[Password Leak] LinkedIn database hacked

<< < (7/19) > >>

zhoutong:
Quote from: TangibleCryptography on June 06, 2012, 07:37:38 PM

Honestly I feel it is going to take companies being force to publicly disclose their exact mechanism for storing passwords and face civil penalties for inaccurate disclosures.   I mean it is 2012 not 1971.  There is absolutely no possible excuse for not using bcypt (or similar) much less not even salting the passwords.     Security through obscurity is no security at all.

Maybe we can get such information from Bitcoin websites via public pressure.

So major Bitcoin businesses and exchanges how are you storing your passwords?
MtGox?
CampBX?
Bitcointalk?
Bitmit?
Deepbit?
Bitcoinica?

Any volunteers?


Bitcoinica: Salted BCrypt with 20 iterations. Enforce minimum 8 characters. It can take months to crack a simple password. (And I use this for all my future app projects. Also recommend everyone to do the same.)

rjk:
Quote from: zhoutong on June 07, 2012, 01:11:30 AM

It can take months to crack a simple password.

Only if it isn't in a dictionary somewhere already. But yes, even dictionary cracks are slowed down, somewhat.

weex:
We salt for the rainbow and iterate for the dictionary. You gotta love technology lingo.

TangibleCryptography:
Quote from: zhoutong on June 07, 2012, 01:11:30 AM

Bitcoinica: Salted BCrypt with 20 iterations. Enforce minimum 8 characters. It can take months to crack a simple password. (And I use this for all my future app projects. Also recommend everyone to do the same.)


I assume you mean Salted Bcrypt w/ workload=20, that is 2^20 = 1 million iterations.  Slightly harder. :)  A single round of bcrypt takes roughly 5x the clock cycles as long as SHA-256 (OpenCL optimized).  Thus bcrypt(20) is on the magnitude of 5 million times harder to crack than salted SHA-256 hash.

Another way to look at it.  If a hacker could brute force a given password hashed SHA-256 in 1 second it would take them 57 days on bcrypt(20).

There is absolutely no reason to use anything weaker than bcrypt (or similar chained iterative functions like PBKDF2 or scrypt).

pass - stupid
MD5(pass) - cryptographically weak
SHA-256(pass) - vulnerable to rainbow tables
SHA-256(pass.salt) - vulnerable to brute force
bcyrpt(pass,salt,2^10) - vulnerable to weak/common password list
bcyrpt(strongpass*,salt,2^10) - computationally infeasible to attack

strongpass being enforced by the site as
8+ char
not in dictionary
not in known password list

cytokine:
Quote from: TangibleCryptography on June 07, 2012, 02:42:54 AM

Quote from: zhoutong on June 07, 2012, 01:11:30 AM

Bitcoinica: Salted BCrypt with 20 iterations. Enforce minimum 8 characters. It can take months to crack a simple password. (And I use this for all my future app projects. Also recommend everyone to do the same.)


I assume you mean Salted Bcrypt w/ workload=20, that is 2^20 = 1 million iterations.  Slightly harder. :)  A single round of bcrypt takes roughly 5x the clock cycles as long as SHA-256 (OpenCL optimized).  Thus bcrypt(20) is on the magnitude of 5 million times harder to crack than salted SHA-256 hash.

Another way to look at it.  If a hacker could brute force a given password hashed SHA-256 in 1 second it would take them 57 days on bcrypt(20).

There is absolutely no reason to use anything weaker than bcrypt (or similar chained iterative functions like PBKDF2 or scrypt).

pass - stupid
MD5(pass) - cryptographically weak
SHA-256(pass) - vulnerable to rainbow tables
SHA-256(pass.salt) - vulnerable to brute force
bcyrpt(pass,salt,2^10) - vulnerable to weak/common password list
bcyrpt(strongpass*,salt,2^10) - computationally infeasible to attack

strongpass being enforced by the site as
8+ char
not in dictionary
not in known password list



And the best part about bcrypt is that you can dynamically adapt it over time to keep up with Moore's law. Just update the hash whenever after a user successfully logs in with the updated difficulty level.

With the SHA family, you're stuck.

Navigation

[0] Message Index

[#] Next page

[*] Previous page