Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lessons Learned From Cracking 2M LinkedIn Passwords

Posted by samzenpus on from the listen-to-the-learnings dept.

An anonymous reader writes "Qualys researcher Francois Pesce used open source password cracker John the Ripper to try to crack SHA-1 hashes of leaked LinkedIn passwords. He ran the John the Ripper default command on a small default password dictionary of less than 4,000 words. The program then switched to incremental mode based on statistical analysis of known password structures, which generated more probable passwords. The results? After 4 hours, approximately 900,000 passwords had been cracked. Francois then ran numerous iterations, incorporating older dictionaries to uncover less common passwords and ended up cracking a total of 2,000,000 passwords."

27 of 198 comments (clear)

  1. Do not use standard passwords by Anonymous Coward · · Score: 5, Insightful

    Surely this is not news.

    1. Re:Do not use standard passwords by Richard_at_work · · Score: 4, Interesting

      The problem is, even passwords that would have been considered "non-standard" 5 years ago is now easily crackable - according to GRC, a password I used 5 years ago consisting of ten characters, alpha numeric, mixed case and a symbol would take just an hour or so to crack. That was quite eye opening.

      So what next?

    2. Re:Do not use standard passwords by Qzukk · · Score: 4, Insightful

      Salting doesn't stop brute force crackers like JtR, it only stops attackers from using a rainbow table and/or discovering that two people have the same password.

      The real lesson here is just because your password database is hashed (with or without salt) doesn't mean you should let just whoever download the thing.

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
    3. Re:Do not use standard passwords by Shetan · · Score: 5, Informative

      So what next?

      Two factor authentication.

    4. Re:Do not use standard passwords by Anonymous Coward · · Score: 3, Funny

      The real lesson here is just because your password database is hashed (with or without salt) doesn't mean you should let just whoever download the thing.

      Genius. Pure genius. I hope the NSA snaps you right up. It's people like you with keen intellects that can come up with such a conclusion (that no one else has ever even considered) that will save this great nation of ours. Thank you. Thank you.

      I'm going to go and change my setup so that my password databases aren't visible to the Internet anymore. It's just incredible. Are you the result of a Mensa genetic engineering experiment or something?

    5. Re:Do not use standard passwords by ShanghaiBill · · Score: 5, Informative

      Salting doesn't stop brute force crackers like JtR

      Salting doesn't make brute force crackers impossible, but it makes brute force much, much less effective. If I have two million unsalted passwords, I just need to compute a hash for a dictionary word one time and then do two million string comparisons. If I have two million salted passwords, then I need to hash the dictionary word two million times. That is far, far more time consuming.

    6. Re:Do not use standard passwords by Bengie · · Score: 3, Insightful

      But instead of 4 hours to crack 2mil hashes, he would have spent 4 hours per hash for 2mil hashes. It makes a small difference.

    7. Re:Do not use standard passwords by blueg3 · · Score: 3, Informative

      Salting doesn't stop brute force crackers like JtR, it only stops attackers from using a rainbow table and/or discovering that two people have the same password.

      Both of those latter things are significant risks. However, it also substantially slows down brute-force crackers when applied to large password lists.

      If you apply a brute-force cracker to a list of, say, a million unsalted password hashes, then you need to only compute the hash of each potential password once and compare the result against all million hashes. With a reasonably good in-memory storage system for the hashes, nearly 100% of your time is spent computing hashes (and not in comparison or password generation). So, with unsalted passwords, cracking a million passwords is as fast as cracking one (but much more lucrative).

      With salted passwords, you need to compute the hash of each potential password for each entry in the hash list (since they all, ostensibly, have different salts). So you need to compute a million hashes in order to check one possible password (for the whole list). That is a substantial slowdown. With salted passwords, you are essentially cracking every password in a list separately -- having a large list gives you zero speed benefits.

      If a factor of a million slowdown doesn't seem like much, consider that many good password-based encryption system use key strengthening, where the password (and salt) are passed through many chained rounds of hashing. Roughly a million, on modern processors. The whole purpose of this is to slow down brute-force password cracking by increasing the cost of a guess. It's enough of a change that instead of being able to get through a very large keyspace in a reasonable time (with only one hash round), you're stuck only being able to crack very bad passwords (with a million hash rounds). That's a very significant difference.

    8. Re:Do not use standard passwords by RenderSeven · · Score: 5, Funny

      What an excellent opportunity! I just told everybody on my LinkedIn account what I *really* thought of them, waited an hour, and told them all my password was hacked. Good times, good times.

    9. Re:Do not use standard passwords by Junta · · Score: 4, Informative

      If you have a salt in *code* (I presume a static one), I would wager it would be easy to discern. A salt is not supposed to be 'secret', it's just supposed to prevent easy identification of common passwords and a simplistic rainbow table attack.

      Now if each client had a machine generated salt to append before transmit to server, that actually is servicable. Of course, the standard practice of complete obfuscation of the password through local algorithms is better.

      --
      XML is like violence. If it doesn't solve the problem, use more.
    10. Re:Do not use standard passwords by hoggoth · · Score: 4, Funny

      Yeah, me too. I told my brother that stealing my girlfriend in the 8th grade was a shitty thing to do and he should stop getting drunk in bars. Then an hour later I told him my account was hacked and that wasn't me who wrote that.

      --
      - For the complete works of Shakespeare: cat /dev/random (may take some time)
    11. Re:Do not use standard passwords by zzsmirkzz · · Score: 4, Interesting

      That's not really feasible. Presumably if they have access to the passwords they also have access to the salts. In the end the legitimate application requires access to both, so if they've compromised the application they can probably get both.

      It seems perfectly feasible to me.

      1) A part of the salt is static and hidden in application code. This means even in the DB of salts is compromised, deduction of the missing piece is still required (as well as knowledge of its existence).

      2) In a example setup there are three servers, the Application/Authentication server that is accepting login requests (Server A), the Database server hosting the DB of password hashes (Server B), and the Database server hosting the DB of the password salts (Server C).

      3) The servers are configured so that Server A can communicate with the outside world and servers B and C. Server B can only communicate with Server A. Server C can only communicate with Server A.

      In this setup the only server than can be remotely compromised is Server A which does not have direct access to either the list of hashes or the list of salts. In order to get this information an attacker would have to take control of Server A and query both databases, one record at-a-time. The search/index key in both databases would be the username, so the attacker would also need the complete list of usernames as well.

      Now, I dreamed up this scenario in about 5-10 minutes. Please explain why it's unfeasible and assume security is high priority consideration.

    12. Re:Do not use standard passwords by SilentStaid · · Score: 3, Funny

      She clearly left him because of his lax security behavior, you insensitive clod.

    13. Re:Do not use standard passwords by slew · · Score: 3, Informative

      Salt: a random per user number (not an algorithm) used to foil attacks like rainbow tables.
      Signature: an algorithm that authenticates a message (like a password).

      Typically any secret algorithm is considered security by obfuscation.

      So a "salt" generating algorithm would be an obfuscated pseudo-random number generator used in a non-standard way as non-cryptographically secure signature. Yeah, that's the ticket to good security ;^)

  2. gpg by Anonymous Coward · · Score: 5, Interesting

    gpg - --gen-rand 1 9 | gpg -cat > linkedin.asc

    And presto, 72 bits of sweet entropy in your password which you don't even need to remember. It suffices to remember ONE password.
    Need your linkedin password?
    gpg linkedin.asc | xsel
    (and type your one password).

    Note that this way your linkedin password is never typed and never shows up on the screen.

    1. Re:gpg by Terrasque · · Score: 4, Informative

      http://hashapass.com/ have a bookmarklet. Not completely auto, you still need to write in a keyword for the site, but still.. Does a good job.

      --
      It's The Golden Rule: "He who has the gold makes the rules."
  3. Re:YAY the cracked the passwords by EasyTarget · · Score: 3, Informative

    ... It is only useless if you have a criminal intent.

    For those of us who do not actually want to abuse this leak, but instead learn from it, this is a great source of data!
    It shows just how *****ingly clueless most people are when it comes to creating a password.
    It shows how getting a bit smarter makes your password harder to crack, but still vulnerable to dictionary+statistical attacks.
    It shows how 100% random is probably the way to go for anything of value.

    --
    "Oops, I always forget the purpose of competition is to divide people into winners and losers." - Hobbes
  4. Did he crack any random passphrases? by khendron · · Score: 4, Funny

    Like "correct horse battery staple"?

    --
    Life is like a web application. Sometime you need cookies just to get by.
  5. Real lesson -- make guessing expensive! by redelm · · Score: 4, Insightful

    The predictable whining (and obligatory xkcd rebut) will be to make passwds "stronger", because open hashes or fast guessing is acceptable provider security.

    I call BS! More "blaming the victim". Any secadmin/netadmin who has hashes available or allows unthrottled passwd guessing is INCOMPETANT. Staff are paid for professional-level knowledge so users do not need to be concerned.

    The work itself is very nice, MD5 hashes can be cracked quickly in massive parallel on GPU hardware. This only matters after the hashes have already been stolen.

    Practical security should be more systemic -- the cost of a wrong guess is more than a nanosecond of GPU. There are at least network delays, and in many cases lockouts. The latter make random guessing too costly/slow, especially progressive systems that allow 5 wrongs immediately, 10 in an hour, 20 in a day, and lock hard (manual intervention) above that.

    My father had one of the early ATM cards but had me operate the machinery. It had an 8 digit assigned PIN, but dropped quickly to 4 when it was realized the 8 were hard to remember, and swallowing the card after 3 wrong guesses was more than adequate.

    1. Re:Real lesson -- make guessing expensive! by slimjim8094 · · Score: 3, Insightful

      What the hell are you talking about?? The problem wasn't the hashing - SHA1 is perfectly strong - it was the lack of salting, which makes attacks like this one possible. And "unthrottled passwd guessing" might be "incompetant" but preventing it doesn't do you a lick of good if you're testing against a list you downloaded.

      Yeah, they screwed up. They shouldn't have allowed the password hashes to be compromised, and they should've salted the hashes so they would be essentially worthless if compromised, but that doesn't negate the value of a strong password.

      --
      I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
  6. Re:Value of a linkedin account by Anonymous Coward · · Score: 5, Insightful

    It probably has little value, but the account name is an email address. Many people use the same account/pass combination for multiple sites, including perchance their paypal account. If they manage to pull a few million email/password combos from linkedin, I can guarantee you that some of those combinations will match paypal exactly.

  7. slashdot by rapiddescent · · Score: 5, Funny

    own up, who used the password slashdot - 0000003627a75d6c96a3d965247584a78779bc3d

  8. Some more important questions by arcctgx · · Score: 3, Insightful

    We all know that people tend to choose weak passwords, this is not really newsworthy. Ever since the database was leaked, many people, including professionals, have performed various analyses of cracked passwords. This is fine, but I think there are more important things we need to know right now:

    1) When exactly was the database leaked? It seems that it's been floating around the internet for some time before it hit the news last week.
    2) What the attack vector was?
    3) What security measures have been taken by LinkedIn to ensure this will not happen again?

    And perhaps one more: is there a relation between LinkedIn, eHarmony and last.fm database leaks? Did the same person/group do this?

  9. Re:Check your password by Jahava · · Score: 5, Informative

    www.leakedin.org/

    Nobody should use this site, period.

    You seriously expect people to go to an arbitrary site and enter their password, knowing that the hashes have been leaked alongside account information?

    In the kindest possible world this may be seen as a service, but the skeptic in everyone should hear very loud alarm bells. This site could easily log all of the passwords that are entered for "testing", use them to solve the harder-to-brute-force hashes, and deliver to the site operator the resulting account information and plaintext password!

    Even if you had the best intentions posting that link, and even if the site actually is completely innocuous, one should never encourage any user to enter their password into a random third-party site. Please take it down immediately.

  10. Re:Check your password by glwtta · · Score: 3, Insightful

    In this case, you have all the tools to satisfy your inner skeptic: the source is right there, if you don't trust yourself to read it, it's trivial enough to examine all communication the page does.

    As the site says, the passwords are hashed on the client, and nothing but the hash is ever sent to the server.

    You make a fair point, but this is Slashdot, we're not supposed to be "users" here.

    --
    sic transit gloria mundi
  11. Re:Check your password by Jahava · · Score: 3, Insightful

    In this case, you have all the tools to satisfy your inner skeptic: the source is right there, if you don't trust yourself to read it, it's trivial enough to examine all communication the page does. As the site says, the passwords are hashed on the client, and nothing but the hash is ever sent to the server. You make a fair point, but this is Slashdot, we're not supposed to be "users" here.

    You also make a fair point, and I'll admit I didn't catch that and replied hastily in light of that.

    There are, however, a lot of known website tricks that can get around this (e.g., collaborating iframes, etc.) as well as server-side tricks (e.g., serve a malicious page every nth visitor). A full client-side audit will prove any given instance harmless, and I suspect the site likely will pass all such tests, but I still think the encouraged trust of a one-factor authentication credential to a third-party site is in bad security taste, especially as the link propagates outside of the "expert" community to relatives and friends who will likely not have the know-how to perform such auditing.

    Thank you for pointing that out!

  12. I heard he left her... by publiclurker · · Score: 3, Funny

    because she refused to properly secure her ports to outside access.