Bitcoin Forum
December 05, 2016, 08:47:42 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 5 »  All
  Print  
Author Topic: [Password Leak] LinkedIn database hacked  (Read 10311 times)
Xenland
Legendary
*
Offline Offline

Activity: 980


I'm not just any shaman, I'm a Sha256man


View Profile
June 06, 2012, 09:08:00 PM
 #21

http://CheaperInBitcoins.com salts its passwords with 254 random characters uniquly per account, along with appending another salt that is the customers ID# multiplied by an undisclosed number on top of requiring users/merchants/customers a password of 10 characters or more. so to visualise the hashing it would look something like this in pseudo code
Code:
hash("sha512", <random 254 characters> (<user_id> * <undisclosed number>) <customer/username password>)
1480970862
Hero Member
*
Offline Offline

Posts: 1480970862

View Profile Personal Message (Offline)

Ignore
1480970862
Reply with quote  #2

1480970862
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480970862
Hero Member
*
Offline Offline

Posts: 1480970862

View Profile Personal Message (Offline)

Ignore
1480970862
Reply with quote  #2

1480970862
Report to moderator
Steve
Hero Member
*****
Offline Offline

Activity: 868



View Profile WWW
June 06, 2012, 09:08:50 PM
 #22

"Just provide your password (which we hash with JavaScript; view source to verify) or a SHA-1 hash of your password below, and we'll check."

browser hashes password -----sends to server-----> server replies if hash matches.



Oh that's okay then... as long as it says "we're honest" on the website, it must be fine.
The source is available for anyone to read.

Just change your password on linkedin, then you don't need to worry about if the source is read able or anything. Problem Solved Smiley
Uhhh…as well as every other site where you may have happened to use the same username and password.  People really do need a way of testing whether specific passwords are in that list…because many may have forgotten what password they used (with browser autofill, etc) and if they reset it, well, that doesn't tell them which password has been compromised.  Otherwise, they may need to change every password on every site, which can be tedious.

Just more justification to use unique, generated passwords on every site.

(gasteve on IRC) Does your website accept cash? https://bitpay.com
Steve
Hero Member
*****
Offline Offline

Activity: 868



View Profile WWW
June 06, 2012, 09:16:04 PM
 #23

The safest thing you can do as a consumer is user a random password at each site.
Doing that is much easier with a dedicated password manager, like LastPass.
I prefer to use something that generates a password from a master instead of storing any passwords anywhere.  Here's one such solution:
http://passwordmaker.org/passwordmaker.html

You enter a master password and other details (like the domain name and user id) then it uses a hash function to generate a password that doesn't need to be stored anywhere.  It does all of that on the client, in the browser and you can access it from any computer with an internet connection and a browser (only on a computer you trust of course).

(gasteve on IRC) Does your website accept cash? https://bitpay.com
justusranvier
Legendary
*
Offline Offline

Activity: 1400



View Profile WWW
June 06, 2012, 09:21:04 PM
 #24

You enter a master password and other details (like the domain name and user id) then it uses a hash function to generate a password that doesn't need to be stored anywhere.  It does all of that on the client, in the browser and you can access it from any computer with an internet connection and a browser (only on a computer you trust of course).
I used a tool like that before but found it more convenient to use a tool that came with plugins for every browser I use including Android. I want my password manager to Just Work no matter which browser I am using so I've found it to be easier to disable the built-in managers and just use the LastPass plugin for everything.
Herodes
Hero Member
*****
Offline Offline

Activity: 868


View Profile
June 06, 2012, 09:56:10 PM
 #25

Cool thing is that linkedln easily could rename their service to leakedln. Whoever used linkedln anyway ?
Nefario
Hero Member
*****
Offline Offline

Activity: 602


GLBSE Support support@glbse.com


View Profile WWW
June 06, 2012, 10:09:35 PM
 #26

GLBSE uses BCrypt + salt

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
Stephen Gornick
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 06, 2012, 11:48:55 PM
 #27

Quote
So far 3,427,202 passwords have cracked from LinkedIn List Almost 50%Its been about 24 hours - The longest? a 29 letter sentence from Bible

 - https://twitter.com/CrackMeIfYouCan/status/210474428407103490

So, the "username" (LinkedIn doesn't use usernames, so that's e-mail address) hasn't been leaked.   So 3.4 million email passwords, maybe a quarter (more, I'ld bet) used the same password as their email, and PayPal.  So presuming a party with malicious intent has control of close to a million valid email accounts and passwords .

So from there, I'm guessing access to the email accounts gives "forgot password" capability to bank accounts.   Most of those will be slowed by a "mother's maiden name" mulltifactor security question, ... but there's probably thousands (or tens of thousands) of bank accounts that will get compromised as a result of this.   PayPal, without having a security question hurdle even more.   Dwolla uses a PIN #, ... hopefully not a whole lot of people used 4321 or 9999 PIN codes for that.

Aye ,... this could be painful.

justusranvier
Legendary
*
Offline Offline

Activity: 1400



View Profile WWW
June 07, 2012, 12:42:43 AM
 #28

Quote
So far 3,427,202 passwords have cracked from LinkedIn List Almost 50%Its been about 24 hours - The longest? a 29 letter sentence from Bible

 - https://twitter.com/CrackMeIfYouCan/status/210474428407103490

So, the "username" (LinkedIn doesn't use usernames, so that's e-mail address) hasn't been leaked.   So 3.4 million email passwords, maybe a quarter (more, I'ld bet) used the same password as their email, and PayPal.  So presuming a party with malicious intent has control of close to a million valid email accounts and passwords .

So from there, I'm guessing access to the email accounts gives "forgot password" capability to bank accounts.   Most of those will be slowed by a "mother's maiden name" mulltifactor security question, ... but there's probably thousands (or tens of thousands) of bank accounts that will get compromised as a result of this.   PayPal, without having a security question hurdle even more.   Dwolla uses a PIN #, ... hopefully not a whole lot of people used 4321 or 9999 PIN codes for that.

Aye ,... this could be painful.
I'm disappointed. According to LeakedIn my password is not part of the leak. It would have been interesting to see if anyone managed to crack my old password: h0NOl&tHgNr7ePTiayf7
BrightAnarchist
Donator
Legendary
*
Offline Offline

Activity: 853



View Profile
June 07, 2012, 12:52:21 AM
 #29

This pisses me off. Really, I mean really?? I thought LinkedIn was supposed to be professional. Every newb knows that you always want some salt with your hash ( and maybe some eggs too ). Otherwise it's bland and tasteless.
BCB
CTG
VIP
Legendary
*
Offline Offline

Activity: 966


BCJ


View Profile
June 07, 2012, 12:57:58 AM
 #30

Check This out.
http://shiflett.org/blog/2012/jun/leakedin
Link to Chris Shiflet's blog and another link to "Leakedin"
Their leaked password checker. 

Happy Hunting....
zhoutong
VIP
Hero Member
*
Offline Offline

Activity: 490


View Profile WWW
June 07, 2012, 01:11:30 AM
 #31

Honestly I feel it is going to take companies being force to publicly disclose their exact mechanism for storing passwords and face civil penalties for inaccurate disclosures.   I mean it is 2012 not 1971.  There is absolutely no possible excuse for not using bcypt (or similar) much less not even salting the passwords.     Security through obscurity is no security at all.

Maybe we can get such information from Bitcoin websites via public pressure.

So major Bitcoin businesses and exchanges how are you storing your passwords?
MtGox?
CampBX?
Bitcointalk?
Bitmit?
Deepbit?
Bitcoinica?

Any volunteers?

Bitcoinica: Salted BCrypt with 20 iterations. Enforce minimum 8 characters. It can take months to crack a simple password. (And I use this for all my future app projects. Also recommend everyone to do the same.)

Founder of NameTerrific (https://www.nameterrific.com/). Co-founder of CoinJar (https://coinjar.io/)

Donations for my future Bitcoin projects: 19Uk3tiD5XkBcmHyQYhJxp9QHoub7RosVb
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
June 07, 2012, 01:27:03 AM
 #32

It can take months to crack a simple password.
Only if it isn't in a dictionary somewhere already. But yes, even dictionary cracks are slowed down, somewhat.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
weex
Legendary
*
Offline Offline

Activity: 1063


Give me your tired, your poor, your huddled...


View Profile
June 07, 2012, 02:04:18 AM
 #33

We salt for the rainbow and iterate for the dictionary. You gotta love technology lingo.

TangibleCryptography
Sr. Member
****
Offline Offline

Activity: 476


Tangible Cryptography LLC


View Profile WWW
June 07, 2012, 02:42:54 AM
 #34

Bitcoinica: Salted BCrypt with 20 iterations. Enforce minimum 8 characters. It can take months to crack a simple password. (And I use this for all my future app projects. Also recommend everyone to do the same.)

I assume you mean Salted Bcrypt w/ workload=20, that is 2^20 = 1 million iterations.  Slightly harder. Smiley  A single round of bcrypt takes roughly 5x the clock cycles as long as SHA-256 (OpenCL optimized).  Thus bcrypt(20) is on the magnitude of 5 million times harder to crack than salted SHA-256 hash.

Another way to look at it.  If a hacker could brute force a given password hashed SHA-256 in 1 second it would take them 57 days on bcrypt(20).

There is absolutely no reason to use anything weaker than bcrypt (or similar chained iterative functions like PBKDF2 or scrypt).

pass - stupid
MD5(pass) - cryptographically weak
SHA-256(pass) - vulnerable to rainbow tables
SHA-256(pass.salt) - vulnerable to brute force
bcyrpt(pass,salt,2^10) - vulnerable to weak/common password list
bcyrpt(strongpass*,salt,2^10) - computationally infeasible to attack

strongpass being enforced by the site as
8+ char
not in dictionary
not in known password list
cytokine
Donator
Full Member
*
Offline Offline

Activity: 224



View Profile
June 07, 2012, 02:51:55 AM
 #35

Bitcoinica: Salted BCrypt with 20 iterations. Enforce minimum 8 characters. It can take months to crack a simple password. (And I use this for all my future app projects. Also recommend everyone to do the same.)

I assume you mean Salted Bcrypt w/ workload=20, that is 2^20 = 1 million iterations.  Slightly harder. Smiley  A single round of bcrypt takes roughly 5x the clock cycles as long as SHA-256 (OpenCL optimized).  Thus bcrypt(20) is on the magnitude of 5 million times harder to crack than salted SHA-256 hash.

Another way to look at it.  If a hacker could brute force a given password hashed SHA-256 in 1 second it would take them 57 days on bcrypt(20).

There is absolutely no reason to use anything weaker than bcrypt (or similar chained iterative functions like PBKDF2 or scrypt).

pass - stupid
MD5(pass) - cryptographically weak
SHA-256(pass) - vulnerable to rainbow tables
SHA-256(pass.salt) - vulnerable to brute force
bcyrpt(pass,salt,2^10) - vulnerable to weak/common password list
bcyrpt(strongpass*,salt,2^10) - computationally infeasible to attack

strongpass being enforced by the site as
8+ char
not in dictionary
not in known password list


And the best part about bcrypt is that you can dynamically adapt it over time to keep up with Moore's law. Just update the hash whenever after a user successfully logs in with the updated difficulty level.

With the SHA family, you're stuck.
niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
June 07, 2012, 06:11:09 AM
 #36

Would someone please explain this for the uninitiated: is there only one unique string (password) that corresponds to a given hash?  I believe the technical term is collision resistance, right?  Once you reverse the hash, can you know for sure that you got it right? If password is a dictionary word, it may be obvious, but how about if everyone were using random strings for their passwords? Would the hacker ever be able to know for sure if the reversed hash is the right one?

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
June 07, 2012, 06:19:42 AM
 #37

Would someone please explain this for the uninitiated: is there only one unique string (password) that corresponds to a given hash?  I believe the technical term is collision resistance, right?  Once you reverse the hash, can you know for sure that you got it right? If password is a dictionary word, it may be obvious, but how about if everyone were using random strings for their passwords? Would the hacker ever be able to know for sure if the reversed hash is the right one?

They don't reverse the hash that is pretty much impossible since these are one way mathematical functions. One input is one output, yet the output can't be reverse to get the original input. So what hackers do is use a dictionary and obvious password creating techniques to create a hash that will be matched against the the hashes they have. Random strings can work but hackers again can create these strings using just like 0000, 0001, 0002, to guess these passwords. Using capitals and numbers can throw it off making it that much more random. For website developers we slide in random Strings with the actual String they want to hash, those random strings are called salts to make the hash harder to crack, not salting can make it an easy couple weeks or if you have the right equipment, a couple of days to crack. People also double hash and triple hash with these salts making it even tougher cause the hacker doesn't know how many times you hash to create that string and can save a database hack like this one.

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
justusranvier
Legendary
*
Offline Offline

Activity: 1400



View Profile WWW
June 07, 2012, 06:21:16 AM
 #38

is there only one unique string (password) that corresponds to a given hash?
Theoretically there are are infinite number of inputs that will result in the same hash because the hash function outputs a fixed-length value but the input can be any length.
niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
June 07, 2012, 06:56:11 AM
 #39

is there only one unique string (password) that corresponds to a given hash?
Theoretically there are are infinite number of inputs that will result in the same hash because the hash function outputs a fixed-length value but the input can be any length.

Yes, thank you. Now, is this statement still true when a typical password is shorter than the 32-byte hash? 

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
zhoutong
VIP
Hero Member
*
Offline Offline

Activity: 490


View Profile WWW
June 07, 2012, 07:39:55 AM
 #40

is there only one unique string (password) that corresponds to a given hash?
Theoretically there are are infinite number of inputs that will result in the same hash because the hash function outputs a fixed-length value but the input can be any length.

Yes, thank you. Now, is this statement still true when a typical password is shorter than the 32-byte hash? 

For MD5: http://stackoverflow.com/a/2000014

Founder of NameTerrific (https://www.nameterrific.com/). Co-founder of CoinJar (https://coinjar.io/)

Donations for my future Bitcoin projects: 19Uk3tiD5XkBcmHyQYhJxp9QHoub7RosVb
Pages: « 1 [2] 3 4 5 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!