Slashdot Mirror
Ubuntu Forum Security Breach
pinkstuff writes "There has been a major security breach of the Ubuntu Forums database. Every user's email address and salted password has been taken. From the forum home page: Unfortunately the attackers have gotten every user's local username, password, and email address from the Ubuntu Forums database. The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP. Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach."
Dupe of http://it.slashdot.org/story/13/07/21/0318243/ubuntuforumsorg-hacked
Posting anon so no karma whoring
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
The hashes are salted. Who cares about a breach with salted hashes?
They use vBulletin.. the passwords are salted.. but it's just md5(salt+md5(password)). The salt is in the db, and it's just 2 md5 hashes -- NO stretching, PBKDF2, bcrypt, or anything else. It's literally one step up from plaintext. You can recover those passwords in very little time. You SHOULD assume the passwords are compromised.
http://www.vbulletin.org/forum/showthread.php?t=178091
So has this happened yet again or just another Dupe?
I don't know about Ubuntu being that popular, but this story seems to be. We had this one on /. only four days ago. Editors asleep at the wheel again... :-|
How do you reverse an MD5 hash if it is not?
You try all possible inputs at a rate of 180 billion combinations per second.
For an 8 character alphanumeric with a few symbols, thats about 48 bits of entropy, which equates to 1564 seconds (26 minutes) to try every single possible input. Since you used a 128-bit hash on 48 bits of entropy, the odds are very very very good that only one single input will result in the stored MD5 hash.
Thus the attack knows precisely what the original password was in only 26 minutes, which fits the definition of "reversing" the hash in no more than 26 minutes.
"His name was James Damore."
MD5 is just not computationally intensive by todays standards. You can easily calculate several BILLION MD5 hashes per second on a modern GPU. It's fast enough that you can simply bruteforce it.. you can rent an EC2 cluster for a few dollars if you don't want to spend the money on the GPUs.
There's a reason why at a minimum stretching is used (this is when you hash a password + salt, then hash the hash typically a few 10000 times)... this is standard practice BTW if you're going to use hashes (or better, use bcrypt or pbkdf)
The only thing the salt does is prevent them from cracking all of the passwords at once.. they'll have to crack each user individually.
The Ubuntu forums run on vBulletin, a proprietary solution. Nothing open-source about it.
the salt is random.. so each user's password would need to be cracked individually.
that doesn't make it 52min though..
You could speed this up by hashing the password you want to try, then hashing it with each user's salt. So instead of 2x hashes, you would have (# of users) + 1 md5 calcs for each password attempt.
And the average time would be 1/2 of the max time.
Also... most of those passwords are probably dictionary words.
"Still - there are two md5 hashes with a salt added "
No, even that part was done improperly. Since they hashed the password, then added the salt, then hashed the result.. it's actually just (# of users) + 1 md5 hashes.
1) hash password
2) concat hash + salt
3) hash result
4) repeat 2 & 3 for each user
What happened is that you apparently dont know the difference between operating system vulnerabilities, and someone gaining unauthorized access to a forum.
This will probably hurt their campaign to bring Ubuntu to mobile.
Their kickstarter at Indiegogo already seems to be slowing down.
Not quite fair to link a forum breach to Ubuntu, but public perception is what matters.