Slashdot Mirror

← Back to Stories (view on slashdot.org)

Passwords From PHPBB Attack Analyzed

Posted by Soulskill on from the convenience-trumps-security dept.

Robert David Graham writes "The hacker who broke into phpbb.com posted the passwords online. I was sent the password list, so I ran it through my analysis tools and posted the results. Nothing terribly surprising here; 123456 and password are the most popular passwords as you would expect. I tried to be a bit more creative in my analysis, though, to get into the psychology of why people choose the passwords they do. '14% of passwords were patterns on the keyboard, like "1234" or "qwerty" or "asdf." There are a lot of different patterns people choose, like "1qaz2wsx" or "1q2w3e." I spent a while googling "159357" trying to figure out how to categorize it, then realized it was a pattern on the numeric keypad. I suppose whereas "1234" is popular among right-hand people, "159357" will be popular among lefties.'"

20 of 299 comments (clear)

  1. 159357 popular with lefties? by LordKaT · · Score: 5, Funny

    The numeric keypad is on the right ... how exactly does this work out?

    1. Re:159357 popular with lefties? by Anonymous Coward · · Score: 5, Informative

      As in : left hand on the mouse, right hand free to type something ?

    2. Re:159357 popular with lefties? by Carewolf · · Score: 4, Insightful

      Unfortunately it can also make it impossible to login if you are trying to login remotely from a foreign computer, for instance to check mail while traveling.

    3. Re:159357 popular with lefties? by Majik+Sheff · · Score: 4, Funny

      I don't have a right hand you insensitive clod!

      --
      Women are like electronics: you don't know how damaged they are until you try to turn them on.
    4. Re:159357 popular with lefties? by auric_dude · · Score: 5, Funny

      Nothing too sinister about being left handed.

  2. passwords by kohaku · · Score: 5, Funny

    What the hell, Slashdot? Stop posting all my passwords!

  3. The horrible problem by Z00L00K · · Score: 4, Insightful

    It's a horrible problem of having leaked passwords, and the only way around it is to avoid logging the cleartext password and do a hash of the password combined with a salt before storing it.

    In that way it's at least not too easy to recreate the password used by various users.

    It's of course standard procedure, but it just makes it evident how incredibly trivial some systems are built.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    1. Re:The horrible problem by qw0ntum · · Score: 4, Interesting

      From my perusal of TFA, I think the passwords were actually hashed in the DB, but the guy who cracked the site broke them: http://hackedphpbb.blogspot.com/

      The response from phpBB.com seemed to indicate that the only passwords that were cracked were from those accounts that had been created in an older system, and had not logged in under the newer system. Given the large number of spam accounts on that site, I wonder if the majority of those cracked, not recently logged in accounts were spam accounts, and as such if the passwords are not representative of the userbase at large: http://area51.phpbb.com/phpBB/viewtopic.php?f=3&t=29973

      --
      'Every story, if continued long enough, ends in death.' --Ernest Hemingway
    2. Re:The horrible problem by slackergod · · Score: 4, Interesting

      I agree... it just plain scares me that so many large systems don't even bother with such trivial precautions as hashing. It's even more trivial than sql injections. Up until it happened, I would have _never_ guessed myspace & phpbb stored plaintext. It seems borderline incompetent.

      I've implemented tons of little one-off account systems, for websites small enough they'll probably never even see a hacker. But before I even implemented the first one, I went through the trouble of finding the best password hash algorithm I could (http://people.redhat.com/drepper/SHA-crypt.txt)

      Sure, I've had customers ask "why can't it just email me my password when I forget?" But you know what? Just a few minutes of quick explanation, and even people with NO math or cs background can understand why it's important.

      So for the love of the gods, people, please take an hour out of your time to put in a hash alg (even md5-crypt is better than nothing)... it's just not that hard.

      ---

      Just to go off on a rant here...
      I've also noticed in some web applications there is the tendency to just pick a hash alg at random. Be warned: not all hash algorithms are created equal.

      "Checksum" algorithms such as CRC32 are woefully insufficient: easy to reverse (for small strings), easy to find collisions. They're basically just one guessable step away from plaintext.

      "Integrity" algorithms such as MD5 & SHA are a little better, since they're very hard to reverse, and difficult to find collisions.
      The problem with using these types of hashes directly is that they will always hash a password to the _same_ string. While that's desirable for their purposes (file integrity, etc), that's not good at all for passwords: you can pre-build a table of known mappings beforehand, and use it to quickly guess many passwords in parallel (aka a rainbow table): Given a table of 10k user passwords hashed like this, and a pre-built table, the odds are very good you'll get a significant number of the passwords in a very short amount of time.

      This is why a proper "Password" hash (eg bcrypt, md5-crypt, sha-crypt) includes a "salt" which is randomly generated each time the password is set (and not just the first time). This prevents the rainbow attacks which are possible on plain integrity hashes. But prepending (or appending) the salt is not enough, because since it's effect can be undone mathematically, at least enough so that it presents no real additional barrier.

      Genuine password hashes, while using an integrity hash their basis, mix & blend the password and the salt in so many variable ways as to make this reversal impossible. And there are so many nuances here that _you should not roll your own_ (unless you're Bruce Schneier). Read bcrypt, sha-crypt or md5-crypt's specs for some details.

      Note: don't use the old unix-crypt, while it is a password hash in the strict sense, it's so old and simple, it's barely stronger than crc32.

      Note: sha-crypt adds additional flexibility via it's "rounds" system, allowing it to easily grow more complicated as computers grow more powerful. This is why I prefer it above all the others.

      End rant: all this is why you should use sha-crypt or md5-crypt, and nothing lesser.

    3. Re:The horrible problem by asdfghjklqwertyuiop · · Score: 4, Insightful

      When most of your users are chosing passwords like "password" and "1234" no hashing is going to help. Those are the first things anyone will try when using brute force.

      Hashing would buy competent, caring* users with strong passwords a little bit of time to change their password, assuming the intrusion is discovered and the users are notified quickly enough.

      *: That's another mistake a lot of site designers make: assuming that the users care about the security of the accounts they set up. Many times the users simply want access to some content on a web site and once they have it couldn't care less about their account. It was just a meaningless hoop they had to jump through to get something. If the compromise affects the web site more than its users then its time to stop making people create an account for every little thing so your marketing department can gather personal information.

    4. Re:The horrible problem by sakdoctor · · Score: 5, Informative

      If you're going to rant about encryption then get modded +5, try to be factually correct so you don't mislead people.

      CRC32 is a checksum algorithm.
      Integrity algorithm - This doesn't mean anything!
      MD5 and SHA1 are both hash algorithms.
      MD5 is weak because it's not not collision resistant.
      SHA256 and up are recommended.

      For passwords simply appending the salt is sufficient. Hashes are not reversible. They can't be "undone mathematically".

      There is a related issue called an extension attack, where data can be added without knowing the original hash value. For that you need an HMAC which is the correct way to incorporate ("mix and blend") a secret key with data.

      Avoid adding rounds to weak hashes. Pick a larger hash. A 512bit hash has 1.3 Ã-- 10^154 possible outputs!

      Do not reinvent the hash.
      Do not reinvent the HMAC.
      Learn the proper application of both.

  4. Passwords are the Problem by SolarStorm · · Score: 5, Interesting

    With so many other methods of user verification why do we still continue with passwords? My work uses so many passwords for each application, and forces you to change them montly, and some of them force you to use different passwords, that you can look at any monitor and find a postit note with complete access to the system. When I mentioned this to the SA's. They said they need all of the passwords for security? Why not use thumbprints or cards for verification like the hospital I used to work at? Never typed a single password. Had to take the gloves off once or twice, but never a password.

  5. Re:Left and right reversed? by argent · · Score: 5, Funny

    That's the first time I've heard of one-handed typing being commonplace. I thought it was restricted to certain kinds of websites. :)

  6. Re:Left and right reversed? by Ian+Alexander · · Score: 4, Insightful

    I've never moused with my left hand on anything approaching a regular basis- it's simply too awkward. I was just taught to use my right hand to mouse like everyone else in elementary school so that's what I do.

    --Southpaw

  7. Inaccurate by DarkAnt · · Score: 5, Funny

    Sex and God are not even on the list.

    1. Re:Inaccurate by MRe_nl · · Score: 5, Funny

      from a link/article:(Pearlady said, on January 6th, 2009 at 10:35 am)
      "Just had to mention hearing about the man who wanted to use "Penis" as his password, but the computer threw it out because it wasn't long enough.....

      --
      "Kill 'em all and let Root sort 'em out"
  8. Are they the problem? by khasim · · Score: 5, Insightful

    someone 'analyzed' another password list for correlations and found nothing of inherit value to security of than 'people are a problem'.

    People are the weakest link in any security program. But does that make them the "problem" or does it mean that we're approaching security from the wrong angle?

    Passwords suck. People are not capable of memorizing enough entropy to provide more than one or two decent passwords.

    So do not focus on "strong" passwords as your only defense against attack.

    One approach is to encourage "weak" passwords (word.number.word) that users can write down ... but then focus on monitoring and login delays so that any attack will be detected before it even has a one in ten million chance of success.

    Thank you for registering at slashdot. Your password is kitten6apple. Please write it down. If you wish to change it, click HERE. There will be a 10 second delay enforced between login attempts and a 10 minute delay after 3 failed login attempts.

    There. As long as they don't store the passwords in the clear (or as hashes without including a random salt) you should be fairly "secure". At least "secure" enough for a "social networking" site.

    For your bank or other financial institution, you'd want a second, non-Internet-based, channel for verification of transactions. Such as an automated call to your phone.

    People are not the "problem". People's limitations SHOULD be part of the design specifications for the security program.

    1. Re:Are they the problem? by Glendale2x · · Score: 5, Insightful

      The other problem is that every damn thing on the internet now requires a login and password - so much that we start using crap passwords like "asdf" for sites like your phpbb forum login, which happens to be the same as the other 50 forums you have accounts on or ever needed to register for to ask a one-off question.

      --
      this is my sig
  9. Re:Left and right reversed? by cslax · · Score: 5, Funny

    I use the mouse with either hand, if the hand gets tired I switch hands.

    Can be misinterpreted in so many ways.

  10. Who needs this? by Javagator · · Score: 4, Funny

    Who needs a list of the 500 worst passwords. What we need is a list of the 500 best passwords.