Join 3,553 readers in helping fund MetaFilter (Hide)


Question about password security
January 9, 2013 10:27 AM   Subscribe

With email and website passwords, are successful "brute force" attacks still common, where an automated bot tries thousands and thousands of passwords on the same user account until one works?

It seems to me they should have been pretty well made redundant by the simple and widespread policy of locking an account after x number of false attempts within y time frame, and requiring some backup confirmation method thereafter to unlock it again. If any major sites are not following that policy, why not? If it's frequently being circumvented, then how?

And if in fact these brute force attacks are no longer common or effective, why are we still encouraged (and often required) to have complex passwords? Why do I hear things like "if your password is a word in the dictionary, you may as well not have one"? How can this be true? It seems like the complexity of the password is only a defense against brute force attacks, not phishing or large-scale server side hacks, keystroke loggers, leveraging one compromised account to get to others, and the other methods that now seem more common.

I mean, I realize that "password" is a dumb password, but is a random word like "vermouth" really less secure than "f3GveT8k"? I understand why it's much less secure in a theoretical sense, but in practical terms is it significantly more likely to get hacked?
posted by pete_22 to Computers & Internet (17 answers total) 14 users marked this as a favorite
 
Brute force attempts to breach passwords still happen all the time. Your seem-meter may need recalibration.

, I realize that "password" is a dumb password, but is a random word like "vermouth" really less secure than "f3GveT8k"?
Covered here, XKCD lays out the password strength issue in incredibly simple terms. As you've put it, a string of random regular words is actually more secure than something like f3GveT8k.

Why do I hear things like "if your password is a word in the dictionary, you may as well not have one"?

People will say anything? I realize you're paraphrasing here, but that comes off as a particularly ridiculous instance of hyperbole.

It seems like the complexity of the password is only a defense against brute force attacks, not phishing or large-scale server side hacks, keystroke loggers, leveraging one compromised account to get to others

These other things that happen are why you aren't supposed to use the same password for different accounts.
posted by carsonb at 10:37 AM on January 9, 2013


Because if hackers get a hold of the encrypted password file from the server, then they can try as many combinations as they want to crack your password.
posted by empath at 10:37 AM on January 9, 2013 [8 favorites]


That's a great question. Clearly large and sophisticated website operators use "velocity" checks, IP address, and other means of limiting fraudulent login attempts. The problem is that 1) not all sites do that, and 2) as empath stated, if a password database is stolen, then those protections no longer exist.
posted by Dansaman at 10:40 AM on January 9, 2013


Can somebody say more about how hackers would retrieve your password from a stolen but encrypted database file using brute force? I don't understand how one would query the encrypted file. My understanding of brute force is that you basically ask "Is the password this? How about this2? How about this3?" until you guess right. With an encrypted file, how does one ask this question? How would the encrypted file respond No, No, No, Yes?

Good question, pete_22. I've wondered about this myself.
posted by vytae at 10:54 AM on January 9, 2013


Most password files are encrypted with one of two hashing algorithms, MD5 or SHA1. The hackers can apply the same well-known algorithms to their dictionary of possible passwords until they come up with a match.

The simplest countermeasure to this is for the password hashing algorithm to incorporate some additional information along with the password before hashing it; this is called "salting" the password. With unsalted passwords, the brute force attack is essentially trivial as the hackers can do it on their own hardware without worrying about throttling etc.
posted by mr vino at 11:02 AM on January 9, 2013 [2 favorites]


I mean, I realize that "password" is a dumb password, but is a random word like "vermouth" really less secure than "f3GveT8k"? I understand why it's much less secure in a theoretical sense, but in practical terms is it significantly more likely to get hacked?

There's a lot of variables here, but just taking one angle: Rainbow tables are pre-computed hash dictionaries that work as follows:

You sign up for a site that hashes your password but doesn't salt it. An attacker gains access to the hash passwords. These are not immediately useful since it's not possible to reverse a hashing operation, by definition. However, the original password can be inferred if you already know hashes for certain lists of common passwords.

Real example: Use this site to compute md5 hashes. Type in "vermouth" and you get:

dfe874ef03498202a1df97b11db6f345

If I have a set of all the hashes for an English dictionary, I can easily look up dfe874ef03498202a1df97b11db6f345 and infer the original password. As an attacker, I don't have a pre-computed hash for f3GveT8k, or even for verMouTH.

This type of attack is what is mitigated by complexity requirements.
posted by odinsdream at 11:07 AM on January 9, 2013 [7 favorites]


...by system users who otherwise can't do much about bad design decisions of application vendors who have chosen to use unsalted hash storage, which is not appropriate for passwords for all kinds of reasons, this being one small example.
posted by odinsdream at 11:10 AM on January 9, 2013


As a proof of concept, somebody created a little utility a few years back that checks Google for hash strings, to see if someone has cracked a particular password and put that information on the public web.

The corpus of unsalted hashes that's now in the wild thanks to large-scale hacks (Gawker, LinkedIn, etc.) is huge. The number of sites that use old and/or dumb methods to store passwords is also pretty huge.
posted by holgate at 11:12 AM on January 9, 2013


Can somebody say more about how hackers would retrieve your password from a stolen but encrypted database file using brute force? I don't understand how one would query the encrypted file.

"Encrypted" is kind of incorrect. Password authentication generally works by taking your password, such as "1234", and running it through a hash function, which will spit out something like "7110eda4d09e062aa5e4a390b0a572ac0d2c0220". The way hash functions are designed, it's easy to calculate the "7110..." value from "1234", but it's very difficult to figure out what password generates "7110...". So for the website you give your password to, they just store "7110..." and every time they ask for your password they calculate the hash of it and check to see if it matches "7110...".

The problem is that it's relatively common for hackers to gain access to huge lists of hash values ("7110..."). On their own, those hash values are worthless, because the hackers still don't know what passwords they can actually use that correspond with those hash values. But if you use a common password, reverse lookup tables exist that allow hackers to easily input the "7110..." and get back the corresponding password that generates it. That's even better than brute force because other people have already done the hard work of trying all of those common passwords and figuring out what the hash values are. Websites can somewhat prevent that sort of thing by adding a "salt" to their hashing algorithm, so that "1234" hashes to a completely different value than "7110...", but determined hackers could still calculate the correct hashes themselves for common passwords rather than relying on precomputed lookup tables. Also, with big leaks of hash tables from large websites, hackers are not usually looking to crack specific people's passwords, just the ones that are easiest to crack. So the longer and more unique your password is, the less likely it will end up in a lookup table or in a hacker's brute force check.
posted by burnmp3s at 11:13 AM on January 9, 2013 [3 favorites]


somebody created a little utility a few years back that checks Google for hash strings

Indeed. No tools required. Here's a google search for the hash of vermouth. As you can see, first result is the plaintext word.
posted by odinsdream at 11:14 AM on January 9, 2013 [4 favorites]


Odds are good that at least one site you use does a poor job of detecting and blocking all the brute force attempts. Only the developers and the attackers know if the security is good - you as a user are playing roulette.

You cannot be sure that each site was built competently. There are many sites built by low bidders / interns / developers without proper experience who write their own security from scratch.

As one example of this, when I clicked on the "I forgot my password" box at a government site that writes checks and stores personal info, they mailed me my existing password. That means they stored my password unencrypted. :-0

So I'd be pretty surprised if they get anything right on the security side. And that's again a gov site that handles money and personal info.
posted by zippy at 11:15 AM on January 9, 2013 [1 favorite]


Also of interest is this article: How to Safety store a password which shows that advances in GPUs mean that even MD5 or SHA1 with salts is dated now.

The wonder of BCrypt (the solution advocated) is that it's designed to be a lot slower than the standard hashing algorithms. That makes little difference in generating the one hash you want for the password you chose but a big difference when someone is trying the algorithm 40,000 times to try and find your password!
posted by Wysawyg at 11:17 AM on January 9, 2013


Because if hackers get a hold of the encrypted password file from the server, then they can try as many combinations as they want to crack your password.

And when they do they most typically use a 'rainbow tables' type approach to brute-forcing it, which involves using all the words in the dictionary, lists of words compiled from online sources, known password lists, known typical/simple password generation methods ('pa$$word'), and the like.

In that type of attack, "vermouth" will be cracked almost instantly while "f3GveT8k", maybe not.

OTOH a password like f3GveT8k--with only 8 characters--is vulnerable to straight brute-forcing. According to this article (old--2007) with certain hashing algorithms that could be brute forced in an average of 6.5 days. Adding in a few more digits, even just 10 rather than 8, makes it a lot more secure.
posted by flug at 11:19 AM on January 9, 2013


This Ars Techica article explains in layman's terms why current mainstream thinking about passwords is outdated. It even convinced my wife to start using a password manager.
posted by photovox at 1:12 PM on January 9, 2013 [2 favorites]


I can't remember where I saw it, but I read something very similar to the ArsTechnica article linked above and started using a password manager that evening.

Makes it sort of a living nightmare when I buy a new phone, but, well...
posted by SMPA at 2:28 PM on January 9, 2013


This type of attack is what is mitigated by complexity requirements.

It's better mitigated by salted passwords. f3GveT8k would still be taken down by a rainbow table, but f3GveT8k appended with the text of the Declaration of Independence or a Jpeg of a kitty trying to hold on until Friday....not so much.

And if in fact these brute force attacks are no longer common or effective, why are we still encouraged (and often required) to have complex passwords?

I used to work for people who did a biannual paper documents clean out day - with long e-mails explaining what sorts of documents we were legally obligated to keep and which ones, if they were no longer needed, represented a security risk and should be destroyed. During this week they'd wheel out giant blue trash bins with huge, wear metatarsal protection boots while installing these, padlocks holding the lid shut and forcing you to drop your documents into a little slot in the top. Of course the hinges on these bins were held on with four #10 screws. Complex passwords are, often, just like those locks.
posted by Kid Charlemagne at 7:11 PM on January 9, 2013


It's better mitigated by salted passwords.

I agree, and clarified in an immediate follow-up that it's only a user-side mitigation strategy. Users have no control over whether their passwords are stored salted, and even if they are, whether the implementation has other serious flaws.
posted by odinsdream at 5:47 AM on January 10, 2013


« Older Why do certain features of a w...   |  Recommend other Youtube channe... Newer »
This thread is closed to new comments.