The Technology Vent and Rant Thread

[j.p.s]

Quote:

Originally Posted by Renate

So keep your passwords long and random. That means you'll probably end up with a list of 200 or so untypeable passwords.

That is where a 100% open source password manager that doesn't access the internet is handy.

Quote:

Originally Posted by pdurrant

Or just pick four words. CorrectHorseBatteryStaple.

Unfortunately a lot of places aren't on board with that yet and still require mixed case, numeric, and special characters (but exclude different arbitrary sets of special characters).

[ownedbycats]

There's also this:



https://xkcd.com/538/

[ratinox]

Quote:

Originally Posted by Renate

The biggest deal is of course to use different passwords for everything, including crappy accounts that you don't care about. Some websites forces you to make an account for a one-time purchase. Generate a new password.

This is one place where paper can break down. I have on the order of 400 unique accounts in my password vaults (personal and work). Many are one-use things but I keep them just in case I need them again. This would be difficult to manage on something that fits in my wallet. Instead, I have a couple of YubiKeys with master passwords to my vaults on my physical key ring, with backups stored in a fireproof box.

Quote:

Originally Posted by pdurrant

Or just pick four words. CorrectHorseBatteryStaple.

It's both good and maybe not so good advice. Depends on the attack vector.

Longer is better than complicated against brute force attacks. That is, an attacker trying to break into your mobileread account via brute force against the web login interface would need to spend much more time trying to find "correct horse battery staple" than that troubadour mash. Effectively forever for the longer password vs. weeks to months to maybe years for the shorter one, modulo whatever anti-brute force mechanisms mobileread has.

But a thing called rainbow tables exists. A rainbow table is a table of precomputed hashes of common passwords, dictionary words, and combinations. If an attacker can get a dump of the account database, they can apply a rainbow table to find matches and recover cleartext passwords in seconds. A variant of this is likely how attackers were able to partially compromise the LastPass account database a few years ago.

Long story short: passwords suck.

[ratinox]

Quote:

Originally Posted by ownedbycats

There's also this:

https://xkcd.com/538/

Colloquially "rubber hose cryptanalysis".

[Quoth]

Quote:

Originally Posted by ratinox

Long story short: passwords suck.

No, bad passwords and bad use of them suck. All the alternatives are worse in one way or another.
An Alpha tabbed small address book easily manages more than 400 passwords.

I duplicate non-critical passwords in the web browser, but Mozilla are arrogant idiots removing the Principle/main/"master" password on the mobile version of Firefox. Their faulty excuse is that the phone/tablet has a password. Moronic. So I don't store any passwords on my phones or tablets.

Some browsers don't actually encrypt the stored passwords!

Disable all form and financial "memory" on all browsers.

[Renate]

Quote:

Originally Posted by ratinox

A rainbow table is a table of precomputed hashes of common passwords, dictionary words, and combinations.

That's all true, but even something as weak as Linux MD5Crypt has added "salt" to the encryption so that even a single password has 2^128 different hashes that you'd have to store.

If you think that it's that easy could you please crack the root password for a NetGear LM1200 modem? This is the factory password, not a personal one. I really could use the answer.

Code:

root:$1$uH6tuGYf$bjaX370zwmzgNHP/YhrAQ/

Yes, a farm of processors could crack it eventually but it would require a non-insignificant amount of electricity.

I wrote my own password cracker and if the password is "root" or "password" it cracks it inside the blink of an eye.

[ratinox]

Quote:

Originally Posted by Renate

That's all true, but even something as weak as Linux MD5Crypt has added "salt" to the encryption so that even a single password has 2^128 different hashes that you'd have to store.

That's trivial. No, really:
http://project-rainbowcrack.com/table.htm
The largest MD5 hash table is only about 700GB. Most are smaller.

Quote:

If you think that it's that easy could you please crack the root password for a NetGear LM1200 modem?

Try "password" (that's a common Netgear default).
If that's not it then I'm afraid I can't help you at this time but you might find it in one of the tables linked above.

[jbjb]

Quote:

Originally Posted by ratinox

But you do need to trust yourself not to make mistakes.

Indeed, but I'm very careful. If I get that wrong, at least I have only myself to blame.

Quote:

We have these things called wallets and purses, in their infinite variations, in which we keep small, important or valuable pieces of paper like money, ID cards, credit cards, passports, etc.

Wallets can get lost, pocket-picked etc..

I'm happy to take that risk with things like my credit cards (where at least the damage is limited by their credit limit, and fraudulent card-not-present use has some protection.

I'm not, however, willing to take that risk with, for example, my banking passwords.

Quote:

If you have a reasonably secure place to keep these things then you already have a reasonably secure place to keep a password "vault".

My secure location for storing important paper documents would not be convenient for passwords. I don't want to have to open the safe every time I want to log in to something.

[ratinox]

Quote:

Originally Posted by Quoth

No, bad passwords and bad use of them suck. All the alternatives are worse in one way or another.

It's a case of "the worst authentication system ever, except for all of the others". Just because passwords aren't the worst doesn't make them good. It just makes them less bad.

Quote:

An Alpha tabbed small address book easily manages more than 400 passwords.

For some value of "easily". If it works for you then do it. Doesn't work so well for me anymore because my passwords look like "i-Jr_?<LN`y>A9YrPy~7wd&[".

[jbjb]

Quote:

Originally Posted by ratinox

But a thing called rainbow tables exists.

It's very standard practice to protect against rainbow table attacks by salting the password hashes. The attacker would then need a complete rainbow table for each possible salt value. For a long enough salt, that becomes impractical.

Quote:

A rainbow table is a table of precomputed hashes of common passwords, dictionary words, and combinations.

There's much more to it than that. It's certainly not restricted to common passwords etc. - the table will yield the hashes of any password generated by the reduction function from any of the other hashes in each chain (and it doesn't actually store any hashes, just the first and last password in each chain).

Quote:

If an attacker can get a dump of the account database, they can apply a rainbow table to find matches and recover cleartext passwords in seconds.

Not if it's adequately salted.

[jbjb]

Quote:

Originally Posted by ratinox

That's trivial. No, really:
http://project-rainbowcrack.com/table.htm
The largest MD5 hash table is only about 700GB. Most are smaller.

But you'd need one of those tables for each possible value of the salt. For a 256 bit salt, you'd need 2^256 tables of 700GB each - more bits of storage than there are atoms in the universe.

Not exactly "trivial".

[Renate]

Quote:

Originally Posted by jbjb

For a 256 bit salt, you'd need 2^256 tables of 700GB each - more bits of storage than there are atoms in the universe.

Not exactly "trivial".

Quit exaggerating the difficulties!
Since the salt is MD5 hashed you'd only need 2^128 tables of 700 GB.

[ratinox]

Quote:

Originally Posted by jbjb

But you'd need one of those tables for each possible value of the salt. For a 256 bit salt, you'd need 2^256 tables of 700GB each - more bits of storage than there are atoms in the universe.

Not exactly "trivial".

An attacker only needs to identify the salt algorithm once and there are ways to simplify this. One way is for an attacker to pre-seed the database with a "trojan" account of their own making, enabling a known plaintext attack against that hashed entry. Once they identify how the salts are generated they can use this to generate custom tables, which is orders of magnitude faster than brute force and doesn't require infinite storage.

It's all relative. You might not call it trivial, but I don't call it difficult. Getting the database ostensibly is the most difficult step. Once an attacker has that then its just a matter of time until it's cracked.

[jbjb]

Quote:

Originally Posted by Renate

Quit exaggerating the difficulties!
Since the salt is MD5 hashed you'd only need 2^128 tables of 700 GB.

Good point - I'd missed that the response I was disagreeing with was specifically about MD5 hashes.

I'll have to think about whether the 128 bit hash of MD5 really limits the number of tables required. The 256 bit salt is added to the reduction-function-generated password at each stage of the hash chain, so even though there are only 2^128 possible hash values it still feels like the 2^256 tables would still be required.

I'm not sure, though, to be honest, so I'll have to think about it.

For algorithms that generate longer hashes, the 2^256 tables still apply, though, and in any case 2^128 700GB tables is still a bit beyond "trivial"

[jbjb]

Quote:

Originally Posted by ratinox

An attacker only needs to identify the salt algorithm once and there are ways to simplify this.
One way is for an attacker to pre-seed the database with a "trojan" account of their own making, enabling a known plaintext attack against that hashed entry. Once they identify how the salts are generated they can use this to generate custom tables, which is orders of magnitude faster than brute force and doesn't require infinite storage.

In any sane environment the salts are generated properly randomly, using a high quality source of entropy. Not something that can be reverse engineered, unless you can spy on the source of entropy.

Quote:

It's all relative. You might not call it trivial, but I don't call it difficult. Getting the database ostensibly is the most difficult step. Once an attacker has that then it's just a matter of time until it's cracked.

It's always just a matter of time, but if that time is many lifetimes of the universe, we're probably OK.