Researchers studying the passwords exposed by the Christmas-day attack on the security firm Stratfor Global Intelligence say that many of the passwords have turned out to be "simple and easy to decode."
That assessment comes from Utah Valley University's Kevin Young, area IT director and an adjunct professor who teaches information security. Using 120 computers, researchers at the university are decoding the encrypted passwords, which were revealed by a group purporting to be the AntiSec branch of Anonymous.
The story comes from PCWorld's Jeremy Kirk, who goes on to describe the weaknesses Young has found thusfar in short, simple passwords and in the MD5 hashing algorithm Stratfor employed to secure them:
Rather than store passwords in clear text, which is considered dangerous, Stratfor stored a cryptographic representation of victims' passwords called an MD5 hash, generally considered a wise security practice. Young set up the 120 computers in order to decode the MD5 password hashes released by the hackers.
With modest computing power and password cracking programs, many of those MD5 hashes can be decoded into their original password. The simpler and shorter the password, the faster it can be decoded.
While MD5 is still a widely used cryptographic hash function, it's not perfect. Design flaws were found as early as 1996, and US-CERT has since said that the function "should be considered cryptographically broken and unsuitable for further use." Most U.S. government applications now require the SHA-2 family of hash functions.
Of course, as Young pointed out to Kirk, what makes the imperfect hashing scenario particularly worrisome is that the computing power employed by the university pales in comparison to what a nation state can throw at a decryption target.
According to the LA Times, Anonymous late last month released two batches of account information on 860,000 Stratfor subscribers.
Those subscribers include many officials who are central to the country's financial system, holders of intellectual property, and/or instrumental to the United States's national defense.
Given that Stratfor analyzes national and international affairs, it counts among its clientele hundreds of U.S. intelligence, law enforcement and military officials, including the U.S. State Department; international banks such as Bank of America and JP Morgan Chase; and tech companies such as IBM and Microsoft.
Anonymous revealed email addresses, names and credit card numbers belonging to some 75,000 customers, including former U.S. Vice President Dan Quayle and former U.S. Secretary of State Henry A. Kissinger.
As Kirk points out, the credit card data is of ephemeral value to criminals. It's the email addresses and cracked passwords that could enable malicious actors to identify some of Stratfor's subscribers and to potentially impersonate them in cyberspace.
Young told Kirk that he's decoded more than 160,000 Stratfor passwords, with many of the weak passwords belonging to those in organizations such as the U.S. Marine Corps, where the creation of a safe password should be well-understood and well-implemented.
Time for a reminder on how to create a safe password. In a nutshell:
- Use a minimum of eight or nine characters.
- Mix upper- and lower-case letters.
- Use numbers and/or punctuation.
- Never use the same password twice.
You can Frankenstein yourself a delightfully ungainly beast this way. An example: One of my previous passwords is Tb=0tS2!
How did I ever remember it? That nonsense string contains the first letters of a sentence in which I've swapped the first letter of each word for the entire word, thus foiling brute-force dictionary decryption.
There's more to it than that, of course. Sophos's Graham Cluley outlines the technique in this video.
(Enjoy this video? Check out more on the SophosLabs YouTube channel.)
Happy New Year. Have you made your resolutions?
How about this one: Let's all resolve to do a hygiene check on our passwords. Remember, Anonymous is out there.
They don't forgive, they don't forget, and they certainly don't refrain from spilling the beans on passwords that fall into their ever-expanding net.
Want to understand more about password hashes and how they work? Listen to this podcast where Chester Wisniewski and Paul Ducklin explain the ins and outs of password hashing.
(9 January 2011, duration 16:58 minutes, size 12.2 MBytes)
You can also download this podcast directly in MP3 format: Sophos Security Chet Chat 79, subscribe on iTunes or our RSS feed. You can see all of the Sophos Podcasts by visiting our archive.
Follow @LisaVaas
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
Oh Graham, I love your accent. :D
Adorable.
The password shown is not very long. The entire phrase is a much, much stronger password.
Longer passwords are better.
Keepass will let you check the strength of the password.
F+Wsdfadoe&h is 71 bits.
Fred and Wilma sat down for a dinner of eggs and ham. is 167 bits.
Fred & Wilma sat down 4 a dinner of eggs & ham. is 176 bits.
Use Keepass and a different password for each site, and make them as long as the site allows.
Encourage all sites to allow all characters and really long passwords, but not require the archaic changes and l33t speak.
"Stratfor stored a cryptographic representation of victims' passwords called an MD5 hash, generally considered a wise security practice."
That does not sound right.
We cracked 111,429 of the STRATFOR's MD5 hashes under 40 seconds with a large password dictionary, and many more in minutes after that using incremental cracking mode with John the Ripper. We stopped at 200k passwords. So, yea, they were really weak.
There's some misunderstanding in this article. The first is the belief something hashed with MD5 was actually decoded, and that security was compromised because of that particular algorithm. As far as I know, it's almost impossible to decode something hashed with MD5, as it's simply not reversible.
However, it is possible to keep generating values until there's a match with a given value, or to find two inputs that return the same hash, which is the 'collision attack' you were referring to.
The actual method for cracking Stratfor's passwords was to keep hashing dictionary words, variations and possibilities, until there's a match with an MD5 entry in the password database. This same method is effective against MD5, SHA and SHA2, so changing the algorithm does nothing to improve security if weak passwords are still used.
For passwords that aren't horribly weak (nothing is going to help a password of "Password123"), SHA1 and SHA2 do provide advantages over MD5 for three reasons:
1. MD5 produces a 128-bit digest. SHA1 = 160-bit. SHA2 = 224 to 512-bit. Longer digest = more possible digest values = lower chance of a collision.
2. There are known weaknesses in MD5 that significantly decrease the number of calculations needed in order to find a collision.
3. MD5 is computationally easier than SHA1, which in turn is easier than SHA2. This means with the same amount of processing power, you can grind through many more possible MD5 values than SHA1/SHA2. http://hashcat.net/oclhashcat-plus/ has a nice table showing relative real-world computation speeds.
Martin Bos (@PureHate_) announced he had recovered passwords for 92.22% of the Stratfor accounts back on Jan 3rd. I'd put money on him using oclHashcat-lite and at least one Radeon HD 5970. @hashcat reported hitting a record rate of 9.95B MD5 hashes/sec using that card on Jan 4th.
Was the stored MD5 hash salted?
Using 120 computers to break only 160,000 passwords?!???! I used one machine that doesn't have the most modern gpu's to gather just over 300,000 total before I stopped. I used my own dictionaries, then brute forced the entire 1-7 password length space using the upper / lower alphanumeric character set. This was with only 700 million hashes per second, newer ati hardware can exceed 5 billion hashes per second per gpu. Even my laptop with a mobile nvidia card can exceed 85M hps. They need a new IT director even in his example Tb=0tS2! is only 8 characters long if his hash was leaked it would only take an attacker with a few current gen gpu's a day or two at max to break this. One hash cracking group is already known to have completed over 92% of the entire leaked data set and that was as of 3 days ago.
I too, thought he was an idiot at first so I clarified it with the researcher. The 120 machines were creating 8,9, and 10 char sequential wordlists - until the researcher exhausted his 50TB allotment.
He fed both generated and existing wordlists into both JTR and oclHashCat (for speed comparison purposes). I have no idea how many he's since cracked.
His research was more about the quality, entropy, and complexity (and the lack thereof) than the quantity.
If you want to secure your data I would suggest keeping it offline and not on a networked PC. I keep my info on an encrypted USB stick, and it's only accessable during the times I need it. Much harder to get the data that is not there all the time.
It's amazing how this group seems to get around, and not anyone has anything to trace. Most of the Companies targeted are large, who think they have security under control by paying a guy thousands a year. While the $8/hr employee has insight to get around network security, and gives the hacker a free ride in. On top of the fact the IT Admin probably had no intentions of checking logs, or going about doing anything other than email to the subscribers to change their passwords because of the security breech. I bet he is still working there and got nothing more than a slap on the wrist. The Security Breech means they where not doing the job, and your paying these people for what?
I get plenty of false security breeches and end up shutting people out of my network because it was suspicious activity, even for legit users.
Really you can only be anonymous for so long before someone traces the steps back.
Also as I exited I thought of something else. All the security questions that websites use for password recovery can be figured out by knowing someone, and every site uses the same basic questions. I can get a lot of information right off facebook. (What highschool did you go to. Favorite food. Mothers Madien name. Favorite Hobby, pets name, etc). I bet I can get 8/10 friends passwords in less than 30 mins if they where all on the same site, using password recovery and quick guesses.
I usually choose the ones that have an ever occuring change, and require me to know when I created the account to know what I liked or was doing then. Favorite Hobby could be reading today, be rock climbing tomorrow, and building snowmen on Saturday. It makes it harder for even me to remember my passwords, but knowing I created the account on 05/06/2003 and I know exactly what I was doing and what I was thinking at the time.
People use real answers for recovery questions? I tend to fill mine out with things like "qqqqqqqqq" "lolwtf" or the batman symbol. I can't see myself ever actually needing them.
Don't store password not even on a flash disk that can be turned to network disk, don't type password a key logger can send a copy of it somewhere, instead use a password generator to fill that field every time you login. Check Pass4All.com.