I agree that there is no excuse not to use bcrypt.
You can do basically attempt all 8 character passwords in a few minutes per user on modern hardware (the salt adds 0 computation complexity, but as you say, it forces you to actually have to do the calculation instead of doing a lookup).
Also, the whole point is that key derivation is slow. Of course the "secret from which keys are derived" is available (it is necessarily so; it's stored, along with the cost factor, as part of bcrypt's output, for example). But the fact that you have to through 2^N iterations, where N is usually >= 10, throws a meaningful speedbump in front of high-speed cracking. Now instead of brute forcing any given 7-character alphanumeric case-sensitive passwords in ~half an hour, it'll take you > 20 days on average.
The key derivation functions can be literally several orders of magnitude harder to brute force. And their difficulty can be chosen with simple parameters, with sane defaults. There is really no comparison between a singly salted hashed password and bcrypt/scrypt.
Assuming the cracker has access to the salt and a GPU, the only thing keeping users safe now is the entropy inherent in the passwords they chose.
It doesn't have to be like that. Instead of plugging in Good Salted Hashed Password Library, you can plug in Bcrypt Library or Scrypt Library *and protect even the users who chose bad passwords*.
If the hackers didn't get the salt, and only have the salted hashes, and let's say the salt is, say, a 20 character random phrase using numbers, letters and symbols, what is the weak spot?
I'm sure many/. users are implementing systems like this using salted hashes, so if there's an inherent weakness (other than the salt becoming exposed) I'm sure it would be useful if there was a straightforward explanation.
The size of the salt is relevant only insofar as you want to be sure that each user has their own unique salt. The salt is stored in plaintext (or, I suppose, it could be encrypted, but then the decryption key must then be stored in an accessible place). The point is that the crackers must be assumed to have recovered the salts.
So now those salts protect you against pre-computed hashes. The cracker has to attempt each password individually. But most people use one of the few thousand most common passwords. And inexpensive modern hardware lets you attempt billions of SHA hashes per second. So... Salted and hashed does very little for you at this point.
Instead of salting and hashing, use a key derivation function (e.g., bcrypt, scrypt).
And yet, with no extra effort on Living Social's part -- simply by choosing a bcrypt library instead of a custom hash/salt scheme -- even a user with a weak password would be protected.
So, sure, I might agree with you, but that doesn't absolve Living Social.
Why is it "fortunate" that the passwords were hashed and salted? Unless they've used key derivation functions (e.g., bcrypt, scrypt) and are actually under-selling their sophistication, this seems Very Bad for their customers.
... RNA misspellings originally discovered in the white blood cells were also in the skin cells. And the misspellings aren’t just rare, random mistakes. “When DNA and RNA differ from each other it happens in nearly every RNA” copy, Li says.
Yes, that's the right thing to do. As I said the first time, "Ambulances in the US will take you to the nearest hospital with appropriate facilities for your condition." Since the hospital that was a bit further was a facility more appropriate for your grandmother's condition, it was right to take her there.
Just replying so that people know not to take your post literally. Ambulances in the US will take you to the nearest hospital with appropriate facilities for your condition.
Did you read the rest of my post (the part that you didn't quote) where I addressed the actions that they should take, instead of just turning off autoreply?
Your tone seems to be that of disagreement, but your words recapitulate what I already said.
Regardless of the information density of his post, I disagree with his assertion that Hotmail should flip the 'autoreply' bit on these accounts. I do not think Hotmail wants to get involved in guessing whether or not someone intended to set any particular auto-reply message: "Surely, Mr. Jones, you didn't intend to drop an F-bomb in your auto-reply."
More to the point, these are hacked accounts. If you were going to take any action, *disabling* (even temporarily) the accounts and flagging them for forensic follow-up would strike me as more appropriate.
Your point is supported by the fact that the Christmas terrorist was the son of a banker, and well-educated. This is not someone who spent a life in poverty.
This is the correct response. Facebook use (and actively develop) APC, an opcode cache. In other words, they cache the compiled binaries created by PHP. So, the environmental impact of running PHP as opposed to something compiled is virtually 0, because nearly all calls are made to pre-compiled PHP opcode.
I completely agree, and I think that what you're getting at is the "art" of science. Knowing how to develop good experimental procedures, deciding when the evidence is enough to convince you of X, etc. It's a deep and fascinating topic, and I am grateful that you started the discussion.
They should be met by compassionate denial - a non-condescending denial cushioned with the true caveat that what is known now is not the limit of what will be known in the future and we may, perhaps, be wrong.
(Assuming this is a sincere question; otherwise, I missed the joke.)
Squamous cell esophageal cancer is associated with the consumption of hot beverages. The evidence strongly suggests that the consumption of hot beverages is a causal factor in the development of squamous cell esophageal cancer. (Note that this is not adenocarcinoma, which is more prevalent in the US.) Nevertheless, taken to its extreme, the mantra "correlation is not causation" would cause one to refuse to acknowledge hot water as being causal for squamous esophageal cancer and, instead, continue seeking alternate explanations. Although I cannot read his mind, I am inferring that PylonHead is arguing for a balance between "correlation is not causation" and "after enough evidence and careful study, this correlation is actually due to causation."
In my opinion, the executive summary is that Craig Newmark values his notion of small, local communities more highly than he values money. I mean it in as cool and non-bleeding-heart a manner as possible.
He has the ability to direct the flow of visitors to his site to make money, or he has the ability to encourage what he sees as small, local communities basically unconnected to one another. He uses his site for the latter, and consequently forgoes substantial amounts of income. Sites that aggregate content or otherwise amalgamate the disconnected communities run afoul of his personal and, perhaps, business preferences.
Slashdot Mirror
I agree that there is no excuse not to use bcrypt.
You can do basically attempt all 8 character passwords in a few minutes per user on modern hardware (the salt adds 0 computation complexity, but as you say, it forces you to actually have to do the calculation instead of doing a lookup).
Also, the whole point is that key derivation is slow. Of course the "secret from which keys are derived" is available (it is necessarily so; it's stored, along with the cost factor, as part of bcrypt's output, for example). But the fact that you have to through 2^N iterations, where N is usually >= 10, throws a meaningful speedbump in front of high-speed cracking. Now instead of brute forcing any given 7-character alphanumeric case-sensitive passwords in ~half an hour, it'll take you > 20 days on average.
This is completely orthogonal to the fact that salted hashed passwords have never been an appropriate means to store a password. http://codahale.com/how-to-safely-store-a-password/
The key derivation functions can be literally several orders of magnitude harder to brute force. And their difficulty can be chosen with simple parameters, with sane defaults. There is really no comparison between a singly salted hashed password and bcrypt/scrypt.
Check out table 1 in this paper to get a sense: https://www.tarsnap.com/scrypt/scrypt.pdf
Assuming the cracker has access to the salt and a GPU, the only thing keeping users safe now is the entropy inherent in the passwords they chose.
It doesn't have to be like that. Instead of plugging in Good Salted Hashed Password Library, you can plug in Bcrypt Library or Scrypt Library *and protect even the users who chose bad passwords*.
Can you explain this a bit more?
If the hackers didn't get the salt, and only have the salted hashes, and let's say the salt is, say, a 20 character random phrase using numbers, letters and symbols, what is the weak spot?
I'm sure many /. users are implementing systems like this using salted hashes, so if there's an inherent weakness (other than the salt becoming exposed) I'm sure it would be useful if there was a straightforward explanation.
The size of the salt is relevant only insofar as you want to be sure that each user has their own unique salt. The salt is stored in plaintext (or, I suppose, it could be encrypted, but then the decryption key must then be stored in an accessible place). The point is that the crackers must be assumed to have recovered the salts.
So now those salts protect you against pre-computed hashes. The cracker has to attempt each password individually. But most people use one of the few thousand most common passwords. And inexpensive modern hardware lets you attempt billions of SHA hashes per second. So... Salted and hashed does very little for you at this point.
Instead of salting and hashing, use a key derivation function (e.g., bcrypt, scrypt).
And yet, with no extra effort on Living Social's part -- simply by choosing a bcrypt library instead of a custom hash/salt scheme -- even a user with a weak password would be protected.
So, sure, I might agree with you, but that doesn't absolve Living Social.
Why is it "fortunate" that the passwords were hashed and salted? Unless they've used key derivation functions (e.g., bcrypt, scrypt) and are actually under-selling their sophistication, this seems Very Bad for their customers.
... RNA misspellings originally discovered in the white blood cells were also in the skin cells. And the misspellings aren’t just rare, random mistakes. “When DNA and RNA differ from each other it happens in nearly every RNA” copy, Li says.
This supports what canajin56 was saying.
There is an explicit exception to programs that call libraries in that fashion. See http://en.wikipedia.org/wiki/GPL_linking_exception and http://www.gnu.org/licenses/gcc-exception-faq.html
Well, yeah, my tax dollars subsidized their infrastructure, so I would like to regulate their pricing.
Even if Google never pays another fine for Orkut-related activities, is Orkut in Brazil profitable per se?
Yes, that's the right thing to do. As I said the first time, "Ambulances in the US will take you to the nearest hospital with appropriate facilities for your condition." Since the hospital that was a bit further was a facility more appropriate for your grandmother's condition, it was right to take her there.
Getting warmer. Tortious.
Unless they actually meant torturous - but most blogs aren't THAT bad.
Just replying so that people know not to take your post literally. Ambulances in the US will take you to the nearest hospital with appropriate facilities for your condition.
No such thing. As the phrase goes, Yale men, Princeton boys, and Harvard scholars.
Did you read the rest of my post (the part that you didn't quote) where I addressed the actions that they should take, instead of just turning off autoreply?
Your tone seems to be that of disagreement, but your words recapitulate what I already said.
Regardless of the information density of his post, I disagree with his assertion that Hotmail should flip the 'autoreply' bit on these accounts. I do not think Hotmail wants to get involved in guessing whether or not someone intended to set any particular auto-reply message: "Surely, Mr. Jones, you didn't intend to drop an F-bomb in your auto-reply."
More to the point, these are hacked accounts. If you were going to take any action, *disabling* (even temporarily) the accounts and flagging them for forensic follow-up would strike me as more appropriate.
Your point is supported by the fact that the Christmas terrorist was the son of a banker, and well-educated. This is not someone who spent a life in poverty.
This is the correct response. Facebook use (and actively develop) APC, an opcode cache. In other words, they cache the compiled binaries created by PHP. So, the environmental impact of running PHP as opposed to something compiled is virtually 0, because nearly all calls are made to pre-compiled PHP opcode.
I completely agree, and I think that what you're getting at is the "art" of science. Knowing how to develop good experimental procedures, deciding when the evidence is enough to convince you of X, etc. It's a deep and fascinating topic, and I am grateful that you started the discussion.
They should be met by compassionate denial - a non-condescending denial cushioned with the true caveat that what is known now is not the limit of what will be known in the future and we may, perhaps, be wrong.
There are real claims that humans coexisted with dinosaurs. Because these people sincerely believe this, do you also believe that this occurred?
Real complaints do not imply that *what* they are complaining about is real.
(Assuming this is a sincere question; otherwise, I missed the joke.)
Squamous cell esophageal cancer is associated with the consumption of hot beverages. The evidence strongly suggests that the consumption of hot beverages is a causal factor in the development of squamous cell esophageal cancer. (Note that this is not adenocarcinoma, which is more prevalent in the US.) Nevertheless, taken to its extreme, the mantra "correlation is not causation" would cause one to refuse to acknowledge hot water as being causal for squamous esophageal cancer and, instead, continue seeking alternate explanations. Although I cannot read his mind, I am inferring that PylonHead is arguing for a balance between "correlation is not causation" and "after enough evidence and careful study, this correlation is actually due to causation."
In my opinion, the executive summary is that Craig Newmark values his notion of small, local communities more highly than he values money. I mean it in as cool and non-bleeding-heart a manner as possible.
He has the ability to direct the flow of visitors to his site to make money, or he has the ability to encourage what he sees as small, local communities basically unconnected to one another. He uses his site for the latter, and consequently forgoes substantial amounts of income. Sites that aggregate content or otherwise amalgamate the disconnected communities run afoul of his personal and, perhaps, business preferences.