taking the forum offline hurt the confidence of people in bitcoin.

[ctoon6]

is my password safe if i used a 64char hexadecimal?

[kokjo]

is my password safe if i used a 64char hexadecimal?

do the math yourself.

serrouisly you guys, learn about password strength, and hashing algo's.

[dvide]

I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.

Is it likely that passwords were changed on many/most accounts or did you wipe out old ones at some point?

BTW if the hacker still has some fingers in here then forcing us to enter our password for changing would expose the password. So hopefully some script wasn't modified to send passwords to him when an attempt was made to change it...

(Not a big problem for me as all my passwords are different and random 25 char strings)

I'm also having this problem. Funny thing is, if I use incognito mode to get a new session I can log in using my old password, but it's not accepting it for changing my password.

Ok something is definitely broken. I just used the forgot password function to reset my password, because it wasn't working from within my account, but then I could not log in at all using either my new password or my old one. Both passwords were 25 characters with special characters and spaces. I used the forgot password again to reset it to a 16 char password without special characters or spaces, and then I was able to login.

So something WRT to either length, special characters or spaces has a problem. Also none of the passwords I tried used a space at either the start or the end, so it's not trimming the string that is my problem.

[Gabi]

Basically in the whole forum we keep discussing about security and guess that? The forum itself get HACKED  

Basically everything keep getting hacked despite all our security discussion and almost always due to ridicolous negligences (yay the bug in the forum was in the thing that modify tags for donators, a thing added some week ago and guess what? hackable!)

[Phinnaeus Gage]

I'm done with this bullshit. Every month my password is leaked by fail bitcoin sites and their shit security.

Yes, I use different passwords for each site. I don't give a flying fuck.

This is unacceptable,
bye

Keep in mind, the annualized inflation rate of bitcoin is ~37.6% at the moment.  If the price holds steady it means that there is enough new demand to keep up with this pace of inflation.  To me, it seems quite natural that the variance in demand relative to the rate of inflation in such a small market is bound to create substantial volatility in both directions.  People should be more surprised that the price stuck at around $14 or $15 for so long.  

The absolute number of miners has nothing to do with it...the question is simply to what degree the net demand is increasing in relation to the supply.  A miner that sells all of their generated bitcoins are reducing net demand (just like anyone else selling bitcoins) while a miner that holds all of their generated bitcoins and increasing net demand (just like anyone else buying bitcoins).

The breaches, the hacks, and the fading media attention are probably all contributing to a lull in demand at the moment.

Somebody buy this man a beer.

Smart Money Drives the Financial Markets?
Let's hear what Tom Williams has to say about all this: http://www.youtube.com/watch?v=6jwEwlZnSFY

Tom and Gavin being interviewed: http://www.youtube.com/watch?v=wYowjdORSNQ

[LZ]

can you migrate the forum to VBulletin ?

vBulletin is a commercial forum software. SMF is really open source and free.

[ctoon6]

is my password safe if i used a 64char hexadecimal?

do the math yourself.

serrouisly you guys, learn about password strength, and hashing algo's.

it was a joke, obviously my password is good for at least 100 years for current day technology, mostly due to its sheer length.

although i think i may use base₆₄ anyway just to be on the safe side.

[Tuxavant]

Create 4 random passwords which contains no special characters and are 10 characters long:

Code:

cat /dev/urandom| tr -dc 'a-zA-Z0-9' | fold -w 10| head -n 4

Create 4 random passwords which DO contains special characters and are 12 characters long:

Code:

$ cat /dev/urandom| tr -dc 'a-zA-Z0-9-_!@#$%^&*()_+{}|:<>?='|fold -w 12| head -n 4| grep -i '[!@#$%^&*()_+{}|:<>?=]' 

that's pretty neat little script - cheers

I'm going to stick to lastpass though...

Then there's always 'pwgen'

Can someone explain to me how/why lastpass.com is better than your browser's password store? I use pwgen to generate seriously crazy passwords for each individual site and let my browser remember the passwords. Nobody has access to my computer except me, and even when they do, it's through their own account.

[wknight]

Great to have the forums back. Plain and simple!

[BkkCoins]

can you migrate the forum to VBulletin ?

vBulletin is a commercial forum software. SMF is really open source and free.

Yes, it is commercial and from I've read, worth it. I don't believe Canonical would use it for the Ubuntu forums if there was an open source package that was as good. It's also used by WebHostingTalk, one of the biggest web host forums.

The question is whether content can be brought over.

[BkkCoins]

I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.

Is it likely that passwords were changed on many/most accounts or did you wipe out old ones at some point?

BTW if the hacker still has some fingers in here then forcing us to enter our password for changing would expose the password. So hopefully some script wasn't modified to send passwords to him when an attempt was made to change it...

(Not a big problem for me as all my passwords are different and random 25 char strings)

I'm also having this problem. Funny thing is, if I use incognito mode to get a new session I can log in using my old password, but it's not accepting it for changing my password.

Ok something is definitely broken. I just used the forgot password function to reset my password, because it wasn't working from within my account, but then I could not log in at all using either my new password or my old one. Both passwords were 25 characters with special characters and spaces. I used the forgot password again to reset it to a 16 char password without special characters or spaces, and then I was able to login.

So something WRT to either length, special characters or spaces has a problem. Also none of the passwords I tried used a space at either the start or the end, so it's not trimming the string that is my problem.

It's starting to sound like the password change code uses different validity criteria than the login code.

[Herodes]

Thanks for telling the community what happened. Appreciated.

[neptop]

Don't rely on a forum for secure authentication!  
(or sign your messages and encrypt PMs)

[MatthewLM]

I'm not aware of PHPBB3 ever having these security problems. My personal opinion is that PHPBB3 is the best out of the free forums software. The only issue id that it doesn't have a plugin interface like with wordpress for example. Modifications can conflict more easily with it's easymod installation system.

[ctoon6]

Don't rely on a forum for secure authentication!  
(or sign your messages and encrypt PMs)

9/10 people will not verify your message because all existing gpg or pgp is made stupid for windows, you either cough up like 500$ for a proprietary product, pgp or be stuck with unstable trash for free, neither is good for security related things.

[Vladimir]

Thinking about it with all the information available now. Imagine yourselves in Theymos and Sirius position. I understand that they used 3rd party plugin for simple machine forum to collect donations as such importing SQL injection vulnerability. Than eventually Cosby came to wreck the forum. Once they know it, they shut down the forum. So far so "good".

Now they have no skill to sort it themselves. They do have to bring someone in. Who can they bring? This is already all over the news. Sirius resigns and asks for help from "devs". Mark surely is right here with an offer of help, but there are some voicing privacy and de-decentralisation worries.

What could they do. They surely can not bring someone like me in, since I am being so adversarial here. Who else? not many offers were sent on that mailing list. They have chosen Mark. Even though it is probably a mistake, their choice is perfectly understandable.

They should have brought in some independent security professional instead of mtgox or me or anyone else with clear conflict of interests. They should have been more open and issue at least some kind of statement ASAP. Things could have been handled better. But hey nobody is perfect.

[Raoul Duke]

I'm not aware of PHPBB3 ever having these security problems. My personal opinion is that PHPBB3 is the best out of the free forums software. The only issue id that it doesn't have a plugin interface like with wordpress for example. Modifications can conflict more easily with it's easymod installation system.

But phpbb also lets you auto-update and auto-merge the modifications on the new files.

Yes, it is commercial and from I've read, worth it. I don't believe Canonical would use it for the Ubuntu forums if there was an open source package that was as good. It's also used by WebHostingTalk, one of the biggest web host forums.

PHPBB is free, open source and is used on warez-bb.org, the biggest warez forum and probably the most attacked forum on the whole internet. Ofcourse i suspect they have a good security team taking care of warez-bb.

Our users have posted a total of 38723335 articles | We have 2641227 registered users
Most users ever online was 8594
In total there are 4240 users online :: 3440 Registered, 89 Hidden and about 711 Guests

^^ and it can handle heavy traffic, as the stats show.

[neptop]

9/10 people will not verify your message because all existing gpg or pgp is made stupid for windows, you either cough up like 500$ for a proprietary product, pgp or be stuck with unstable trash for free, neither is good for security related things.

Still there are tons of better ways for communication than a forum if it's somehow important. So one shouldn't send important stuff via PM and generally keep in mind that an account can be "hacked".

[digibo]

I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.

You have the same password that you had before the attack.

Hmnm. Well something has gone wrong. I use a pwd safe and call up and paste in my previous password and it rejects it. My password had 25 chars including letters, number, symbols. Unless the validity of symbols was changed at some point I don't know why it won't work now. I've probably only used it once when created as typically I'm "always logged on".

The password reset form has a "current password" field with a length limit of 20 characters, even though you can initially create an account with a password longer than 20 characters. I ran into this issue.

You can still change your password by logging out, and then clicking the "Forgot your password?" link on the login page. It will email you a link that lets you reset your password.

[pekv2]

I would suggest everyone check their donation address's listed in their sig. Make sure it was never changed.

[ctoon6]

I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.

You have the same password that you had before the attack.

Hmnm. Well something has gone wrong. I use a pwd safe and call up and paste in my previous password and it rejects it. My password had 25 chars including letters, number, symbols. Unless the validity of symbols was changed at some point I don't know why it won't work now. I've probably only used it once when created as typically I'm "always logged on".

The password reset form has a "current password" field with a length limit of 20 characters, even though you can initially create an account with a password longer than 20 characters. I ran into this issue.

You can still change your password by logging out, and then clicking the "Forgot your password?" link on the login page. It will email you a link that lets you reset your password.

my original password was 64char hexadecimal, my new password is 64char tetrasexagesimal, or base 64 according to wikipedia,i was able to change it, so obviously your wrong

[digibo]

I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.

You have the same password that you had before the attack.

Hmnm. Well something has gone wrong. I use a pwd safe and call up and paste in my previous password and it rejects it. My password had 25 chars including letters, number, symbols. Unless the validity of symbols was changed at some point I don't know why it won't work now. I've probably only used it once when created as typically I'm "always logged on".

The password reset form has a "current password" field with a length limit of 20 characters, even though you can initially create an account with a password longer than 20 characters. I ran into this issue.

You can still change your password by logging out, and then clicking the "Forgot your password?" link on the login page. It will email you a link that lets you reset your password.

my original password was 64char hexadecimal, my new password is 64char tetrasexagesimal, or base 64 according to wikipedia,i was able to change it, so obviously your wrong

Oh, you're right. I created a new account with a 64 character password, and then changed it to a different 64 character password via the profile settings page, and it worked fine.

I did run into the same issue as BkkCoins with my own account, whatever it is.

[digibo]

I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.

You have the same password that you had before the attack.

Hmnm. Well something has gone wrong. I use a pwd safe and call up and paste in my previous password and it rejects it. My password had 25 chars including letters, number, symbols. Unless the validity of symbols was changed at some point I don't know why it won't work now. I've probably only used it once when created as typically I'm "always logged on".

The password reset form has a "current password" field with a length limit of 20 characters, even though you can initially create an account with a password longer than 20 characters. I ran into this issue.

You can still change your password by logging out, and then clicking the "Forgot your password?" link on the login page. It will email you a link that lets you reset your password.

my original password was 64char hexadecimal, my new password is 64char tetrasexagesimal, or base 64 according to wikipedia,i was able to change it, so obviously your wrong

Oh, you're right. I created a new account with a 64 character password, and then changed it to a different 64 character password via the profile settings page, and it worked fine.

I did run into the same issue as BkkCoins with my own account, whatever it is.

And, trying once more on the new account, now I'm hitting the issue:

https://i.imgur.com/NrsUc.png

[ctoon6]

I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.

You have the same password that you had before the attack.

Hmnm. Well something has gone wrong. I use a pwd safe and call up and paste in my previous password and it rejects it. My password had 25 chars including letters, number, symbols. Unless the validity of symbols was changed at some point I don't know why it won't work now. I've probably only used it once when created as typically I'm "always logged on".

The password reset form has a "current password" field with a length limit of 20 characters, even though you can initially create an account with a password longer than 20 characters. I ran into this issue.

You can still change your password by logging out, and then clicking the "Forgot your password?" link on the login page. It will email you a link that lets you reset your password.

my original password was 64char hexadecimal, my new password is 64char tetrasexagesimal, or base 64 according to wikipedia,i was able to change it, so obviously your wrong

Oh, you're right. I created a new account with a 64 character password, and then changed it to a different 64 character password via the profile settings page, and it worked fine.

I did run into the same issue as BkkCoins with my own account, whatever it is.

And, trying once more on the new account, now I'm hitting the issue:

what browser, version and os+version are you using

[joepie91]

I'd like to see vBulletin used as well. I've read that it takes lower cpu load than most php free boards and it has some features I think would be nice here. Ubuntu forums and many other busy forums run on it. I know it costs some money but not that much.

Edit: I don't know if there is an import tool for vB. I'd hope so because losing past posts and all the info held in them is not really an option.

vBulletin uses more resources than SMF (in fact, vBulletin is one of the worst at resource usage), and certainly isn't any more secure - if anything, vBulletin has an even worse track record than SMF in terms of vulnerabilities.

(in fact, SMF is one of the lightest forum platforms there is.)

EDIT: Additionally, if there would be a switch in forum software (which imo isn't really necessary) the best option would probably be XenForo.

[ctoon6]

I'd like to see vBulletin used as well. I've read that it takes lower cpu load than most php free boards and it has some features I think would be nice here. Ubuntu forums and many other busy forums run on it. I know it costs some money but not that much.

Edit: I don't know if there is an import tool for vB. I'd hope so because losing past posts and all the info held in them is not really an option.

vBulletin uses more resources than SMF (in fact, vBulletin is one of the worst at resource usage), and certainly isn't any more secure - if anything, vBulletin has an even worse track record than SMF in terms of vulnerabilities.

(in fact, SMF is one of the lightest forum platforms there is.)

i don't care for vb or smf, i like phpbb myself, but i think vb has the largest market share, so it fall under than windows thing, where they are the largest target, therefore they get targeted type thing.

[joepie91]

I'd like to see vBulletin used as well. I've read that it takes lower cpu load than most php free boards and it has some features I think would be nice here. Ubuntu forums and many other busy forums run on it. I know it costs some money but not that much.

Edit: I don't know if there is an import tool for vB. I'd hope so because losing past posts and all the info held in them is not really an option.

vBulletin uses more resources than SMF (in fact, vBulletin is one of the worst at resource usage), and certainly isn't any more secure - if anything, vBulletin has an even worse track record than SMF in terms of vulnerabilities.

(in fact, SMF is one of the lightest forum platforms there is.)

i don't care for vb or smf, i like phpbb myself, but i think vb has the largest market share, so it fall under than windows thing, where they are the largest target, therefore they get targeted type thing.

I'd say that vBulletin, IPB, SMF, and phpBB get targeted about equally as much - all of those are used by a LOT of sites.

Also, I'm not sure how it is with the newer phpBB versions, but the old phpBB used a lot of resources as well.

[stsbrad]

couple of quick questions. you did contact the authorities correct? nothing about this hack was a joke and or funny in my opinion. why were extremely old admin accounts still active? shouldn't those have an expired setting and or be deleted? manually you should have removed admin priviledges after a certain amount of time.

[ctoon6]

couple of quick questions. you did contact the authorities correct? nothing about this hack was a joke and or funny in my opinion. why were extremely old admin accounts still active? shouldn't those have an expired setting and or be deleted? manually you should have removed admin priviledges after a certain amount of time.

hardly mattered, from what i can gather from the situation, anyone could have been the first target that then got root access.

[stsbrad]

couple of quick questions. you did contact the authorities correct? nothing about this hack was a joke and or funny in my opinion. why were extremely old admin accounts still active? shouldn't those have an expired setting and or be deleted? manually you should have removed admin priviledges after a certain amount of time.

hardly mattered, from what i can gather from the situation, anyone could have been the first target that then got root access.

I thought they used the satoshi admin to get root?

[ctoon6]

couple of quick questions. you did contact the authorities correct? nothing about this hack was a joke and or funny in my opinion. why were extremely old admin accounts still active? shouldn't those have an expired setting and or be deleted? manually you should have removed admin priviledges after a certain amount of time.

hardly mattered, from what i can gather from the situation, anyone could have been the first target that then got root access.

I thought they used the satoshi admin to get root?

i don't know how exactly they have the accounts set up, but they could have gained access to any of the root account, from what is in the post.

[Bert]

Thanks for informing us of the issue (a lot of sites don't) and especially for the work involved in bring the site back online.

[Christian Pezza]

thanks u

[FAtlas]

Why won't you bring back Cosby?  Is it a racial thing?

[w1R903]

I am surprised that everybody here is tossing out PHP-based solutions as alternatives to SMF.  Why not save yourself a ton of security concerns and use a Python-based bulletin board?  There are several reputable, mature, open source products available.  I haven't used any of them personally but most of them use Django, so they would come with great security features out of the box like auto escaping all template content, with which you would not have been vulnerable to the vector used by this attacker.

When you look at OWASP and other security organizations' evaluations of web frameworks, it's amazing how many vulnerabilities are found in PHP-based software, and how few are found in Python-based software.  So if you decide to go with another solution, as opposed to upgrading SMF, why not give a Python-based bulletin board a try?

Specific recommendation: pyForum http://www.pyforum.org/  It's based on web2py framework.  I have used web2py and I highly recommend it.  Migrating from SMF should not be terribly difficult for someone who understands databases.

[theymos]

I don't know what the problem is with password changes. I tried passwords with many different special characters, and it always works.

Simple Question, besides it's beyond that other things that have been said in this thread.
This one is @theymos directly:
Would it have been so damn hard to take the forum down and insert a little static HTML page, indicating to users that the site was offline and being worked on?

actions like simply taking the forum offline hurt the confidence of people in bitcoin.

I don't have access to DNS and I lost ssh access after taking down the forum.

Basically everything keep getting hacked despite all our security discussion and almost always due to ridicolous negligences (yay the bug in the forum was in the thing that modify tags for donators, a thing added some week ago and guess what? hackable!)

It was not a bug in the donator code. Core SMF is always vulnerable to this, but because I had added additional restrictions for non-donators, the attacker had to be donator to exploit it.

[joepie91]

I am surprised that everybody here is tossing out PHP-based solutions as alternatives to SMF.  Why not save yourself a ton of security concerns and use a Python-based bulletin board?  There are several reputable, mature, open source products available.  I haven't used any of them personally but most of them use Django, so they would come with great security features out of the box like auto escaping all template content, with which you would not have been vulnerable to the vector used by this attacker.

When you look at OWASP and other security organizations' evaluations of web frameworks, it's amazing how many vulnerabilities are found in PHP-based software, and how few are found in Python-based software.  So if you decide to go with another solution, as opposed to upgrading SMF, why not give a Python-based bulletin board a try?

Specific recommendation: pyForum http://www.pyforum.org/  It's based on web2py framework.  I have used web2py and I highly recommend it.  Migrating from SMF should not be terribly difficult for someone who understands databases.

Which means you're fucked if there's a vulnerability in Django.

Tip: a language is just a language. PHP is a language, Python is a language, and it's ridiculous to even imply that something in a different language would somehow be magically more secure.

[kokjo]

I am surprised that everybody here is tossing out PHP-based solutions as alternatives to SMF.  Why not save yourself a ton of security concerns and use a Python-based bulletin board?  There are several reputable, mature, open source products available.  I haven't used any of them personally but most of them use Django, so they would come with great security features out of the box like auto escaping all template content, with which you would not have been vulnerable to the vector used by this attacker.

When you look at OWASP and other security organizations' evaluations of web frameworks, it's amazing how many vulnerabilities are found in PHP-based software, and how few are found in Python-based software.  So if you decide to go with another solution, as opposed to upgrading SMF, why not give a Python-based bulletin board a try?

Specific recommendation: pyForum http://www.pyforum.org/  It's based on web2py framework.  I have used web2py and I highly recommend it.  Migrating from SMF should not be terribly difficult for someone who understands databases.

Which means you're fucked if there's a vulnerability in Django.

Tip: a language is just a language. PHP is a language, Python is a language, and it's ridiculous to even imply that something in a different language would somehow be magically more secure.

no but the freamwork is better for handling fuck-ups.

[arsenische]

no but the freamwork is better for handling fuck-ups.

php has plenty of frameworks

[phelix]

I am surprised that everybody here is tossing out PHP-based solutions as alternatives to SMF.  Why not save yourself a ton of security concerns and use a Python-based bulletin board?  There are several reputable, mature, open source products available.  I haven't used any of them personally but most of them use Django, so they would come with great security features out of the box like auto escaping all template content, with which you would not have been vulnerable to the vector used by this attacker.

When you look at OWASP and other security organizations' evaluations of web frameworks, it's amazing how many vulnerabilities are found in PHP-based software, and how few are found in Python-based software.  So if you decide to go with another solution, as opposed to upgrading SMF, why not give a Python-based bulletin board a try?

Specific recommendation: pyForum http://www.pyforum.org/  It's based on web2py framework.  I have used web2py and I highly recommend it.  Migrating from SMF should not be terribly difficult for someone who understands databases.

Which means you're fucked if there's a vulnerability in Django.

Tip: a language is just a language. PHP is a language, Python is a language, and it's ridiculous to even imply that something in a different language would somehow be magically more secure.

no but the freamwork is better for handling fuck-ups.

+1 to Django   and Python btw

[OCedHrt]

I just tried changing my password and it says my current password is wrong.
So I cannot change to a new one now.

Is it likely that passwords were changed on many/most accounts or did you wipe out old ones at some point?

BTW if the hacker still has some fingers in here then forcing us to enter our password for changing would expose the password. So hopefully some script wasn't modified to send passwords to him when an attempt was made to change it...

(Not a big problem for me as all my passwords are different and random 25 char strings)

And also possible that simply logging in sends out your password. Good thing I use junk passwords for forums.

[ErgoOne]

Everyone should use lastpass.com and generate the longest password a site will accept (or just 32 random characters/numbers is sufficient imo) plus save that on lastpass.com

It's too easy and there is no excuse not to do it.

NO!  Everybody should use a long (16+ character) password with mixed upper- and lower-case letters, numerals, and symbols, but SHOULD NOT generate or store that password on lastpass.com or ANY third-party password service.  Use of such a service is placing the security of your information in the hands of a third party.  That's NUTs. 

Instead, use a password vault or a simple GPG-encrypted text file on your own laptop or personal computer, backed up to a CD/DVD or a USB dongle that is kept offsite.  Encrypt that one file with a long passphrase, and do the work to memorize the passphrase.  Voila -- actual security instead of security theater.

(I'm shaking my head at nutty idea that passwords should be entrusted to a third party that you don't even know.)

[CanaryInTheMine]

how about some beefed up infrastructure with a good firewall, ids, virus etc... etc...?

no way bitcoin is becoming mainstream until, we (as in all of us, open-source anything lovers), take security seriously.

as long as there's an opportunity to create PR damage to bitcoin, it will be done and the only press and info that mainstream folks hear about bitcoin will be negative.

you can hiss at me, say whatever, i don't give a shit about your negative-all-knowing pontification that is coming at this post....

BUT

bitcoin will become mainstream not because of it's technical wow/genius or libertarian fuck-the-government connotations... whatever the hell you want to insert here... BUT only if there is positive PR and good perception with public.

There ain't enough of us here to make it mainstream.  You tell me what non-technical people, when you ask them about bitcoin, tell you?  I bet it's only the negative crap that has been put out BECAUSE of security lapses with peripheral, supporting, indirect bitcoin related services.  Nobody cares that it's not bitcoin suffering directly.  people do not understand the difference...

So, whenever you all (those who are in position to take security-related actions) take this seriously, then maybe bitcoin will have a shot.

Until then, get your pop corn out, every few weeks we will see another nail put into bitcoin "Security"

control the message, control opinion, perception and ultimately reality.

[Desolator]

I've heard a lot of really unwise suggestions for password management.  A piece of software holding all your passwords or a website or some generator that generated such unmemorable passwords that you have to store them in a text file somewhere are all REALLY bad ideas.  Here's a secure password:

1. make up some long, symbol-inclusive password like Thi$izmypa$$w0rd!mmmk
2. get a fire and flood proof safe/lockbox for like $30
3. write the password on a piece of paper and put it in the safe
4. don't lose the key

Tada, secure password.  A hacker would have to get inside your house to get it, not counting some specific keylogger attack.

[TTBit]

What does not kill bitcoin will make it stronger.

[BCEmporium]

no but the freamwork is better for handling fuck-ups.

Coders don't use frameworks, Lego makers do. It "speeds up «development»" (yeah, right! Put some pieces of Lego together is now called "developing"... go figure!) but nags hardly performance by loading interpreters filled up with "resources" (which you normally will not even be using 1%).
Still, Python is somewhat better than the mother of all framework fuck ups so far; Java.

And obviously you have more bugs found on PHP applications than anything else, PHP has 76,9% of the dynamic web content share... that's like saying there're more car accidents than motorcycle, no wonder, there're way more cars in the road than motorcycles!

PHP is used by 76.9% of all the websites whose server-side programming language we know.

[Inaba]

Can we please, please stop using this ultra crappy forum software?  It's horrible from every single standpoint, security included.  Please upgrade to a modern piece of software.  This junk from the early part last decade has REALLY got to go.

[BCEmporium]

Can we please, please stop using this ultra crappy forum software?  It's horrible from every single standpoint, security included.  Please upgrade to a modern piece of software.  This junk from the early part last decade has REALLY got to go.

So, you don't like this phpBB fork and want another... well... phpBB fork? 

forums are somewhat easy to code, I don't see nothing wrong with this one, just cover the security holes and double check before "add components or features" (usually the mother of all holes to exploit).

[RodeoX]

Thank you theymos for brining this to our attention. Since there is no practical way to guarantee security, it's nice that you keep us in the loop.

[defxor]

but SHOULD NOT generate or store that password on lastpass.com or ANY third-party password service.  Use of such a service is placing the security of your information in the hands of a third party.  That's NUTs. 

First study how LastPass works, then post. They don't hold your passwords. They cannot retrieve them.

Can someone explain to me how/why lastpass.com is better than your browser's password store? I use pwgen to generate seriously crazy passwords for each individual site and let my browser remember the passwords. Nobody has access to my computer except me, and even when they do, it's through their own account.

Your browser store is at risk of being easily broken into by a client side web browser exploit.

I'll just repeat what so many have already posted: Use LastPass. Generate a new 12+ char password for each site you use. Sleep well.

[pekv2]

Yea, lastpass application encrypts your passwords before they leave your pc to be stored online through SSL and decrypts them on your pc.

Only you, that have the master password, can access your passwords. Even if some how someone gained access to you password database, it is encrypted.

There is also that thought if your pc has a keylogger, well your screwed for not securing your pc correctly/properly.

[FalconFour]

for christ's sake,

Why the f**k are we still using the same exact - the same HACKED - version of the forum software?

I was pissed when I saw the forum come back online and saw we're still on the same version. So I posted, "why the hell are we still using the same version?". And nothing was said. Now, again, I ask, why the f**k are we still using the same version?!

First, use KeePass or something. I don't have to worry about changing my password since this is the only site that gibberish password is used on. Anyone worried about security oughtta do the same.

Second, WHAT THE HELL IT IS NOT THAT HARD TO UPGRADE TO A NEW VERSION OF SMF. This old legacy version of SMF isn't even available to download anymore. What the hell. My head hurts thinking about how unfathomably irresponsible that is.

Third, did I read back a few pages ago that you're looking for some web admin help? Here. Right here. This is me e-raising my hand. Am I a little douchy in this "volunteering" process? Fuck yeah I am, but what experienced sysadmin would NOT be pissed as they watch a popular forum flail its arms in catastrophic misery? It's the "Why wasn't I there? Oh that's right, none of my projects ever got this big, but they also never got hacked" effect. Take it or leave it.

But do something about it. I really don't want to F5 this page and see someone belching up some manufactured excuse/response, and still see the same version-banner at the bottom. That'll just go to prove how immature Bitcoin admins/techs are... oh, what's that falling over there? Price of Bitcoin. Steve Jobs resigned as CEO of Apple. Apple stock fell like a rock. Did Apple do anything tangibly wrong? No, their fucking CEO resigned. You see how related-but-technically-unrelated things affect prices? Why do you think these Cosby clowns attacked the site? derp.

[dlb76]

Good to know! Thanks theymos!

[Inaba]

So, you don't like this phpBB fork and want another... well... phpBB fork?  

forums are somewhat easy to code, I don't see nothing wrong with this one, just cover the security holes and double check before "add components or features" (usually the mother of all holes to exploit).

Please.  You obviously have no experience with web development if you think a feature rich, secure forum software is easy to code.  Literally you have absolutely no idea what you are talking about.  The fact that you see nothing wrong with this software also lends further credence to the fact that you are talking about a topic you have absolutely no, none, zip, zero experience in, either as a user, an administrator/moderator or a system administrator.  Please do NOT throw your .02c into the pot, as all you do is muddy the waters and confuse the current operators with posts like this.  You have no experience and no comprehension as to what goes into coding, running and administrating a popular web forum and your opinion does nothing but damage the cause of moving this forum to a more secure, robust and feature rich future that can handle future expansion and growth.

Before you tell me how qualified you are to make your assessments, http://communityhosting.net is my company and I invite you to read what we have specialized in for over 12 years and then feel free to come back and tell me how your qualifications and judgement are superior to mine in this matter.

I would say modern forum software with all the features you expect from said software is probably one of the most difficult pieces of code to write securely in existence as a web application today.  It is anything but "easy to code."  It is utterly laughable that you'd even put fingers to keyboard to write that.

for christ's sake,

Why the f**k are we still using the same exact - the same HACKED - version of the forum software?

I was pissed when I saw the forum come back online and saw we're still on the same version. So I posted, "why the hell are we still using the same version?". And nothing was said. Now, again, I ask, why the f**k are we still using the same version?!

First, use KeePass or something. I don't have to worry about changing my password since this is the only site that gibberish password is used on. Anyone worried about security oughtta do the same.

Second, WHAT THE HELL IT IS NOT THAT HARD TO UPGRADE TO A NEW VERSION OF SMF. This old legacy version of SMF isn't even available to download anymore. What the hell. My head hurts thinking about how unfathomably irresponsible that is.

Third, did I read back a few pages ago that you're looking for some web admin help? Here. Right here. This is me e-raising my hand. Am I a little douchy in this "volunteering" process? Fuck yeah I am, but what experienced sysadmin would NOT be pissed as they watch a popular forum flail its arms in catastrophic misery? It's the "Why wasn't I there? Oh that's right, none of my projects ever got this big, but they also never got hacked" effect. Take it or leave it.

But do something about it. I really don't want to F5 this page and see someone belching up some manufactured excuse/response, and still see the same version-banner at the bottom. That'll just go to prove how immature Bitcoin admins/techs are... oh, what's that falling over there? Price of Bitcoin. Steve Jobs resigned as CEO of Apple. Apple stock fell like a rock. Did Apple do anything tangibly wrong? No, their fucking CEO resigned. You see how related-but-technically-unrelated things affect prices? Why do you think these Cosby clowns attacked the site? derp.

This.

Pretty much what I was thinking but didn't want to come out and say.  I have been advocating for months for a new forum software and nothing has been done.  Reading over the first post and subsequent posts I see that it's because of a lack of technical knowledge, not some other deep seated and ill-thought out need to keep with forum software developed over a half decade ago.  

I've also volunteered my services and also web hosting for the forums.  I don't particularly want to admin the forums, but if it's a choice between continuing with SMF and me having to do it, I would choose me having to do it.  Or FalconFour, or someone else technically inclined.  Whatever... just stop using this shitty piece of software and harden your web server.

The more I read this thread, the more pissed off I get at the complete mismanagement of this forum and especially the utterly piss poor handling of this incident.  No, we don't expect to be incident free 100% of the time (though that should be the goal), but when there is an incident, how you handle it during and after the crises is just as important as what you do to prevent it in the first place. On both accounts, the before and after, it has been utter and complete fail.  Please stop the cycle of failure.  If you aren't ready or prepared to take steps right now to solve the issues, let someone who is handle it.    

Engaging Mark, with the complete mess and incredibly poor handling of his own hacking incident at MtGox is also so incredibly questionable as to be almost mind boggling.  It would be like hiring the Sony security team to head up your security.  Why would you do that?  MtGox and Sony have both shown they can't handle security before a crisis and are unable to handle it during or after a crisis, so you hire them to... handle security?!  Wait, what?   

Stop making the, quite literally, worst decision that is possible to make short of giving out your passwords publicly. Stop damaging the credibility of Bitcoin. 

[FalconFour]

Heh, well, now that my attention's been brought to this post (whatever dimwit is responsible for keying it in):

So, you don't like this phpBB fork and want another... well... phpBB fork? 

forums are somewhat easy to code, I don't see nothing wrong with this one, just cover the security holes and double check before "add components or features" (usually the mother of all holes to exploit).

Lulz are necessary. Forums are somewhat easy to code? I invite you to look at this page:
http://hostfile.org/viewtopic.php?id=148
As you take a look around at that rather eyesore-tastic, yet somehow very zippy-loading, website... keep this in mind: I wrote that whole thing, with the exception of the BBcode engine that turns a smiley into a graphic, or a URL into a link, but the entire layout/structure/function/etc., that's all hand-crafted in Notepad++. The forum is built on the comments engine, which is tied into the rest of the site. It hasn't yet been "hacked" in all its 4-5 years of running. Of course, given the topic, it also hasn't been very popular, either (hence the "Oh that's right, none of my projects ever got this big, but they also never got hacked" thing). And I still invite someone to try "hacking" it. Good f'ing luck. One thing you won't find in a single line of my code is the potential for an SQL injection exploit. Cheap, first-grade-coding shit there. I even made a function alias for mysql_real_escape_string, since I used it so often and didn't want to type the whole thing out every time.

But lemme tell you: building those systems was a bitch. Even a forum as dumb-basic as that, is a bitch to code. Simple? Yeah, it's easy as hell to take a distribution package of some forum software, and drop its archive onto your server and set it up (hey, admins? yeah, it's really easy to upgrade. that's our point). That's because the programmers MADE it easy to install. Writing it in the first place? Not easy.

[tasarz]

The more I read this thread, the more pissed off I get as the complete mismanagement of this forum and especially the utterly piss poor handling of this incident.  No, we don't expect to be incident free 100% of the time (though that should be the goal), but when there is an incident, how you handle it during and after the crises is just as important as what you do to prevent it in the first place. On both accounts, the before and after, it has been utter and complete fail.  Please stop the cycle of failure.  If you aren't ready or prepared to take steps right now to solve the issues, let someone who is handle it.    Stop damaging the credibility of Bitcoin.

Considering that the forum is comprised of 30% pro/anti-bitcoin trolls, and that the moderators seem to be incapable of doing anything but moving critical threads to off-topic, I'm not at all surprised that the administrators are failing as well.  This place is rotten from the ground up.  I know what a pain updating old software can be.  I also know that it's part of the fucking job.  And now it seems the reins have been handed over to MtGox, who has yet to respond to the obvious problems with his own product today.  How many more shitty pieces of software is the Bitcoin going to have to use before people realize that anything Bitcoin-related is a giant target?  If you can't be bothered to fix the obvious holes I'd rather you don't even bother at all.

[FalconFour]

Wait, my head exploded when I read this line:

SMF hashes passwords with SHA-1 and salts the hash with your (lowercase) username. This is unfortunately not an incredibly secure way of hashing passwords.

F... fucking... REALLY?! No, no, not what it's saying, but... that you're actually SAYING THIS? It's like, let's see here, some clown sneaks onto a military base and puts on some kind of demonstration in middle of a road there. Ouch, that's embarrassing. But in the official response, they say...
"Well, we only have one guard stationed at the gate between 4am and 8am, and the rest of the time there are 2 guards except during their lunch break at 12pm and 1pm. And one of them really likes F-16s and is easily distracted by the launches."

WHAT THE FUCK KIND OF SECURITY RESPONSE IS THAT?! What user needs to know those intricate details?

Harm versus Benefit analysis. Assume, for example, that the script kiddie(s) responsible for the hack weren't thinking of stealing any passwords. They just wanted to make some lulz. In the process, they got the passing idea to back up the database. They came, they lul'd, they left, watching the aftermath (server shut down for what, almost 2 days?). Now they come along and see that post, and say "OH WOW! I DIDN'T EVEN THINK TO CHECK THE PASSWORDS, LOL, BUT THIS MORON JUST GAVE US THE KINGDOM FOR FREE!". No Googling necessary... in fact, it PROMOTES the idea of curiously trying this theory on their backup database they stole for the lulz. Sure enough, it reveals some admin password, "penis" (which would TYPICALLY be too short to use, but with this lack of security... who knows!). O LOL WOW, IT WORKS, LETS CRACK ALL THESE PASSWORDS WITH OUR MINING GPUs

Srsly?

[Crypt_Current]

For what it's worth, my .02 BTC is:

My login/pass still work, there hasn't been any unauthorized use of my login/pass, and this place is still my go-to (atm) for info on mining.  Thanks to the admins and owners/operators for everything they do here; personally I TRULY fucking appreciate it.

I just want to throw out a special thanks to jondecker76 for his one on one help.

I truly believe in a world-changing potential for crypto-currencies, especially BTC, and now my faith in the surrounding community is becoming about as strong.

[ctoon6]

Wait, my head exploded when I read this line:

SMF hashes passwords with SHA-1 and salts the hash with your (lowercase) username. This is unfortunately not an incredibly secure way of hashing passwords.

F... fucking... REALLY?! No, no, not what it's saying, but... that you're actually SAYING THIS? It's like, let's see here, some clown sneaks onto a military base and puts on some kind of demonstration in middle of a road there. Ouch, that's embarrassing. But in the official response, they say...
"Well, we only have one guard stationed at the gate between 4am and 8am, and the rest of the time there are 2 guards except during their lunch break at 12pm and 1pm. And one of them really likes F-16s and is easily distracted by the launches."

WHAT THE FUCK KIND OF SECURITY RESPONSE IS THAT?! What user needs to know those intricate details?

Harm versus Benefit analysis. Assume, for example, that the script kiddie(s) responsible for the hack weren't thinking of stealing any passwords. They just wanted to make some lulz. In the process, they got the passing idea to back up the database. They came, they lul'd, they left, watching the aftermath (server shut down for what, almost 2 days?). Now they come along and see that post, and say "OH WOW! I DIDN'T EVEN THINK TO CHECK THE PASSWORDS, LOL, BUT THIS MORON JUST GAVE US THE KINGDOM FOR FREE!". No Googling necessary... in fact, it PROMOTES the idea of curiously trying this theory on their backup database they stole for the lulz. Sure enough, it reveals some admin password, "penis" (which would TYPICALLY be too short to use, but with this lack of security... who knows!). O LOL WOW, IT WORKS, LETS CRACK ALL THESE PASSWORDS WITH OUR MINING GPUs

Srsly?

what your saying is stupid on all kinds of levels. any and all information should be shared in any and all forms of communications. you trying to hid information that others could use to increase security elsewhere might not make it to where it needs to be, all because you thought you were helping.

[defxor]

Srsly?

So, in short. You belong to the crowd who believe your own non-vetted coding to be vastly superior to the joint work of others, when it comes to writing secure online software, yet you have no idea what salt is or why it's used?

Your posts contain nothing of value.

[FalconFour]

what your saying is stupid on all kinds of levels. any and all information should be shared in any and all forms of communications. you trying to hid information that others could use to increase security elsewhere might not make it to where it needs to be, all because you thought you were helping.

I stopped taking you seriously at that "your" part, but continued to read through your self-perpetuated lack of capitalization* just for entertainment value. And for similar entertainment value, I figure I should tell you that it would've been just as effective, and much less damaging, to have just left out the part about "how the passwords are stored" and just cut to the "if your password is this long" part. There was absolutely no benefit to blurting out exactly how the passwords are stored.

* - that is, "what does it matter to me what some idiot forum noob thinks about my spelling" / "i don't need to be in grammer class whenever i go onlien, fukk you" / "i feel like relaying my low mood and chronic depression through the use of nocaps" / "I Swear i could write Proper Grammar when I need too, I don't need some Stupid forum troll telling me what too do!"

Srsly?

So, in short. You belong to the crowd who believe your own non-vetted coding to be vastly superior to the joint work of others, when it comes to writing secure online software, yet you have no idea what salt is or why it's used?

Salting bascially changes the original value and the comparison value with a known figure so the hashes can't be referenced to a lookup table, and so they can't be broken without knowing the salt value. Oh wait, we know the salt value now. Haha, that was easy™.

Again, with the big exclamation of, "Everyone lock your doors, they might have gotten a copy of the KEY TO THE KINGDOM! *attachment: high-res picture of key to the kingdom.jpg*"

[BCEmporium]

funny, I don't use php ready made software (the open in open source doesn't stand for open for the right folks amd I'm no lego maker.) and still a "full featured forum" falls under the easy category. My "medium difficulty" cat starts at FB and hard when things like socket_listen() comes to the scene.

[gat3way]

Well, those are the bruteforce cracking speeds for the most popular forum engines' password hashes on AMD Radeon HD6870:

IPB/MyBB: ~500M/s
vBulletin: 700M/s (older versions with short salts) - 512M/s (newer versions with 30-byte salt).
SMF: 980M/s

Those are bruteforce speeds, single-hash, using my own software. oclHashcat has nearly the same speeds, +/- 1-2%. 

Note that since those are salted hashes, speeds are proportional to the number of hashes. E.g cracking two IPB hashes would run at 250M/s, cracking 1000 IPB hashes would run at 500K/s.

Bruteforcing thousands of salted hashes is not very practical. However, with dictionary and rule-based attacks, things are kinda different. And long passwords are not necessarily strong ones.

P.S I did not mention phpbb3 as I haven't implemented it yet, but I can make projections about speed (as it is iterated MD5 in fact) - it should be about 3M/s on 6870 which is significantly slower. PHPBB3's password hashing is much better as compared to IPB/vBulletin/SMF in fact.

[Raoul Duke]

I just don't understand why the forum needed to be moved to a new server if the fuckin exploit was on the forum script and not on the server, but i guess that's how shit is managed around here...

[Nesetalis]

my suspicion  psy is that they move the site so the original site can be worked on.. fixed, maybe ugpraded... while everyone is able to talk here :p then once the old server is back up, working how it should.. merge the database back in, possibly convert to a new forum type (there are alot of conversion tools out there)

[dvide]

Salting bascially changes the original value and the comparison value with a known figure so the hashes can't be referenced to a lookup table, and so they can't be broken without knowing the salt value. Oh wait, we know the salt value now. Haha, that was easy™.

Again, with the big exclamation of, "Everyone lock your doors, they might have gotten a copy of the KEY TO THE KINGDOM! *attachment: high-res picture of key to the kingdom.jpg*"

It doesn't really matter if you know the salt value. The salt doesn't have to be a secret; that's not the point of it. It's just so that a mapping of passwords to hashes can't be pre-computed ahead of time (which would then turn brute force attempts into a simple lookup). With a salt, you'd have to compute a table for each user separately, even if you know the salt for the each user, which is infeasible to do; and it's doubtful that any such tables already exist in the wild for any salted password on this forum, which, if you use a decently strong password, gives you ample time to go and change it wherever you used it before somebody cracks it.

That's because hash functions give very unpredictable result outputs by design. If you change even the slightest thing in the password it will hash to something completely different and unpredictable. And they are infeasible to reverse, so you can't just take the salt away from the hashed password after the fact. It's like trying to uncook a meal to get the raw ingredients back out again.

[FalconFour]

Well, basically, if the salt value is known, it's much easier to generate a table (we all know how quick THAT goes with Bitcoin mining - not necessarily a table, but a shitload of hashes), than it would be to try to brute-force the thing from scratch. It went from being "nearly impossible" to "just a minor inconvenience", by spewing out how to get the salt values for each password. All that, and it didn't even have to be said - simply, "change your passwords" and if so desired, "if it's less than x digits long" or whatever. It didn't need to be said how the salts work or what algorithm they were stored in - up to that point, they were still gibberish until someone decided to look up how SMF stores password hashes... *or* in the guard analogy, they just know there are guards there, until someone stands there all day and watches their behavior, OR until someone just blabs it out in a public announcement.

[repentance]

I just don't understand why the forum needed to be moved to a new server if the fuckin exploit was on the forum script and not on the server, but i guess that's how shit is managed around here...

Sirius wanted to hand the hosting over to someone else.

Thread about emails discussing the change

[gat3way]

Well, basically, if the salt value is known, it's much easier to generate a table (we all know how quick THAT goes with Bitcoin mining - not necessarily a table, but a shitload of hashes), than it would be to try to brute-force the thing from scratch.

That's completely wrong.

It went from being "nearly impossible" to "just a minor inconvenience", by spewing out how to get the salt values for each password.

No, it did not.

All that, and it didn't even have to be said - simply, "change your passwords" and if so desired, "if it's less than x digits long" or whatever. It didn't need to be said how the salts work or what algorithm they were stored in - up to that point, they were still gibberish until someone decided to look up how SMF stores password hashes... *or* in the guard analogy, they just know there are guards there, until someone stands there all day and watches their behavior, OR until someone just blabs it out in a public announcement.

SMF is an opensource product and the way it hashes user password is well known.

[FalconFour]

That's, again, the guard analogy. You could either have the security hole/method laid out right in front of you with reckless abandon, splayed out to everyone in a public message... and then the attacker is TOLD about the method/hole... or they could NOT be told, and at least have the *possibility* that the attacker was unaware of how "easy" it would be to break the hashes. Either way, they could just stake out the guard spot for a night and find out for themselves if they REALLY wanted to. Same as they could've just Googled it, had the information not been laid out right in front of 'em.

The point is, THERE WAS NO REASON TO WRITE THAT STATEMENT IN THIS MESSAGE. NOBODY NEEDED THAT KIND OF DETAIL.

It's irrelevant if the detail itself is important - I could say "Hi, my name is Bob", and that's more information than is needed; I could have accomplished the same thing with a simple "Hi!". It's volunteering unnecessary information that's the problem here. It's easily known that my name was Bob if they REALLY WANTED TO KNOW (e.g. "SMF is an opensource [sic] product"), and it's also irrelevant if that information would have been of any malicious use ("No, it did not"). It's just the fact that the information was not necessary to begin with, it shouldn't've been said.

[gat3way]

So you think mentioning the SMF password hashing algorithm helped the attacker to crack the hashes? I don't think so. Actually just posting them on a site like hashkiller.com or insidepro.com would be enough to get a decent part of them cracked.

But hey I just gave out more sensitive data to the potential attacker. Damn

[FalconFour]

Helped? No. Sparked the idea? That's my point. It's a psychological thing, not a technological thing. It's like the candy stands at the checkout... when you go through a grocery store, do you ever actually SEEK OUT the candy? Well, only if you've got candy issues But generally, no. You get to the checkout, and bam: candy. Mm... candy, that would be nice to have! I can afford it, whatever. *grab*

Now, the hack. Mm, I've done all my deeds for the day, Cosbycoin is floating all over the forum, screenshots are taken, lulz are collectively had, it's been a fun day. Ahh, it's offline. Ahh, it's back online. What'd that whiny brat admin say about us? ("checkout" phase) Ooh, what's this? Haha, that's stupid-easy to do. ("candy" phase) Sure enough, it works! Haha, suckers, now we have all their passwords too.

They may or may not have actually investigated the passwords, and even still there's a probability that they hadn't. But the probability pretty much exploded the moment some dingbat thought it would be smart to advertise how the passwords are hashed.

[Gerken]

Helped? No. Sparked the idea? That's my point. It's a psychological thing, not a technological thing. It's like the candy stands at the checkout... when you go through a grocery store, do you ever actually SEEK OUT the candy? Well, only if you've got candy issues But generally, no. You get to the checkout, and bam: candy. Mm... candy, that would be nice to have! I can afford it, whatever. *grab*

Now, the hack. Mm, I've done all my deeds for the day, Cosbycoin is floating all over the forum, screenshots are taken, lulz are collectively had, it's been a fun day. Ahh, it's offline. Ahh, it's back online. What'd that whiny brat admin say about us? ("checkout" phase) Ooh, what's this? Haha, that's stupid-easy to do. ("candy" phase) Sure enough, it works! Haha, suckers, now we have all their passwords too.

They may or may not have actually investigated the passwords, and even still there's a probability that they hadn't. But the probability pretty much exploded the moment some dingbat thought it would be smart to advertise how the passwords are hashed.

If you can't elaborate on what you meant without resorting to dumbass candy analogies you should probably just stop.  And how the passwords are hashed isn't exactly a secret only known to the top members of the cabinet.

[FalconFour]

If you can't elaborate on what you meant without resorting to dumbass candy analogies you should probably just stop.  And how the passwords are hashed isn't exactly a secret only known to the top members of the cabinet.

GJ missing the point. Next please? Can I get someone with a functioning brain, please?

[Gerken]

If you can't elaborate on what you meant without resorting to dumbass candy analogies you should probably just stop.  And how the passwords are hashed isn't exactly a secret only known to the top members of the cabinet.

GJ missing the point. Next please? Can I get someone with a functioning brain, please?

Anyone with a brain ignored you a long time ago.  Guess I should too, but I wanna see if you make a car analogy next. 

[FalconFour]

Anyone with a brain ignored you a long time ago.  Guess I should too, but I wanna see if you make a car analogy next. 

No, but y'see how it says "Gullible" on the ceiling? Right, and I just stole your wallet while you were staring at the ceiling, GJ on that too.

[Raoul Duke]

Anyone with a brain ignored you me a long time ago.  Guess I you should too, after all I only came to this forum to troll. 

FTFY

Now, STFU and GTFO!

[Gerken]

Anyone with a brain ignored you me a long time ago.  Guess I you should too, after all I only came to this forum to troll. 

FTFY

Now, STFU and GTFO!

You seem upset. 

[Raoul Duke]

Anyone with a brain ignored you me a long time ago.  Guess I you should too, after all I only came to this forum to troll.  

FTFY

Now, STFU and GTFO!

You seem upset.  

Upset?  

You seem more upset than me, after all it's you who came here just to troll a forum about something you don't like... Is Bitcoin a threat to you in some way?

[Gerken]

Anyone with a brain ignored you me a long time ago.  Guess I you should too, after all I only came to this forum to troll.  

FTFY

Now, STFU and GTFO!

You seem upset.  

Upset?  

You seem more upset than me, after all it's you who came here just to troll a forum about something you don't like... Is Bitcoin a threat to you in some way?

I have no problem with bitcoin, it's the die hard libertarians that get me rollin.  It's always great seeing them get screwed over by the same system they want to push on everyone else. 

[runeks]

DO NOT USE WEBSITES TO GENERATE YOUR PASSWORDS

There is a good chance that your new and shiny password is stored for later attacks!

Create 4 random passwords which contains no special characters and are 10 characters long:

Code:

cat /dev/urandom| tr -dc 'a-zA-Z0-9' | fold -w 10| head -n 4

Create 4 random passwords which DO contains special characters and are 12 characters long:

Code:

$ cat /dev/urandom| tr -dc 'a-zA-Z0-9-_!@#$%^&*()_+{}|:<>?='|fold -w 12| head -n 4| grep -i '[!@#$%^&*()_+{}|:<>?=]' 

This is useful if you want passwords you don't need to remember. Obviously, few people are able to remember a password like "Qc{Jb>pK)|_m". If you want a password that's just as strong but easier to remember, use a dictionary with the shuf command, like this:

Code:

shuf -n 6 --random-source=/dev/random /usr/share/dict/words

This will pick 6 random words (using /dev/urandom to create the random numbers) from the dictionary /usr/share/dict/words. /usr/share/dict/words on my machine contains about 98500 words. I have another dictionary that contains 74000 words (excluding words ending in "'s" from /usr/share/dict/words). Now let's say I create a password using 6 words from the latter dictionary (74000 words):

Code:

shuf -n 6 --random-source=/dev/random Desktop/simwords 
scramblers
chiseled
therapeutic
adjuster
lamebrains
gibbeted

So the password is "ScramblersChiseledTherapeuticAdjusterLamebrainsGibbeted". The number of possible combinations are 74000^6=~10^29 which is the equivalent of a 15 character password consisting of upper/lowercase letters, numbers and special characters (like "&+-qnk_Wh<7TeNF").
Which one is the easiest to remember? They both have approximately the same entropy.

[Raoul Duke]

I have no problem with bitcoin, it's the die hard libertarians that get me rollin.  It's always great seeing them get screwed over by the same system they want to push on everyone else. 

If it's great "seeing them get screwed" why do you interfere instead of just watching from the sideline?
Your interference, and the interference from the other goons makes me suspect that there's more to it than just "seeing die hard libertarians getting screwed over by the same system they want to push"...

[mizerydearia]

I cannot recall where I read it, but I think theymos (was it someone else?) mentioned that only a few bitcoin community members were contacted by email regarding volunteers for hosting the forum.  Is it possible to shed some light on the people that were contacted so the community knows who were the only people that had opportunity to volunteer to host the forum?

Anyone willing to suggest who the people that were contacted are?  Perhaps this is undesirable to publicate?

Found a follow up email after the initial request for volunteers:  http://pastebin.com/48tPCHUP

Malmi Martti
Jeff Garzik
Mike Hearn
Bruce Wagner
Pieter Wuille
email@xx.com
Marc Bevand
Matt Corallo
Jed McCaleb
Gavin Andresen
Nils Schneider
info@xx.cz
solar
Stefan Thomas

Also, included in original email (not shown in pastebin above):
email@onlyonetv.com
info@bitcoin.cz (slush)

[runeks]

Can anyone tell me why sites/programs like LastPass.com/KeyPass/KeyPassX would be anymore secure than the a browser extension like PasswordHash (for Chrome and Firefox)

The principle of this browser extension is that at any site where you are asked to enter a password, the extension will enter a password that is sha256(<your password of choice> + domain) (or any other cryptographic hash function). For example, if my chosen password is "masterpassword", the password that would be used to log into gmail.com would be sha256("masterpasswordgmail.com") (=9b2b649d3124c81093f9080a88b9d3723940dfe0707d8524d0403c9641bc99c3).
This is the principle. The output could of course be truncated since few sites allow passwords this long. But as far as I can see this achieves exactly the same as LastPass.com and KeyPass(X) with much less complexity. If an attacker compromises a database and - even if they are stored as clear text - gets your password (the sha256 hash), he has no use for it since he can't find your master password even knowing the domain that was used together with the master password to create the hash. This is basically using a SALT that is the domain name of the site you're visiting.

[shelbydz]

http://xkcd.com/936/

nuff said
 

[Maged]

Helped? No. Sparked the idea? That's my point. It's a psychological thing, not a technological thing. It's like the candy stands at the checkout... when you go through a grocery store, do you ever actually SEEK OUT the candy? Well, only if you've got candy issues But generally, no. You get to the checkout, and bam: candy. Mm... candy, that would be nice to have! I can afford it, whatever. *grab*

Now, the hack. Mm, I've done all my deeds for the day, Cosbycoin is floating all over the forum, screenshots are taken, lulz are collectively had, it's been a fun day. Ahh, it's offline. Ahh, it's back online. What'd that whiny brat admin say about us? ("checkout" phase) Ooh, what's this? Haha, that's stupid-easy to do. ("candy" phase) Sure enough, it works! Haha, suckers, now we have all their passwords too.

They may or may not have actually investigated the passwords, and even still there's a probability that they hadn't. But the probability pretty much exploded the moment some dingbat thought it would be smart to advertise how the passwords are hashed.

Here's the thing: this information was only revealed AFTER the attack. As such, the hacker no longer has access to the system. If they had the idea of taking the user database and cracking the passwords, they either already did or they didn't. There is literally no way to take the user database without explicitly thinking "I want to crack everyone's password!". If they did take the user database, you can bet that they also downloaded the entire source code of the forum, just in case we made any changes to how the passwords were stored (I don't know that we did, and if we didn't change how the passwords were stored, they could have found this out from the SMF source code any time they wanted to - including well before the attack). Basically, the attacker already would have known all this. There is NO danger in revealing this information after the fact.

[FalconFour]

[doc_brown] You're not thinking 4th-dimensionally! [/doc_brown]

Imagine for a moment that they took a snapshot of the database as any good "hello, world!" hack would do. And they didn't take a snapshot just for the sake of cracking passwords, but just part of a routine "let's see what we can get out of it" thing. That enables a 3rd possibility: that they have the database (no need for further hacks/exploits from that point on to get hashes), that they didn't have the intention of snooping passwords, but now they have the motivation to try it (which they didn't, before the information was posted).

Of course, since it's my reasoning against a person wearing the title "mod", if this is anything like any other forum, cue the community blindly bashing the guy that doesn't 100% agree with the post

[Maged]

[doc_brown] You're not thinking 4th-dimensionally! [/doc_brown]

Imagine for a moment that they took a snapshot of the database as any good "hello, world!" hack would do. And they didn't take a snapshot just for the sake of cracking passwords, but just part of a routine "let's see what we can get out of it" thing. That enables a 3rd possibility: that they have the database (no need for further hacks/exploits from that point on to get hashes), that they didn't have the intention of snooping passwords, but now they have the motivation to try it (which they didn't, before the information was posted).

I suppose that is true. With admin access, they just had to press one button to get a full database dump. That is much less work than coding a dump program yourself.

Basically, this is a case where you just have to weigh the risks that the hacker would decide to suddenly start cracking the passwords after you release the details, to the damage that anything less than full disclosure would cause to your reputation. Remember when Mt.Gox was hiding things how pissed everyone was?

Of course, since it's my reasoning against a person wearing the title "mod", if this is anything like any other forum, cue the community blindly bashing the guy that doesn't 100% agree with the post

Nobody here really thinks that mods are special. We just happen to read more posts than everyone else, so we were given the power to moderate the forum ourselves instead of having to report everything.

[SolarSilver]

Passwords

It is not known for sure that the attacker copied any password hashes, but it should be assumed that he did.

Well, I'm already getting spam on my unique email address generated for the forum so we might consider that if that leaked, the hashes leaked as well:

Code:

Received: by 10.42.220.135 with SMTP id hy7cs191738icb;
        Mon, 12 Sep 2011 05:57:14 -0700 (PDT)
Received: by 10.14.13.14 with SMTP id a14mr1481921eea.41.1315832233374;
        Mon, 12 Sep 2011 05:57:13 -0700 (PDT)
Return-Path: <no_reply@libertyreserve.com>
Received: from x
        by mx.google.com with ESMTPS id 36si4325308eeh.202.2011.09.12.05.57.12
        (version=TLSv1/SSLv3 cipher=OTHER);
        Mon, 12 Sep 2011 05:57:13 -0700 (PDT)
Received-SPF: fail (google.com: domain of no_reply@libertyreserve.com does not designate Y as permitted sender) client-ip=Y;
Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of no_reply@libertyreserve.com does not designate Y as permitted sender) smtp.mail=no_reply@libertyreserve.com
Received: from yama-bousai-web.bosai.vill.yamato.lg.jp ([61.194.116.165])
	by X (8.14.1/8.14.1) with ESMTP id p8CCvAWf028904
	for <My-forum-email@x>; Mon, 12 Sep 2011 14:57:11 +0200 (CEST)
Message-Id: <201109121257.p8CCvAWf028904@X>
Received: from User ([66.219.29.150])
          by yama-bousai-web.bosai.vill.yamato.lg.jp
          (Post.Office MTA v4.1.0.4 release 20090417
           ID# 6014-053U50L50S0V41J) with ESMTP id jp;
          Mon, 12 Sep 2011 19:48:48 +0900
From: "no_reply@libertyreserve.com"<no_reply@libertyreserve.com>
Subject: Liberty Reserve Bonus Winner
Date: Mon, 12 Sep 2011 19:48:28 +0900
MIME-Version: 1.0
Content-Type: text/html;
	charset="iso-8859-9"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

</script>
<div id=yiv2021571761><html>
<table width="750" cellpadding="0" cellspacing="0">
	<tr>
		<td style="background-repeat:no-repeat;" background="" width="100%" align="center">
			<table width="95%" align="center">
				<tr>
					<td align="left" style="padding:10px 0 0 10px;">
						  <img src="https://libertyreserve.s3.amazonaws.com/content/v1.0.1040/themes/white/images/logo.gif" border="0"/>											</td>
				</tr>
			</table>
			<table width="740">
				<tr><td style="padding:0px 40px 0px 0px;" align="center">
<table width="100%"
 border="0" cellpadding="0" cellspacing="0">
  <tr>
    <td valign="top" align="middle"><table cellspacing="0" cellpadding="0" width="100%" border="0">
		<tr>
			<td colspan="2" class="separator"><hr style="font-family:verdana, arial, sans-serif;border:0;width:100%;height:2px;border-top:1px solid #9AA6CD;overflow:hidden;"/></td>
		</tr>
        <tr>
          <td style="font-family:verdana, arial, sans-serif;margin:0;padding:0px 0px 10px 0px;color:#020219;font-weight:bold;font-size:18px;" nowrap width="50%">  <div align="left">20% Bonus Winner </div></td>
          <td style="font-family:verdana, arial, sans-serif;margin:0;padding:0px 0px 10px 0px;color:FF0 000;font-weight:bold;font-size:18px;" nowrap align="right" width="50%"></td>
        </tr>
        <tr>
          <td nowrap colspan="2" height="1"><img height="1"
 src="" width="1"></td>
        </tr>
      </table>
      <table cellspacing="0" cellpadding="0" width="100%"
 border="0">
        <tr>

          <td style="font-family:verdana, arial, sans-serif;font-size:11px;color:#656565;"><div align="left"><strong>&nbsp;&nbsp;&nbsp; </strong>CONGRATULATIONS!<br>
            You have won a the chance to WIN 20% Bonus of your Liberty Reserve account balance. One time - Limited BONUS Offer! You can earn 0.5usd (Balance: 10usd) or up to 500usd (Balance: 10.000usd) depending on your account balance. This BONUS Form must be completed in maximum 5 days using the link below or you will not qualify for the 20% Bonus. Please be aware that if your account balance is 10usd your bonus will be 0(zero) and you will not qualify for the instant Free Bonus. You can use one of our authorized exchangers listed on www.libertyreserve.com website and upload money secure in your account.
            </span></strong><br>
                  <br>
            
          </div></td>
          <td width="5"><img height="1" src=""
 width="5"></td>
        </tr>
      </table>
      <table cellspacing="0" cellpadding="0" width="100%" border="0">
        <tr>
          <td nowrap colspan="2" height="1"><img height="1"
 src="" width="1"></td>
        </tr>
        <tr>
          <td style="font-family:verdana, arial, sans-serif;margin:0;padding:0px 0px 10px 0px;color:#020219;font-weight:bold;font-size:18px;" nowrap width="50%"> How can I get my Bonus?</td>
          <td style="font-family:verdana, arial, sans-serif;margin:0;padding:0px 0px 10px 0px;color:#020219;font-weight:bold;font-size:18px;" nowrap align="right" width="50%"></td>
        </tr>
        <tr>
          <td nowrap colspan="2" height="1"><img height="1"
 src="" width="1"></td>
        </tr>
      </table>
      <table cellspacing="0" cellpadding="0" width="100%"
 border="0">
        <tr>

          <td style="font-family:verdana, arial, sans-serif;font-size:11px;color:#FF0000;" valign="top"><p align="left">
              <strong>&nbsp;&nbsp;&nbsp; Click "GET BONUS!" text below and complete the Bonus Request Form
  on our website
and find your bonus using your current balance:</strong>
     <strong>
<br>
<br>
</blockquote>

</font><a href="http://i.love.skate.lv/bonus/"><strong>&nbsp;&nbsp;&nbsp;GET BONUS!&nbsp;&nbsp;&nbsp;<span class="style25"></strong></a><br>
</blockquote>

            </p></td>
          <td width="5"><img height="1" src=""
 width="5"></td>
        </tr>
      </table>
      <table cellspacing="0" cellpadding="0" width="200%" border="0">
        <tr>
          <td nowrap height="1"><img height="1"
 src="" width="1"></td>
        </tr>
      </table>
      <table cellspacing="0" cellpadding="0" width="100%"
 border="0">
        <tr>
          <td>&nbsp;</td>
<br>
          <td style="font-family:verdana, arial, sans-serif;font-size:11px;color:#656565;" valign="top"><div>
  &nbsp;&nbsp;&nbsp; 
  <div align="left">To increase your bonus you can use one of our autorized exchangers to upload money in your account! Please be aware that this Bonus Offer will expire in 5 bussiness days! Bonus amount will be added to your account balance in maximum 24 hours!<br>
      <br>
    2002 � 2011  Liberty Reserve S.A. All rights reserved. </div>
          </div>
            <br> </td>
          <td width="5"><img height="1" src=""
 width="5"></td>
        </tr>
      </table>
<table cellspacing="0" cellpadding="0" width="100%" border="0">
          <tr>
  <td nowrap colspan="2" height="1"><img height="1"
 src="" width="1"></td>
 </tr>
	<tr>
	 <td nowrap colspan="2" height="1"><img height="1"
 src="" width="1"></td>
	</tr>
 <tr>
	<td colspan="2" class="separator"><hr style="font-family:verdana, arial, sans-serif;border:0;margin:8px 0px 0px 0px;padding:6px 0px 0px 0px;width:100%;height:2px;border-top:1px solid #9AA6CD;overflow:hidden;"/></td>
 </tr>
   </table>
<table cellspacing="0" cellpadding="0" width="100%" border="0">
<tr>

[dishwara]

Well, I'm already getting spam on my unique email address generated for the forum so we might consider that if that leaked, the hashes leaked as well:

+1.

I am also getting spams from libertyreserve.com that i got gift, my account blocked....
Besides i got an email to my inbox from libertyreserve saying some one sent me money. 0.01 USD to my account.
But nothing was in my account.

[Maged]

I'm getting that spam on my old MtGox address, not my forum address.

[FalconFour]

I suppose that is true. With admin access, they just had to press one button to get a full database dump. That is much less work than coding a dump program yourself.

Basically, this is a case where you just have to weigh the risks that the hacker would decide to suddenly start cracking the passwords after you release the details, to the damage that anything less than full disclosure would cause to your reputation. Remember when Mt.Gox was hiding things how pissed everyone was?

Well, wasn't around for that, but I do remember hearing all the uproar about it (in fact, I hopped on the Bitcoin wagon just as things were beginning to crash-and-burn around then - I tend to do that with tech trends *facepalm*). But just to contrast: SMF is "open source", remember? "Anyone could figure out how passwords are hashed", or so the parroting went just a few pages ago I still don't think it was necessary at all to rehash (pun) the details of how SMF hashes passwords. It wouldn't've been hiding anything to have not mentioned it - the notification that passwords may have been compromised is really all that needed to be disclosed.

Of course, since it's my reasoning against a person wearing the title "mod", if this is anything like any other forum, cue the community blindly bashing the guy that doesn't 100% agree with the post

Nobody here really thinks that mods are special. We just happen to read more posts than everyone else, so we were given the power to moderate the forum ourselves instead of having to report everything.

Hey, that works for me (and I also noticed in the subsequent [lack of] replies). Certainly a change of pace from the typical forum behavior I'd grown accustomed to after 10+ years of forums

FWIW, I haven't had any spam yet, and I do the unique-email thing as well (so I'd know where it came from). Does everyone getting Liberty Reserve emails have an account there? They could be bouncing the addresses off Liberty Reserve to see if they have an account, before sending the phishing mails...

[minerva]

Fortunately for me, for all forum accounts I use one of four usernames, and one of six passwords. So even factoring in prefering a username and a password over the others, the majority of forum accounts I have will be safe. And then for important accounts, obviously use a safe semi-secure password and change it semi-annually.

Hardly the best security policy, but it's better than most.

[terrytibbs]

Goddammit, theymos.

[ctoon6]

what your saying is stupid on all kinds of levels. any and all information should be shared in any and all forms of communications. you trying to hid information that others could use to increase security elsewhere might not make it to where it needs to be, all because you thought you were helping.

I stopped taking you seriously at that "your" part, but continued to read through your self-perpetuated lack of capitalization* just for entertainment value. And for similar entertainment value, I figure I should tell you that it would've been just as effective, and much less damaging, to have just left out the part about "how the passwords are stored" and just cut to the "if your password is this long" part. There was absolutely no benefit to blurting out exactly how the passwords are stored.

* - that is, "what does it matter to me what some idiot forum noob thinks about my spelling" / "i don't need to be in grammer class whenever i go onlien, fukk you" / "i feel like relaying my low mood and chronic depression through the use of nocaps" / "I Swear i could write Proper Grammar when I need too, I don't need some Stupid forum troll telling me what too do!"

Srsly?

So, in short. You belong to the crowd who believe your own non-vetted coding to be vastly superior to the joint work of others, when it comes to writing secure online software, yet you have no idea what salt is or why it's used?

Salting bascially changes the original value and the comparison value with a known figure so the hashes can't be referenced to a lookup table, and so they can't be broken without knowing the salt value. Oh wait, we know the salt value now. Haha, that was easy™.

Again, with the big exclamation of, "Everyone lock your doors, they might have gotten a copy of the KEY TO THE KINGDOM! *attachment: high-res picture of key to the kingdom.jpg*"

you are unable to refute therefore you go after the way i write, WTG! i congradz you on your proper spelling and capitalization and grammar and all that, while in reality i also am perfectly able to do so, but it simply takes longer to type the additional punctuation, yet you are perfectly able to understand everything i write out.

[FalconFour]

you are unable to refute therefore you go after the way i write, WTG! i congradz you on your proper spelling and capitalization and grammar and all that, while in reality i also am perfectly able to do so, but it simply takes longer to type the additional punctuation, yet you are perfectly able to understand everything i write out.

I shit you not, it actually takes me longer to backspace and un-capitalize words, and to write improperly. You should practice it... most people don't have to sit there and think about how to spell and use proper grammar. Kinda like using blinkers in a lane change (I'm guessing you're too holier-than-thou to do that, either). It just becomes habit if you ever gave 2 shits enough to think about it.

And really, I already refuted you 2 pages ago. I just didn't have to (nor want to) reply to you, but rather to the other people that actually took the minuscule amount of mental effort to present their ideas in a meaningful and more linguistically-respectable manner.

tldr: Suck it, you're not worth the time nor mental effort I've already expended in trying to reason with you.

edit: But 'gratz on your 666th post. 

[ctoon6]

you are unable to refute therefore you go after the way i write, WTG! i congradz you on your proper spelling and capitalization and grammar and all that, while in reality i also am perfectly able to do so, but it simply takes longer to type the additional punctuation, yet you are perfectly able to understand everything i write out.

I shit you not, it actually takes me longer to backspace and un-capitalize words, and to write improperly. You should practice it... most people don't have to sit there and think about how to spell and use proper grammar. Kinda like using blinkers in a lane change (I'm guessing you're too holier-than-thou to do that, either). It just becomes habit if you ever gave 2 shits enough to think about it.

And really, I already refuted you 2 pages ago. I just didn't have to (nor want to) reply to you, but rather to the other people that actually took the minuscule amount of mental effort to present their ideas in a meaningful and more linguistically-respectable manner.

tldr: Suck it, you're not worth the time nor mental effort I've already expended in trying to reason with you.

edit: But 'gratz on your 666th post. 

u2

[phillipsjk]

Create 4 random passwords which contains no special characters and are 10 characters long:

Code:

cat /dev/urandom| tr -dc 'a-zA-Z0-9' | fold -w 10| head -n 4

It struck me as strange that /dev/uramdom is being used instead of /dev/random. The latter blocks until the entropy pool is replenished. The reason /dev/urandom is needed is that the above script throws away a lot of information. It is still an interesing little script (using tools installed by default in many distros), but a dedicated tool like pwgen (that another user suggested) is probably better.

I am posting this reply because another user was suggesting using /dev/urandom as a source of entropy based on the above script, possibly not understanding the implications. If you want guaranteed entropy, you use /dev/random. If all you need is "very good psuedorandom," then you would use /dev/urandom.

In the above script, the following happens:

• High quality psuedorandom bytes are generated.
• 75% of those are filtered out because they are not one of the 62 allowed characters.
• The lines are wrapped to the desired width.
• The first 4 lines (passwords) are displayed. I think the whole chain quits when 'head' exits (+- buffering).

Edit: I totally used the 12 digit, special character version for my updated forum password. The use of 'grep' at the end may actually weaken the passwords by omiting any that do not use special characters.

[defxor]

The point is

... that you even after having been told you've completely misunderstood "salt" kept posting your misinformed rants.

"Ignore user" is the best thing that's happened to these forums.

[defxor]

The principle of this browser extension is that at any site where you are asked to enter a password, the extension will enter a password that is sha256(<your password of choice> + domain) (or any other cryptographic hash function). For example, if my chosen password is "masterpassword", the password that would be used to log into gmail.com would be sha256("masterpasswordgmail.com") (=9b2b649d3124c81093f9080a88b9d3723940dfe0707d8524d0403c9641bc99c3).

According to your description you only get entropy matching your password. Unless your password is a complex 12 char password that means an attacker can still bruteforce it. While they do need to know that your passwords are generated this way, they have knowledge of the domain of the site and the above indeed looks like an obvious hash.

Security by obscurity isn't.

[Blackout]

were wallet.dat files uploaded or not?

[terrytibbs]

were wallet.dat files uploaded or not?

My oh my.

EDIT: Did you know the progress bar was brought to you by Mt.Gox?

[FalconFour]

were wallet.dat files uploaded or not?

To answer your question with another question:

Why would they go after your wallet.dat when they could just go after your browser's (unprotected by default) password store?

[Blackout]

Sure this has been answerd. Not trying to be annoying. Just couldn't find it and didn't feel like reading the entire thread and got e-mail from one of the pools (or could be bull spam) saying wallet.dats were attempted being uploaded when you came here during the cosbycoin time.  I did not on a machine that has a bitcoin wallet on it.  This is posted on several pools though including bitcoinpool so I was just checking.

Passwords changed, and I don't store any passwords in the browser of any importance anyway.

[molecular]

were wallet.dat files uploaded or not?

To answer your question with another question:

Why would they go after your wallet.dat when they could just go after your browser's (unprotected by default) password store?

What are you talking about? How would they gain access to the browser password store?

[FalconFour]

were wallet.dat files uploaded or not?

To answer your question with another question:

Why would they go after your wallet.dat when they could just go after your browser's (unprotected by default) password store?

What are you talking about? How would they gain access to the browser password store?

EXACTLY MY POINT. They didn't steal wallet.dats because they couldn't. And even if they could, they'd probably rather go after something more useful than the Bitcoins they hate so much. That's my point: if they COULD steal wallet.dat, they probably wouldn't've bothered with something so trivial. Browsers have paranoid amounts of security regarding file-upload abilities (remember when the "file path" field disappeared from HTML file controls?), so it's just not possible for a stupid little Javascript playtime script to go stealing wallet.dats. That's the point I was making.

[molecular]

were wallet.dat files uploaded or not?

To answer your question with another question:

Why would they go after your wallet.dat when they could just go after your browser's (unprotected by default) password store?

What are you talking about? How would they gain access to the browser password store?

EXACTLY MY POINT. They didn't steal wallet.dats because they couldn't. And even if they could, they'd probably rather go after something more useful than the Bitcoins they hate so much. That's my point: if they COULD steal wallet.dat, they probably wouldn't've bothered with something so trivial. Browsers have paranoid amounts of security regarding file-upload abilities (remember when the "file path" field disappeared from HTML file controls?), so it's just not possible for a stupid little Javascript playtime script to go stealing wallet.dats. That's the point I was making.

Allright, thanks for clearing that up, man. Cause you had my hard stop for a second there.

[FalconFour]

Allright, thanks for clearing that up, man. Cause you had my hard stop for a second there.

lmao. Sorry 'baut that. No, for that very reason - that browsers store passwords in a common file - is exactly why browsers are so paranoid about preventing web scripts from interacting with the local file system. They're run in little sandboxes, and it while it's not entirely impossible to hack around those safeguards, it would take an *entirely* different set of hacks to do so, not just a "display random funny Cosbycoin/uplaoding walletdat" image randomizer to do so

[smurfix]

Salting bascially changes the original value and the comparison value with a known figure so the hashes can't be referenced to a lookup table, and so they can't be broken without knowing the salt value. Oh wait, we know the salt value now. Haha, that was easy™.

Again, with the big exclamation of, "Everyone lock your doors, they might have gotten a copy of the KEY TO THE KINGDOM! *attachment: high-res picture of key to the kingdom.jpg*"

You forget that everybody and their dog can just go and check out the forum PHP code themselves, and examine the password hashing algorithm in detail.

This mess. ultimately, is the PHP language authors' fault. They seem to argue that securing your scripts (and not just from SQL injections) is the programmer's problem.
A properly designed SQL interface (with prepared statements and placeholders) makes writing code that's prone to injections more difficult to write than code which isn't.
In PHP, it's the other way round, and the language authors don't think that's a problem.

Well, I happen to disagree, rather vehemently in fact, which is why I try to encourage people to program their web sites in some other language (Python for instance), and why every single PHP-using website on my server runs in a FastCGI sandbox and has (almost) no access to the rest of the system.

[molecular]

Allright, thanks for clearing that up, man. Cause you had my hard stop for a second there.

lmao. Sorry 'baut that. No, for that very reason - that browsers store passwords in a common file - is exactly why browsers are so paranoid about preventing web scripts from interacting with the local file system. They're run in little sandboxes, and it while it's not entirely impossible to hack around those safeguards, it would take an *entirely* different set of hacks to do so, not just a "display random funny Cosbycoin/uplaoding walletdat" image randomizer to do so

No problem. It's this damn paranoia lately. Who knows? Some browser exploit, whatever...

I happy I made you laugh, though. Much needed in these forums nowaday

[error]

This mess. ultimately, is the PHP language authors' fault. They seem to argue that securing your scripts (and not just from SQL injections) is the programmer's problem.
A properly designed SQL interface (with prepared statements and placeholders) makes writing code that's prone to injections more difficult to write than code which isn't.
In PHP, it's the other way round, and the language authors don't think that's a problem.

PHP has this...now. The old insecure way is "deprecated" which means because so many billions of lines of deployed code depend on it, it'll be forever before it gets removed.

[TiagoTiago]

Btw, do you guys got an ETA when SMF is gonna have the fix for the zeroday officially released so you can talk about it openlly?

[BCEmporium]

PHP has this...now. The old insecure way is "deprecated" which means because so many billions of lines of deployed code depend on it, it'll be forever before it gets removed.

That "this" was what made PHP insecure. After that "java-like piece of crap" came along magic_quotes_gpc defaults to off and "deprecated", as many don't seek this settings in php.ini their sites become vulnerable to SQLi.
PDO is the typical piece of "paranoia-security", deem all unsafe because a paranoiac found something else more "safe"...

[c_k]

Thinking about it with all the information available now. Imagine yourselves in Theymos and Sirius position. I understand that they used 3rd party plugin for simple machine forum to collect donations as such importing SQL injection vulnerability. Than eventually Cosby came to wreck the forum. Once they know it, they shut down the forum. So far so "good".

Now they have no skill to sort it themselves. They do have to bring someone in. Who can they bring? This is already all over the news. Sirius resigns and asks for help from "devs". Mark surely is right here with an offer of help, but there are some voicing privacy and de-decentralisation worries.

What could they do. They surely can not bring someone like me in, since I am being so adversarial here. Who else? not many offers were sent on that mailing list. They have chosen Mark. Even though it is probably a mistake, their choice is perfectly understandable.

They should have brought in some independent security professional instead of mtgox or me or anyone else with clear conflict of interests. They should have been more open and issue at least some kind of statement ASAP. Things could have been handled better. But hey nobody is perfect.

What you evidently fail to realise is that nothing is set in stone, why don't you have a calm and constructive discussion with the owners of the site and organise something like you're suggesting?

Focus on the future, make a change and become the positive next step in the sites future history.

I'd rather read about how you were the savior instead of the armchair critic who instead simply points out everything that went wrong and tries to get everyone to go to his forum instead.

[Xenland]

WHAT PROGRAMMER IN THEIR RIGHT MIND SALTS WITH THAT KIND OF DATA!?!?!

A good programmer would salt the data that is in a file, but then again, I guess I'm looking like an ass whole becuase the attacker could have just ran exe('vi /www/salt_location/saltfail.txt'); or something of the like.... lol Different forum software I guess right? wtf why do people use these forums even after an attack? sounds retarded.

anyways you guys have fun... this forum is funner then watching Jersey Shore....

[BCEmporium]

You mean exec and it's cat not vi. Vi would open the file to edit, cat shows its content.

What's retarded about using a forum?! Supposedly there's no financial data here, nothing but baloney and chit-chat. So nothing to worry about, let the "hacker" be happy.

[Xenland]

You mean exec and it's cat not vi. Vi would open the file to edit, cat shows its content.

What's retarded about using a forum?! Supposedly there's no financial data here, nothing but baloney and chit-chat. So nothing to worry about, let the "hacker" be happy.

Yep you are correct, however , i'm not going the mile to checking the validity of my post for every single word. This forum isn't really that worth the integrity.

[defxor]

WHAT PROGRAMMER IN THEIR RIGHT MIND SALTS WITH THAT KIND OF DATA!?!?!

Anyone who understands what salt is and why it is used? Using the nickname as salt instead of a random value doesn't change the fact that it makes rainbow table lookups useless. Salt is never a secret and doesn't protect against brute forcing anyway.

http://en.wikipedia.org/wiki/Salt_(cryptography)

[Xenland]

WHAT PROGRAMMER IN THEIR RIGHT MIND SALTS WITH THAT KIND OF DATA!?!?!

Anyone who understands what salt is and why it is used? Using the nickname as salt instead of a random value doesn't change the fact that it makes rainbow table lookups useless. Salt is never a secret and doesn't protect against brute forcing anyway.

http://en.wikipedia.org/wiki/Salt_(cryptography)

My theory was that if someone were to set a static salt in a file and the attacker only downloaded the database it would render useless(this only works if the salt length is of a long length such as 64characters long mininum).

Thats just my thoery, any great ideas on protecting your self bruteforcing for this particular situatiom?

[defxor]

My theory was that if someone were to set a static salt in a file and the attacker only downloaded the database it would render useless(this only works if the salt length is of a long length such as 64characters long mininum).

Thats just my thoery, any great ideas on protecting your self bruteforcing for this particular situatiom?

You cannot protect a password hash from brute forcing and still allowing an authentication system to work. Some seem to mistake salt for a secret nonce (which it isn't) which would just make the database of secret nonces into another password database. There's no reason to suspect two databases to be more secure than one.

Salt's only purpose is to make rainbow table lookups ineffective/useless. The salt used on this forum succeeded in doing that. I'm worried about the lack of basic crypto terminology and usage in some posts here.

[Xenland]

My theory was that if someone were to set a static salt in a file and the attacker only downloaded the database it would render useless(this only works if the salt length is of a long length such as 64characters long mininum).

Thats just my thoery, any great ideas on protecting your self bruteforcing for this particular situatiom?

You cannot protect a password hash from brute forcing and still allowing an authentication system to work. Some seem to mistake salt for a secret nonce (which it isn't) which would just make the database of secret nonces into another password database. There's no reason to suspect two databases to be more secure than one.

Salt's only purpose is to make rainbow table lookups ineffective/useless. The salt used on this forum succeeded in doing that. I'm worried about the lack of basic crypto terminology and usage in some posts here.

I think you assume too much. I'm dont find the need to prove my self of how valid my programming skills are based on how well i use accurate teminology especially over the internetz! Lol!

[neptop]

@Xenland: He just thinks that you probably have no idea about salts, which appears to be true. This isn't about terminology.

@defxor: You shouldn't wonder about the lack of knowledge. There are a lot of people who join the forum Bitcoin, because it sounds like easy money. What really worries me is that some people could actually share information in PMs that they shouldn't. This also isn't good for the operators of the forum. I am not sure whether this is true for the US, but in many parts of Europe the operators could receive a lot of legal threats making it very vulnerable to a take down.

[gat3way]

My theory was that if someone were to set a static salt in a file and the attacker only downloaded the database it would render useless(this only works if the salt length is of a long length such as 64characters long mininum).

Thats just my thoery, any great ideas on protecting your self bruteforcing for this particular situatiom?

Not that good idea. This all lies on the assumption that the attacker would not be able to access the filesystem which is not necessarily the case. Depending on configuration, the user might be able to read arbitrary files using e.g mysql's LOAD_FILE(). The forum software might have other attack vectors like LFI that would allow reading the file. The salt file should be outside the document root but that would break some (already inefficient) security mechanisms like open_basedir. Short enough salts would fall victim to simple attacks (like registering an user with a single-character password then bruteforcing to obtain the salt). But what's worst - you'd have a single salt for all the passwords that way. This is enough to thwart rainbow table attacks if salt is long enough (even 10 bytes of salt is enough to render readily available tables useless). But there is also another huge advantage of using salts which you are losing by using a single common salt. You turn the complexity of a hash crack attack from (nearly) O(1) to O(N) where N is the number of passwords. That's because if all passwords have the same salt, you do:

1) hash = H(salt,password)
2) compare hash to all the hashes in the list.

overall that's one compute-intensive operation per candidate


if you have many salts, you need to do the following:

for each hash K in the list do:
  1) hash = H(salt, password)
  2) compare hash to K

overall that's N compute-intensive operations per candidate where N=number of users.


So yes, it might be a good idea if you can guarantee that the attacker would never get the salt. Once it gets it though, you lose a great deal of the time that password hashing buys you prior to your hacker obtains your password. For a forum of 1000 users, cracking the passwords using a single common salt would be up to 1000 times faster than cracking 1000 passwords with different salts.

[Xenland]

My theory was that if someone were to set a static salt in a file and the attacker only downloaded the database it would render useless(this only works if the salt length is of a long length such as 64characters long mininum).

Thats just my thoery, any great ideas on protecting your self bruteforcing for this particular situatiom?

Not that good idea. This all lies on the assumption that the attacker would not be able to access the filesystem which is not necessarily the case. Depending on configuration, the user might be able to read arbitrary files using e.g mysql's LOAD_FILE(). The forum software might have other attack vectors like LFI that would allow reading the file. The salt file should be outside the document root but that would break some (already inefficient) security mechanisms like open_basedir. Short enough salts would fall victim to simple attacks (like registering an user with a single-character password then bruteforcing to obtain the salt). But what's worst - you'd have a single salt for all the passwords that way. This is enough to thwart rainbow table attacks if salt is long enough (even 10 bytes of salt is enough to render readily available tables useless). But there is also another huge advantage of using salts which you are losing by using a single common salt. You turn the complexity of a hash crack attack from (nearly) O(1) to O(N) where N is the number of passwords. That's because if all passwords have the same salt, you do:

1) hash = H(salt,password)
2) compare hash to all the hashes in the list.

overall that's one compute-intensive operation per candidate


if you have many salts, you need to do the following:

for each hash K in the list do:
  1) hash = H(salt, password)
  2) compare hash to K

overall that's N compute-intensive operations per candidate where N=number of users.


So yes, it might be a good idea if you can guarantee that the attacker would never get the salt. Once it gets it though, you lose a great deal of the time that password hashing buys you prior to your hacker obtains your password. For a forum of 1000 users, cracking the passwords using a single common salt would be up to 1000 times faster than cracking 1000 passwords with different salts.

Finally someone with an intelligent answer to salts.
This makes perfect sense.

I do however don't think that using the username as a salt helps scince the attacker would already know that the forum is salted with usernames..so wouldn't they just point their brutforcing problem to query for the username first before the bruteforce attempt?

[theymos]

I do however don't think that using the username as a salt helps scince the attacker would already know that the forum is salted with usernames..so wouldn't they just point their brutforcing problem to query for the username first before the bruteforce attempt?

Salt offers no protection at all from bruteforcing. It is only used to prevent attackers from using rainbow tables.

[Inaba]

I do however don't think that using the username as a salt helps scince the attacker would already know that the forum is salted with usernames..so wouldn't they just point their brutforcing problem to query for the username first before the bruteforce attempt?

Salt offers no protection at all from bruteforcing. It is only used to prevent attackers from using rainbow tables.

If you think that, you really don't understand the purpose of salts.  Gat3way detailed it fairly well, which explains why salts (when properly implemented) offer some protection against bruteforcing and, as you correctly stated, rainbow tables.  However, a properly implemented salt system increases the compute requirement for bruceforcing dramatically, slowing own the bruteforce by a factor inversely proportional to the complexity of the salt. (I think that's how the formula works out, but in any case, it does indeed offer protection against brute force attacks.)

Properly implemented random salts will make the compute requirement on a given dataset a minimum of 3x harder/slower, and that amount can be increased by an order of magnitude depending on how it's handled.

In the end, it's all about how many operations are required to test a hash.  The more operations required, the longer it takes.  When it takes one operation to test a hash, as in the case of say for BTC mining, even adding an additional operation doubles the time it would take to solve. 

[runeks]

The principle of this browser extension is that at any site where you are asked to enter a password, the extension will enter a password that is sha256(<your password of choice> + domain) (or any other cryptographic hash function). For example, if my chosen password is "masterpassword", the password that would be used to log into gmail.com would be sha256("masterpasswordgmail.com") (=9b2b649d3124c81093f9080a88b9d3723940dfe0707d8524d0403c9641bc99c3).

According to your description you only get entropy matching your password. Unless your password is a complex 12 char password that means an attacker can still bruteforce it. While they do need to know that your passwords are generated this way, they have knowledge of the domain of the site and the above indeed looks like an obvious hash.

Security by obscurity isn't.

Passwords don't need to be complex and 12 chars to be high entropy but you make a valid point. This method is not meant to attain a higher entropy password than what was put in, it's purpose is to not reveal your master password.
These types of plugins are meant to be used with an already hard-to-crack password. For example one created with the following command (in Linux):

Code:

shuf -n 6 --random-source=/dev/random /usr/share/dict/words

which gives us about 10³⁰ combinations or about 100 bits of entropy.

[theymos]

However, a properly implemented salt system increases the compute requirement for bruceforcing dramatically, slowing own the bruteforce by a factor inversely proportional to the complexity of the salt. (I think that's how the formula works out, but in any case, it does indeed offer protection against brute force attacks.)

No, it doesn't. The attacker always has the salt, so he doesn't need to bruteforce that, and hashing differently-sized data has no difference in speed when both sizes take up the same number of hash blocks. All password+salt strings under 512 bits take the same amount of time to compute with SHA-1.

Gat3way described how you can create rainbow tables for password sets when you don't use unique salts for each password.

[neptop]

I do however don't think that using the username as a salt helps scince the attacker would already know that the forum is salted with usernames..so wouldn't they just point their brutforcing problem to query for the username first before the bruteforce attempt?

Salt offers no protection at all from bruteforcing. It is only used to prevent attackers from using rainbow tables.

If you think that, you really don't understand the purpose of salts.  Gat3way detailed it fairly well, which explains why salts (when properly implemented) offer some protection against bruteforcing and, as you correctly stated, rainbow tables.  However, a properly implemented salt system increases the compute requirement for bruceforcing dramatically, slowing own the bruteforce by a factor inversely proportional to the complexity of the salt. (I think that's how the formula works out, but in any case, it does indeed offer protection against brute force attacks.)

Properly implemented random salts will make the compute requirement on a given dataset a minimum of 3x harder/slower, and that amount can be increased by an order of magnitude depending on how it's handled.

In the end, it's all about how many operations are required to test a hash.  The more operations required, the longer it takes.  When it takes one operation to test a hash, as in the case of say for BTC mining, even adding an additional operation doubles the time it would take to solve. 

I think you are saying it in the wrong way. "Protection against brute force" is simply a stupid thing to  say. Ever heard of key strengthening/stretching? I guess this would be a better method. Increasing the effort for a brute force shouldn't be described as "protecting from a brute force" (which would mean that you have something that prevents a brute force). You could also switch to an algorithm like CubeHash (it dropped out of the SHA-3 competition for being to slow, but it's relatively simple) if you want to do this. Salts are against rainbow tables.

[TiagoTiago]

Would it help if the salt instead of the plain username was a tripple SHA512 of the username?

[Inaba]

No, it doesn't. The attacker always has the salt, so he doesn't need to bruteforce that, and hashing differently-sized data has no difference in speed when both sizes take up the same number of hash blocks. All password+salt strings under 512 bits take the same amount of time to compute with SHA-1.

Yes, it does.  You can only hash one user at a time if you operate under the constraints you've outlined.  If you want to hash multiple users, you will have to compute the password + salt for each user over each iteration, increasing your compute time.  If you want to brute force just one user, then I would agree with you, but we aren't talking about brute forcing a user, we're talking about compromising a database.  You have no knowledge as to whether a given user has a strong or weak password, so forcing one user is folly.  Forcing a large database, and you are almost guaranteed to have at least one user with a weak password.  Using random salts will cause the brute force to take a minimum of 2x - 3x longer than using static (or no salts), thereby offering you protection against brute force in the time it takes to yield a result (double or treble).

Gat3way described how you can create rainbow tables for password sets when you don't use unique salts for each password.

What kind of dumbass would use static salts to salt a password database in this day and age?  Yes, you can outline all sorts of broken implementations of salting and point to them and say see they don't offer any protection!  But that is also a folly.  A broken implementation is a broken implementation and it's no surprise that something that's broken doesn't offer the kind of protection it should.

I think you are saying it in the wrong way. "Protection against brute force" is simply a stupid thing to  say. Ever heard of key strengthening/stretching? I guess this would be a better method. Increasing the effort for a brute force shouldn't be described as "protecting from a brute force" (which would mean that you have something that prevents a brute force). You could also switch to an algorithm like CubeHash (it dropped out of the SHA-3 competition for being to slow, but it's relatively simple) if you want to do this. Salts are against rainbow tables.

Yes, that would be a better method.  But we are talking about salting, so I was addressing that.  Why would you not describe doubling (or more) the amount of time it takes to brute force a password as "protection?"  Protection does not mean it prevents it.  It CAN mean that it prevents it, but the definition of protection is not solely limited to prevention... otherwise why have "protection" and not "prevention?"  The wrapper on a condom says it offers protection against STD's... but no condom company is going to offer "prevention" of STD's, since no method is 100% effective... just like protection against brute forcing.  The very nature of brute forcing makes it impossible to prevent - that's why it's brute force.  The only thing you can do is protect against it as best you can.

Are there better methods to protect against brute forcing than salting?  Absolutely.  Is salting somehow not a protection?  No.  It's a first line defense/protection against rudimentary brute force.  As the brute force gets more sophisticated, the protection also needs to get more sophisticated.

[theymos]

You can only hash one user at a time if you operate under the constraints you've outlined.

Right. Because there's a salt, so rainbow table attacks are prevented.

You said:

Gat3way detailed it fairly well, which explains why salts (when properly implemented) offer some protection against bruteforcing and, as you correctly stated, rainbow tables.  However, a properly implemented salt system increases the compute requirement for bruceforcing dramatically, slowing own the bruteforce by a factor inversely proportional to the complexity of the salt.

So you're saying that salts are helpful against attacks that do not use rainbow-table-like attacks. That is, you're saying that an attacker trying to reverse a single hash without looking at other hashes (a brute-force attack as opposed to a rainbow table attack) is worse off when there is a known salt present. This is false. In almost all password systems, salts are less than 32 characters, which does not make brute-forcing of a single hash any slower. If you're trying to slow down brute-forcing, you typically increase the number of hash iterations, which doesn't require you to store more data.

[Xenland]

You can only hash one user at a time if you operate under the constraints you've outlined.

Right. Because there's a salt, so rainbow table attacks are prevented.

You said:

Gat3way detailed it fairly well, which explains why salts (when properly implemented) offer some protection against bruteforcing and, as you correctly stated, rainbow tables.  However, a properly implemented salt system increases the compute requirement for bruceforcing dramatically, slowing own the bruteforce by a factor inversely proportional to the complexity of the salt.

So you're saying that salts are helpful against attacks that do not use rainbow-table-like attacks. That is, you're saying that an attacker trying to reverse a single hash without looking at other hashes (a brute-force attack as opposed to a rainbow table attack) is worse off when there is a known salt present. This is false. In almost all password systems, salts are less than 32 characters, which does not make brute-forcing of a single hash any slower. If you're trying to slow down brute-forcing, you typically increase the number of hash iterations, which doesn't require you to store more data.

To everyone that thought i didn't know anything about salts....
Didn't I just say something this earlier about a page back?

But "noooo!!!" everyone was just thinking I was just putting sea-salt on meh hardware encryption function. LOL

Theymos YTMND

[Inaba]

You can only hash one user at a time if you operate under the constraints you've outlined.

Right. Because there's a salt, so rainbow table attacks are prevented.

Stop cherry picking your argument and address the matter at hand.  Yes, brute forcing one user at a time with or without a salt would take the same amount of time.  That is NOT a realistic scenario in the case of a database being compromised.  Once again, you can take an outlying case and make it say anything you want.  We aren't talking about tailor made cases to fit your conjecture.

You said:

Gat3way detailed it fairly well, which explains why salts (when properly implemented) offer some protection against bruteforcing and, as you correctly stated, rainbow tables.  However, a properly implemented salt system increases the compute requirement for bruceforcing dramatically, slowing own the bruteforce by a factor inversely proportional to the complexity of the salt.

So you're saying that salts are helpful against attacks that do not use rainbow-table-like attacks. That is, you're saying that an attacker trying to reverse a single hash without looking at other hashes (a brute-force attack as opposed to a rainbow table attack) is worse off when there is a known salt present. This is false. In almost all password systems, salts are less than 32 characters, which does not make brute-forcing of a single hash any slower. If you're trying to slow down brute-forcing, you typically increase the number of hash iterations, which doesn't require you to store more data.

I am not saying that.  I said NOTHING like that.  In fact, I said EXACTLY THE OPPOSITE.  Re-read what I wrote.

A realistic scenario is an attacker brute forcing an entire (or large subset of the entire) user table of a database.  Trying to brute force a single user without knowing the strength of the underlying password is just dumb.  Unless you need access to a specific user for a specific purpose, you are going to attack the whole database to get at the weakest passwords as quickly as possible.

This is where a properly implemented salt system protects you, and protects you fairly well, from a brute force attack.  

Broken salt implementation with no protection:

In a static salt (or no salt) situation (both being broken implementations of a salting mechanism), the attacker has already precomputed the salt and then compares the hashes + salt.  Ok, no advantage there.  Duh!  

1 try = 1 cycle

Properly implemented salt:

Random salt.  The attacker can not pre-compute the salt, because it's different for every user.

1 cycle = gather salt into memory
1 cycle = compute salt
1 cycle = compare salt + password hash

1 try = 3 cycles.  Ta-da!  You've just increased the time it takes to brute force a dataset by 3x.

With some nifty coding, you might be able to combine two of those steps.  You've still DOUBLED the time it takes to brute force a dataset.

I would say a 2 - 3x increase in brute force time is some hefty protection, personally.  You can disagree all you want, but the fact remains that properly implementing salt is a first line defense against brute forcing and when properly implemented is going to thwart all but the most determined crackers.  A static salt is fairly worthless for anything but thwarting a rainbow table, so quit holding up static salts as your pivotal argument, since that is not what we are talking about.   We are talking about properly implemented salting mechanisms.  Static salts are not properly implemented.

PS -

I forgot to address this:

In almost all password systems, salts are less than 32 characters, which does not make brute-forcing of a single hash any slower. If you're trying to slow down brute-forcing, you typically increase the number of hash iterations, which doesn't require you to store more data.

So again, you are holding up some sort of broken password system as an example of why password systems don't work?  I don't understand your chain of logic.  What properly implemented salt system would use a short salt, besides maybe crypt?  But, by your logic, then a > 32 character salt would offer protection?  That being the case, you've just agreed with everything I've been saying and invalidated your entire argument.

[terrytibbs]

Man, theymos,
You're really good at jumping around the elephant in the room.

Yours Truly,
Terry.

[BCEmporium]

Properly implemented salt:

Random salt.  The attacker can not pre-compute the salt, because it's different for every user.

1 cycle = gather salt into memory
1 cycle = compute salt
1 cycle = compare salt + password hash

1 try = 3 cycles.  Ta-da!  You've just increased the time it takes to brute force a dataset by 3x.

Compute salt?!  
And you will salt the salt? Or it's a plain hash?  

Or your idea is for have some sort of hidden function that will render salt's value?

[mizerydearia]

Theymos YTMND

Someone should post something (worthy) at http://theymos.ytmnd.com/

[gat3way]

Just want to point out some things.

First off it's incorrect that candidates of length <=64 bytes take the same time to hash. The "boundary" in question (after which you calculate another compression function for the padding) is 55. Remember you need to add a 1 bit which would overwrite the last 8 length bytes.

Also depending on implementation, calculating hash of a 4-byte candidate might be faster than calculating say 32-byte candidate hash. That's because there is a common optimization that can be done: if w

• is always zero, then you can skip some of the ALU operations regarding it. That's because X ^0 = X and X+0=X and X|0=X and so on.

Key stretching (e.g PBKDF or using phpass) is the common way to increase security. However that comes at a cost. Large forums with many users and lots of authentication attempts would consume a lot of CPU resources.

[defxor]

To everyone that thought i didn't know anything about salts....
Didn't I just say something this earlier about a page back?

No.

I still don't get why people believe salt is about increasing the difficulty in brute forcing. While it may be a side effect depending on how it's implemented, the main purpose is in making rainbow tables inefficient.

Yes, brute forcing one user at a time with or without a salt would take the same amount of time.

Exactly, but it has to be explained here since quite a few seem to believe otherwise.

Properly implemented salt:

Random salt.  The attacker can not pre-compute the salt, because it's different for every user.

Random vs the username, as was the case here, then? Are you trying to claim that using the username as salt makes it static over the whole database??

If not, the difference between random and username becomes slim. This whole discussion began with self-appointed security experts claiming there was something inherently stupid in using the username as salt.

[BCEmporium]

And this keeps going around...
Anyone mind to explain WTF is a "random salt" in a sense it needs to be computed?!

Something like:

Code:

<?php
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$charsToUse = mt_rand(8,25);
$salt = "";
for($l = 0; $l < $carsToUse; $l++){
    $char = mt_rand(0,strlen($chars)-1);
    $salt .= $chars[$char];
}
md5($pass,$salt);
?>

?!
Sounds nice? Am I listening a "security bullshitter" about the MD5? Rest assure! This function is so damn secure that no one will be able to decrypt it, even if it's MD5... even if brutteforced all it can renders is something out of a collision, not by any chance your actual password.

A small glitch, as we don't store the salt anywhere and it is plainly random, there's no way for anyone to log in. A small detail, but... hey... it's secure.  

[Inaba]

Not quite.  I should have been more specific.  

A different salt is used for each user, and it might as well be random since it's completely arbitrary.  You have to gather the unique salt into a variable, pass it and the password candidate along to the hashing function, compare the hash result.  With a static salt, you do not have to gather the salt and you can have your comparison routine just run that salt against the password hash.

When using the username, the username is already collected and ready to go as well, so using that is slightly less secure (is it a meaningful difference?  I dunno, never really ... ahem ... hashed it out).  

You have to store the random salt, you can't just pick one at random and hope for the best... but I assume you were being facetious in regards to that.

[BCEmporium]

Inaba,

The only way to do that by not storing the generated salt is by creating a function sort of:

Code:

<?php
function computeSalt($var_to_use_as_ground,$site_secret = "akljhe34907##!@3hjd"){
  $pw_pointer = 0;
  $salt = "";
   for($l = 0; $l < strlen($var_to_use_as_ground); $l++){
     if($pw_pointer >= strlen($site_secret)) $pw_pointer = 0;
     $salt .= $var_to_use_as_ground[$l] ^ $site_secret[$pw_pointer];
     $pw_pointer++;
  }
  return $salt;
}


//Example:
$pw = md5($receivedPwd,computeSalt($user['username'])); //be sure to use the username as in the database to not make it case-sensitive on login
?>

It had some entropy to the salt, as the only way to get the salt is by getting not only the database but the code itself also.
Nevertheless you won't be getting much, as within several samples the attacker would have enough to dump the xored var value.

[TiagoTiago]

I didn't see an answer so i'll repeat my question, would using a triple SHA512 hash of the username instead of the plain username be of any help?

[BCEmporium]

I didn't see an answer so i'll repeat my question, would using a triple SHA512 hash of the username instead of the plain username be of any help?

As we say in portuguese: "Nim" (mix não [no] and sim [yes])

It would be better to input a random number of turns instead of fixed 3, let's say 3~6:

Code:

<?php
function genSalt($username){
   $rounds = mt_rand(3,6);
   $salt = $username;
   for($l = 0; $l < $rounds; $l++){
     $salt = hash("sha512",$salt);
  }
  return $salt;
}
function checkPass($username,$givenpass,$hashpass){
   $pointer = 0; 
   $salt = $username;
   for($l = 0; $l < 6; $l++){
      $salt = hash("sha512",$salt);
       $pointer++;
     if($pointer > 3){
        $test = hash("sha512",$givenpass.$salt);
        if($test == $hashpass) return true;
     }
  }
  return false;
}
?>

[Inaba]

Inaba,

The only way to do that by not storing the generated salt is by creating a function sort of:

Code:

<?php
function computeSalt($var_to_use_as_ground,$site_secret = "akljhe34907##!@3hjd"){
  $pw_pointer = 0;
  $salt = "";
   for($l = 0; $l < strlen($var_to_use_as_ground); $l++){
     if($pw_pointer >= strlen($site_secret)) $pw_pointer = 0;
     $salt .= $var_to_use_as_ground[$l] ^ $site_secret[$pw_pointer];
     $pw_pointer++;
  }
  return $salt;
}


//Example:
$pw = md5($receivedPwd,computeSalt($user['username'])); //be sure to use the username as in the database to not make it case-sensitive on login
?>

It had some entropy to the salt, as the only way to get the salt is by getting not only the database but the code itself also.
Nevertheless you won't be getting much, as within several samples the attacker would have enough to dump the xored var value.

I'm not sure what you're getting at, but I don't disagree with what you've said.  Although we are veering further away from the topic at hand.  Are you posing a question or other interrogative or just commenting?

[BCEmporium]

I'm not sure what you're getting at, but I don't disagree with what you've said.  Although we are veering further away from the topic at hand.  Are you posing a question or other interrogative or just commenting?

I'm checking and demonstrating in terms of real code what you are discussing about; Salt generation.

In fact that $algorithm$salt$hash of crypt
the hash:salt of many systems
is a handicap on encryption.

But what resembles to be the best solution on this on-demand generated salt with Open Source software would be to create a salt class with different approaches and let the site owner to select which to use within config. This way an attacker would have to guess first which salting method was used before attempt to attack, and within the availabilities to generate the salt and input; xored strings, substring of hashes, multiple round sha hashing, bitwise etc... this would may means he would grow old before achieve something, even to the weakest of passwords.

[defxor]

would have to guess first which salting method was used

http://en.wikipedia.org/wiki/Security_through_obscurity

There's no reason to make the salt a part of the complexity of brute forcing passwords. Educate the users instead. "Password strength" indicators are one of several good ways of doing that.

[BCEmporium]

Why everyone comes with "security by obscurity" without even KNOW what that stands for?!

In Open Source NOTHING is "obscure", it's a class with several flavors, creating entropy, not "obscurity".

Educate the users instead.

This is what I call "Fascistly Imposed Security".

We don't need no education
We dont need no thought control
No dark sarcasm in the classroom
Teachers leave them kids alone
Hey! Teachers! Leave them kids alone!

[defxor]

Why everyone comes with "security by obscurity" without even KNOW what that stands for?!

In Open Source NOTHING is "obscure", it's a class with several flavors, creating entropy, not "obscurity".

Feel free to write coherent posts. Either the attacker has to guess (obscurity) or not. In any case, you're completely missing the point of salt if you feel that's a suitable place in a crypto system to add stronger complexity.

[BCEmporium]

In passwords the attacker is attempting to «GUESS» the password. You may ADD OR REMOVE walls of his path, ENTROPY.

Such system will ADD WALLS for him to break before «GUESS» what we wants to get.

Salt alone inputs a "NO PRE-COMPUTED HASHES" wall, but it's normally plain text on itself. Your objection is like saying that ADD A WALL is wrong because you think of it to be "obscure".

[defxor]

You may ADD OR REMOVE walls of his path

Yes, that's the "obscurity" part of your reasoning. It doesn't provide any added level of (real) security. When designing a security system all forms of added levels of complexity are risks where there might be edge cases you haven't thought about. You want as few implementation parts as possible, while still giving you a provable level of security.

[BCEmporium]

You may ADD OR REMOVE walls of his path

Yes, that's the "obscurity" part of your reasoning. It doesn't provide any added level of (real) security. When designing a security system all forms of added levels of complexity are risks where there might be edge cases you haven't thought about. You want as few implementation parts as possible, while still giving you a provable level of security.

You really don't know what password attacks are all about, do you? It's NOT a matter of being brutte-force proof, because there's NOT and never will be such a thing. It's a matter of TIME. The part that really matters is the attack TIMELINE:

0 m - plain text passwords broken
5 m - unsalted md5 <= 12 chars broken (Rainbow); unsalted ripemd160 <= 8 chars broken...
30m - salted (plain salt) md5 <= 10 chars broken
(...)
1 year - salted (plain) SHA256 <= 12 chars broken
(...)

This is what you can play with: TIME. If you call taken attackers time "obscurity", then it's your problem. There's no edging on encrypt/generate the salt.
"Educate users" is what fascists do! There's nothing to "educate" there. Good security is passive, active security is bullshit as the user will certainly need security against its "security". Humans are the central part to take into account, not the machines.

[defxor]

You really don't know what password attacks are all about, do you?

I spent a few years, as a well paid consultant, designing and implementing crypto security systems on embedded platforms.

You?

(Everything described in my posts would be considered "best practices")

There's no edging on encrypt/generate the salt

Adding layers of encryption/hashing does not always increase security while always increasing implementation complexity. Your schemes are simply unnecessary, it's better to increase the password entropy.

[BCEmporium]

I really would love to know where you folks get those "well paid consultant" jobs!

[Raoul Duke]

I really would love to know where you folks get those "well paid consultant" jobs!

From his uncle...

[defxor]

I really would love to know where you folks get those "well paid consultant" jobs!

You shouldn't be too surprised that us who do end up at the forum of the world's first possibly-successful crypto currency.

[BCEmporium]

I really would love to know where you folks get those "well paid consultant" jobs!

You shouldn't be too surprised that us who do end up at the forum of the world's first possibly-successful crypto currency.

Well... I'm the kind of guy where people goes AFTER being "well paying" consultants... and AFTER it goes down. That's why I'm amazed by your kind to keep being "well paid".

[defxor]

Well... I'm the kind of guy where people goes AFTER being "well paying" consultants... and AFTER it goes down. That's why I'm amazed by your kind to keep being "well paid".

If you believe you're able to fool anyone who's read our posts here - fine by me I think you mistake low level microcontroller crypto implementation for "apt-get install apache" though. ("goes down"? really?)

[BCEmporium]

it's yum -i apache actually  

I don't give a damn about who readers believe in. I'm not seeking for a job here.
Let me guess, by microcontroller I must assume some Java PIC, by your posts I *REALLY* doubt you would touch ASM even with a 10 feet pole.  
"Java available for everything; crashing everywhere".

BTW: is that "elite coder" posture I use to find obnoxious; «I'm the coder, deem it unsafe, that unsafe, follow "my" standards, "teach"/"educate" users, all my systems are "good practices", all others' are "security by obscurity"...» GTFO!

[defxor]

Let me guess, by microcontroller I must assume some Java PIC, by your posts I *REALLY* doubt you would touch ASM even with a 10 feet pole.

I'm 40 years old and wrote my first assembler program when I was 12^a. You might want to let this one go, any basic level crypto 101 course will tell you the same things I've posted since they're considered to be common knowledge if you design and implement something with provable security.

"an attacker would have to guess first which salting method was used" is what disqualifies you outright in this argument btw

(I'm leaving this discussion here since I don't think it produces anything of value to theymos and the reasons he had when creating the thread)


a: Since, umm, that's what you had back then if you wanted to do anything remotely interesting.

[BCEmporium]

Isn't it funny that besides your self-claims I was the only one actually posting some lines of code showing some implementation and let someone try out to see how it would look, render, resources usage and so on?
From your kind I've "theories" and self-proclamation BS.

[phillipsjk]

For the record, this is the security through obscurity:

But what resembles to be the best solution on this on-demand generated salt with Open Source software would be to create a salt class with different approaches and let the site owner to select which to use within config. This way an attacker would have to guess first which salting method was used before attempt to attack, and within the availabilities to generate the salt and input; xored strings, substring of hashes, multiple round sha hashing, bitwise etc... this would may means he would grow old before achieve something, even to the weakest of passwords.

Salts are designed to defeat precomputed rainbow tables that may exist for many common hash functions. With a sufficiently long per-user salt, the time/memory trade-off rainbow tables provide no longer helps. The salt doesn't even have to be that "random" for that task (though I think the entropy should be comparable to password entropy).

[BCEmporium]

For the record, this is the security through obscurity:

But what resembles to be the best solution on this on-demand generated salt with Open Source software would be to create a salt class with different approaches and let the site owner to select which to use within config. This way an attacker would have to guess first which salting method was used before attempt to attack, and within the availabilities to generate the salt and input; xored strings, substring of hashes, multiple round sha hashing, bitwise etc... this would may means he would grow old before achieve something, even to the weakest of passwords.

Salts are designed to defeat precomputed rainbow tables that may exist for many common hash functions. With a sufficiently long per-user salt, the time/memory trade-off rainbow tables provide no longer helps. The salt doesn't even have to be that "random" for that task (though I think the entropy should be comparable to password entropy).

That's security by diversity, there's no obscurity as the attacker can still access the code of the class, what he can not know before hand is what function is being active without the config file.
It's quite the same of what you do with hashing, imagine if single hashing algorithm is used web-wide, this would be a leverage to a potential attacker, a single RT would be enough for all unsalted hashes and by now probably even 50 chars long pwds would be there.


EDIT: Thinking it over, this system have a big flaw, an attacker could register himself and by knowing how salt is generated would get the function quite easily- but this would be what some of you "obscurity bashers smart arses" should come with instead of pre-made sentences you barely know the meaning.

[Xenland]

I agree with all statements said, but I must say even making the hacker figure out which encryption method would only hold off a hacker for so long as they would take some time to crack the first one then it would be fairly easy to crack the rest.


[being sarcsum]
 Maybe we should just all get DNA-keys and we prick blood on a test strip and then we log in with our DNA no hashing algorithm needed.
[/end sarcasum]

[deepceleron]

I agree with all statements said, but I must say even making the hacker figure out which encryption method would only hold off a hacker for so long as they would take some time to crack the first one then it would be fairly easy to crack the rest.

Incorrect, that is what a salt is for. If simply the plaintext password is what is hashed and stored in a password database of 5000 users, then after I have brute forced all possible eight-character-long password hashes, any user accounts that used a password that length or less have been cracked - anything from "myLogin1" to "G0odPW69" have been found if any user has used a password that length or shorter. However, if the plaintext password plus some extra data (salt) that is unique per-user (and even mildly complex) is hashed to create the stored password hash, this means I have to brute force the password space for every user account individually, since there is no correlation between the hashes of users. Instead of being able to quickly find the weakest passwords in a database of 5000, I would now have to brute force crack every account.

[defxor]

imagine if single hashing algorithm is used web-wide, this would be a leverage to a potential attacker, a single RT would be enough for all unsalted hashes and by now probably even 50 chars long pwds would be there.

I lol'd.

Assuming just lower case + upper case + numbers, no special chars, that's 62^50. Converting to a more familiar base 2 representation it's equivalent to 2^298. Tell me, in which universe where you planning on storing that rainbow table, and for how many heat-death-of-the-universe-eons were you planning on creating it?

When you fail at math, you fail at crypto. Hard.

(edit: Number of atoms in the visible universe: 2^266)

[BCEmporium]

imagine if single hashing algorithm is used web-wide, this would be a leverage to a potential attacker, a single RT would be enough for all unsalted hashes and by now probably even 50 chars long pwds would be there.

I lol'd.

Assuming just lower case + upper case + numbers, no special chars, that's 62^50. Converting to a more familiar base 2 representation it's equivalent to 2^298. Tell me, in which universe where you planning on storing that rainbow table, and for how many heat-death-of-the-universe-eons were you planning on creating it?

When you fail at math, you fail at crypto. Hard.

(edit: Number of atoms in the visible universe: 2^266)

It's an expression, not a math number. I merely mean that if a single hashing algorithm was used in the planet, the RT for it would be by now enough to consider such algorithm more than broke. By having diversity, the hashing power has to split over the options, slowing down the process...

[defxor]

I merely mean that if a single hashing algorithm was used in the planet, the RT for it would be by now enough to consider such algorithm more than broke.

We understand what you mean. We're just proving you wrong.

Sadly you don't know enough math to understand it.

[BCEmporium]

Wrong in what?! 

That a 62^50 db is impossible to store? It is... at least so far, and even if possible to store would be impossible to query.
But your statement proved that you, sir, are a "square", unable to understand expressions and taking everything to literal arguments. Probably your brain has fused with your CPU already...

[defxor]

Wrong in what?! 

Everything you've posted with regards to the utility of security-by-obscurity.

That a 62^50 db is impossible to store? It is... at least so far

It's many orders of magnitude larger than the number of atoms in the universe. You fail at simple math.

[BCEmporium]

One guy came up with an idea: crypt the salt. I followed that idea, because unlike "square boxes", I like to follow ideas and see where they can get us.
Dodging arguments, some "square boxes" instead of looking for flaws came up with "security trough obscurity", an "argument" as valid as call someone "fascist" or other long-shot meaningless name.

It's many orders of magnitude larger than the number of atoms in the universe. You fail at simple math.

So I must assume we know the entire universe. Rather call it a day, we call all science academies to shut off, because defxor here just came with a number of atoms in the universe. Nothing more to see, humanity has done its job.

[fergalish]

So I must assume we know the entire universe. Rather call it a day, we call all science academies to shut off, because defxor here just came with a number of atoms in the universe. Nothing more to see, humanity has done its job.

Actually, he's more-or-less right; I mean, to within a couple of orders of magnitude: http://en.wikipedia.org/wiki/Observable_universe#Matter_content:

Two approximate calculations give the number of atoms in the observable universe to be close to 10^80.

10^80 is roughly 2^266.  Just knowing how many atoms there are doesn't tell you much about what those atoms are doing.  Please make sensible arguments.  A complete rainbow table for 50-char passwords is so-so-so-so-so many orders of magnitude beyond what the human race could ever possibly be capable of storing.  Even if there were 100 billion galaxies, each galaxy with 100 billion planets, each planet with 100 billion people, each person with 100 billion computers, each computer with 100 billion hard discs, each disc with 100 billion bytes, you still wouldn't even prick the surface.  AND, can you imagine the headaches your network administrator would have?

Actually, wait, maybe if someday instant worm-hole travel & communication to remote regions of the universe becomes possible, AND assuming that the actual universe is 10 billion times larger than the visible universe, AND humanity can convert EVERY SINGLE ATOM of it into a combined processor-storage-networking unit..... yeah, ok, could be done.

[BCEmporium]

So I must assume we know the entire universe. Rather call it a day, we call all science academies to shut off, because defxor here just came with a number of atoms in the universe. Nothing more to see, humanity has done its job.

Actually, he's more-or-less right; I mean, to within a couple of orders of magnitude: http://en.wikipedia.org/wiki/Observable_universe#Matter_content:

Two approximate calculations give the number of atoms in the observable universe to be close to 10^80.

10^80 is roughly 2^266.  Just knowing how many atoms there are doesn't tell you much about what those atoms are doing.  Please make sensible arguments.  A complete rainbow table for 50-char passwords is so-so-so-so-so many orders of magnitude beyond what the human race could ever possibly be capable of storing.  Even if there were 100 billion galaxies, each galaxy with 100 billion planets, each planet with 100 billion people, each person with 100 billion computers, each computer with 100 billion hard discs, each disc with 100 billion bytes, you still wouldn't even prick the surface.  AND, can you imagine the headaches your network administrator would have?

Actually, wait, maybe if someday instant worm-hole travel & communication to remote regions of the universe becomes possible, AND assuming that the actual universe is 10 billion times larger than the visible universe, AND humanity can convert EVERY SINGLE ATOM of it into a combined processor-storage-networking unit..... yeah, ok, could be done.

And...? This is pick on an exaggerated expression to divert the discussion to a non-sense place.
The French also say "tout le monde" when they want to refer to something widely known, yet I serious doubt "the entire World" actually knows about whatever they're talking about.
Still, by that path, we've subatomics... the atom isn't the smallest particle of the universe and whatever the future will bring us I simply can not know, can you? We're already dealing today with numbers of a magnitude someone on the XVIII century would consider intangible.

[fergalish]

And...? This is pick on an exaggerated expression to divert the discussion to a non-sense place.

No.  I'm being serious.  If those conditions should come about, then the table could be constructed.  Personally, I'm quite certain they never will.  Never ever.  Ever.  Period.  .

Still, by that path, we've subatomics... the atom isn't the smallest particle of the universe and whatever the future will bring us I simply can not know, can you? We're already dealing today with numbers of a magnitude someone on the XVIII century would consider intangible.

Yes, you're right.  If, as you say, humanity can also learn to store information in subatomic particles, and use those particles and communication and processing units, then the table will be constructed even sooner.  Again, personally, I think it's unlikely to happen before tomorrow morning's coffee, to say the least.

What do you think?  Are those conditions likely to come about soon?

[BCEmporium]

What do you think?  Are those conditions likely to come about soon?

Anything on such grounds would be mere speculation and sci-fi. Could happen a science breakthrough at any moment, can take centuries, can never happen if humanity is extinct before can reach it... an endless world of possibilities.

[phillipsjk]

I think I remember reading somewhere that there is not enough energy in the observable universe to even count to 2¹²⁸ using a "quantum" of energy each time. If true, it does not matter how densely you manage to pack your rainbow table (note rainbow tables don't generally store every possible hash explicitly AFAIK.)

From the same wikipedia page:

...a total mass for the observable universe of 3.35×10⁵⁴kg

We know that E=mc² = (3.35×10⁵⁴kg)(3.00x10⁸m/s)² = 3.015x10⁷¹ Joules (3 significant digits)

In trying to find out what a "quantum" is, I came across this page: Quantum energy. Apparently, the ammount of energy represented by a "quantum" is dependent on frequency and the plank constant (the smallest possible unit of measurement in the universe). Since you did not mention how many heat-deaths of the universe you wanted to wait, I will assume the machine is running at the temperature of the Cosmic microwave background radiation with a dominant frequency of 160.2 GHz (1.60x10¹¹Hz).

From the quantum energy page, the ammount of energy represented by a 'quantum' = (planks' constant)(frequency) = (6.62618x10^-34Js)(1.60x10¹¹Hz) = 1.0601888^-22J or 160yJ.

How high can you count using all of the energy in the known univese? (3.015x10⁷¹ J)/(1.0601888^-22J) = 2.84⁹³ ~= 2³¹⁰. Time required at 160.2GHz would be 5.63⁷⁴ years or about 1.52⁶⁵ times the estimated age of the universe. As I understand it, if you want to count faster, you need more energy. Counting is not embarasingly parallel, so I am not sure how the time estimate factors into generating a theoretical rainbow table.

Since the number thrown around earlier was 4.16x10⁸⁹ (or 2²⁹⁸) your theoretical rainbow table can use about 4096 quantums of energy (or 434zJ) for each hash.

PS: Rainbow tables may store some 50 character passwords, but they would likely have low entropy: consisting of published words/phrases.

[Alex Zee]

We know that E=mc² = (3.35×10⁵⁴kg)(3.00x10⁸m/s)² = 3.015x10⁷¹ Joules (3 significant digits)...

I love how the title of the topic is "Info about the recent attack" 

[BCEmporium]

We know that E=mc² = (3.35×10⁵⁴kg)(3.00x10⁸m/s)² = 3.015x10⁷¹ Joules (3 significant digits)...

I love how the title of the topic is "Info about the recent attack" 

Well, chaos evolution theory applies over all forum topics around the World. 

Picking up on the previous statements, looks like the impossible happened; a particle traveled faster than the speed of the light at CERN.

[Raoul Duke]

Well, chaos evolution theory applies over all forum topics around the World. 

Picking up on the previous statements, looks like the impossible happened; a particle traveled faster than the speed of the light at CERN.

I just hope they took a photograph of it... 

[Inaba]

Just toss a quantum computer down a singularity and pick it up after the next big bang around this time and BAM... you have your Rainbow table.  All you guys are so damned linear thinking.  In fact, I bet there's a computer at the bottom of the nearest black hole just waiting to be picked up...

[BurtW]

"We don't allow faster than light neutrinos in here" said the bartender. A neutrino walks into a bar.

Well it made me laugh...

[TiagoTiago]

"We don't allow faster than light neutrinos in here" said the bartender. A neutrino walks into a bar.

Well it made me laugh...

Me too, thx

[Bobnova]

Anybody notice that the pages keep saying "observable" universe?  There are more atoms, we just can't see far enough.
Plus who knows how many atoms are in black holes, anyway.

Sidenote:  Smooth move on running old forum software with known, easy, hacks.

[TiagoTiago]

Do atoms survive inside blackholes or are they ripped apart?

[legitnick]

Do atoms survive inside blackholes or are they ripped apart?

Only if you delete system32 first!