Online password protection

Hashes

Hopefully, no one saves passwords in plain text, as this would give an attacker access to all the stored passwords. Instead, the application generates a password hash and saves it. One type of password hash uses the MD5 message-digest algorithm. If a user enters the password banana, the application will generate the MD5 hash 72b302bf297a228a75730123efef7c41 and store the hash in its database. When the user logs in again with banana, the program passes on the password's hash value to the database for comparison. If an attacker gained access to this database, the assumption is that the attacker would have a whole bunch of unusable information, because the password cannot be decoded from the hash.

Today, MD5 hashes are considered insecure, because resourceful hackers have found a way to decipher the hashes. Using brute force to create a table with the hashes of all possible password combinations, hackers developed a rainbow table making it easy to decode the hash. In the MD5 example using 72b302bf297a228a75730123efef7c41, you can now simply google the string, and the search engine will come up with links to ready-to-use rainbow tables with the solution (Figure 1).

Figure 1: MD5 hashes can easily be translated back to the original passwords.

Adding a Pinch of Salt

To remedy this, you can extend the original password with an additional password that only the server knows – in other words, a salt. If you store a salt with a value of fasiurw24089sdau on the server and add the insecure user password banana to it, the result is a secure password that does not occur in any existing rainbow table.

While this sounds like a good solution, site operators must assume that an attacker also has access to this salt. In addition to stealing the database dump, the attacker could also have a copy of the complete configuration, which means that the salt is known. Since MD5 no longer generates any serious CPU load, the attacker could create a new rainbow table with this salt. And if money isn't a consideration for the attacker, they could use an Amazon Web Services cluster to do this in a short time.

Consequently, a single salt for the entire application is no longer considered secure. The next step is to generate a random salt for each individual account and store it in the database in addition to the hash, which raises the barrier considerably. An attacker would have to calculate the complete rainbow table for each account. However, with the MD5 algorithm and a high budget, this hurdle could be overcome.

Creating complete rainbow tables is only fast and cost-effective if the cryptographic hash function requires very little in terms of hardware resources (CPU and memory). With MD5, the computational overhead is ridiculously low from today's standpoint, which is why brute force attacks go through all possible password combinations.

Therefore, the goal is to create a hash that takes as many computer resources as possible to generate the solution without, of course, inadvertently reaching the other extreme – sluggish response times. After all, it makes no sense for users at login to have to wait a minute for the server to generate the entered password's hash and compare it with the database.

In the last Password Hashing Competition (PHC) in 2015 [10], developers compared 24 different hashing algorithms. The winner was Argon2 [11], which was developed by Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich of the University of Luxembourg. With Argon2, both the CPU and RAM load can be defined; this prompted vutuv to switch to Argon2, which uses a random 16-byte salt, starting with version 2 and later. Using Argon2 ensures that attackers no longer can create complete rainbow tables.

Password Choice

However, protecting password databases with hashes is only half the battle. Unfortunately, Internet users tend to use very simple and often common passwords. Figure 2 shows the 10 most commonly used passwords worldwide in 2018.

Figure 2: The 10 most commonly used passwords.

If an attacker gets a list of the 1,000 or even 10,000 most popular passwords and uses them to create a minimal rainbow table, he can't crack all the passwords, but he can crack many of them.

To protect vutuv users against this attack, we rely on the https://haveibeenpwned.com database for version 2. It contains the hashes of 551,509,767 accounts that have already been cracked elsewhere. Anyone using a password that has already been cracked will receive a warning from our login service.

This ensures that a normal system user, who does not care about password security, does not use a password that is really easy to crack. However, we leave it to the end user's discretion to heed or ignore this warning.

However, increasing computer speeds still pose a big risk. Even if an attacker does not create a complete rainbow table today, they may be able to do so in the future. For this reason, I would advise every Internet user to use a password manager that generates a new, random, and unique password for each website.

Internet users should assume that it is only a matter of time before any given account is hacked. In that instance, they will want to make sure that the hacked password does not work on any other site. In practical terms, this only works if users rely on a password manager.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

News