what do you know about password? by guang ling oct. 8 th, 2012 1
TRANSCRIPT
1
What do you know about password?
By Guang LingOct. 8th, 2012
2
What password are you using?
• Before going to the next slide, can you guess what is the most used password?
3
4
5
Some statistics on password
• 4.7% of users have the password password• 8.5% have the passwords password or 123456;• 9.8% have the passwords password, 123456 or
12345678;• 14% have a password from the top 10 passwords• 40% have a password from the top 100 passwords• 79% have a password from the top 500 passwords• 91% have a password from the top 1000
passwords
6
Some statistics on password
thx1138 (turns out this is a movie from forty years back)gundam (actually an anime series)ncc1701 (codename for the USS Enterprise in Star Trek)
7
Some statistics on password
8
I am not concerned!
So what!I am not using these weak passwords!
10
What is strong password?
• Common misunderstand– The more complex the password, the more secure
it is!
11
What is strong password?
• Measure strength of password using entropy–
• So what is the key to the strength of a password?– Length!
12
Wait, is your password secure?
13
I am not concerned!
HAHA!!!My password is impossible to crack!
14
You should be concerned!
• Recent password leakage incidents in China– In December 22nd, 2011, a famous programmer
forum CSDN has its server hacked and 6,000,000 user accounts leaked
– In December 25th, 2011, user accounts of one of the major discuss forum in China, 天涯 , is leaked and 40,000,000 accounts exposed
– In the following weeks, 人人网 (5m) ,多玩网(8m), 猫扑 (10m), 开心网,世纪佳缘,百合网,美空 all have at least part of their accounts leaked
15
You should be concerned!
• To make things worse, passwords leaked from CSDN and 天涯 are all in clear text!
WHAT!!!!!!I use this username password combination for every website!!!
16
You should be concerned!
• Someone claim that 人人网’ s database is also clear text, it turns out that this might not be true
• However, only 0.84% (4001/4768600) password cannot be cracked
17
A peak at the leaked password files
18
Server-side password
• To better understand how to secure our online identity, let’s take a short detour to talk about password transmission and storage.
19
Password storage
• Form of password storage– Clear text– Hash– Salted hash
hash("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824hash("hbllo") = 58756879c05c68dfac9866712fad6a93f8146f337a69afe7dd238f3364946366hash("waltz") = c0e81794384491161f1777c232bc6bd9ec38f616560b120fda8e90f383853542
helloHbllowaltz
hash("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824hash("hello" + "QxLUF1bgIAdeQX") = 9e209040c863f84a31e719795b2577523954739fe5ed3b58a75cff2127075ed1hash("hello" + "bv5PehSMfV11Cd") = d1d3ec2e6f20fd420d50e2642992841d8338a314b8ea157c9e18477aaef226abhash("hello" + "YYLmfY6IehjZMQ") = a49670c3c18b9e079b9cfaf51634f563dc8ae3070db2c4a8544305df1b60f007
20
Password storage
• Clear text– Simple and easy to implement– Maybe viewed by website administrator and
employee– Maybe viewed by hacker– Most insecure– Never store password in clear text
helloHbllowaltz
21
Password storage
• Hash– Use cryptography level hash function to hash the
password and obtain a fixed length digest– MD5, SHA-1, SHA-512, WHIRLPOOL– Store the digest (hash) instead of the password– Better than clear text– Vulnerable to attack when the password length is
shorthash("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824hash("hbllo") = 58756879c05c68dfac9866712fad6a93f8146f337a69afe7dd238f3364946366hash("waltz") = c0e81794384491161f1777c232bc6bd9ec38f616560b120fda8e90f383853542
22
Password storage
• Offline attack of hash– Cryptography level hash function are designed to
be secure, i.e. it is hard to find phrase such that Hash(phrase) = given digest
– But hash value is vulnerable to the following method of attacks• Dictionary and Brute force attack• Lookup tables and Rainbow Tables
23
Hash attack
• Dictionary attack and Brute force attack
• Lookup tables and Rainbow tables– Pre-compute the hash for all possible combinations up to a length
limit– Free hash cracker at here– Hash cracker that can crack all combination up to length 8 for MD5,
NTLM, LM, SHA1 exists (5711GB of data)
Dictionary Attack
Trying apple : failedTrying blueberry : failedTrying justinbeiber : failed...Trying letmein : failedTrying s3cr3t : success!
Brute Force Attack
Trying aaaa : failedTrying aaab : failedTrying aaac : failed...Trying acdb : failedTrying acdc : success!
24
Password storage
• Salted hash– Rainbow tables attack renders most short password
the same as clear text– Hash the password and salt (randomly generated
string) to obtain a hash, store the hash and the salt value
– Cannot be pre-computed because of the salt– Can be cracked by brute force if the password
strength is weakhash("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824hash("hello" + "QxLUF1bgIAdeQX") = 9e209040c863f84a31e719795b2577523954739fe5ed3b58a75cff2127075ed1hash("hello" + "bv5PehSMfV11Cd") = d1d3ec2e6f20fd420d50e2642992841d8338a314b8ea157c9e18477aaef226abhash("hello" + "YYLmfY6IehjZMQ") = a49670c3c18b9e079b9cfaf51634f563dc8ae3070db2c4a8544305df1b60f007
25
Password transmission
• Password can be transmitted to the server in different forms and through different channels– Forms: clear text V.S. hash– Channel: unencrypted V.S. encrypted
26
Password transmission
Clear text• Maybe eavesdropped
during transmission
Hash• Eavesdropper can get at
most your password’s hash
• Looks like transmitting the hash is a good idea!– Not really– If hash instead of the clear text is transmitted, the intruder can fake
the identity of the user by sending the hash
27
Password transmission
Unencrypted• No overhead• Insecure
Encrypted• Some overhead, negligible
by today’s hardware speed• Secure
• A website should use encrypted connection channel for user login whenever possible
28
Best practice on a login server
• Store the password in salted hash form• Encrypt the login page and every page if
possible• Transmit the password instead of the hash
29
How to manage our password?
• Never use the same password for different sites
30
How to manage our password?
• Never use the same password for different sites
• Use long and strong password• Use rule based methods to ease the
management of passwords
[ 密码 ]=2* ( [ 用户名标识符(小写 / 大写) ]+[ 用户名长度 ]+[.]+[ 网站标识符(大写 / 小写) ] )
例: [email protected] ,密码为: gk8.GM GK8.gm
[email protected] 密码为: ssh10.HTSSH10.ht
31
How to manage our password?
• Use dedicated password manager– 1Password– LastPass
32
LastPass
• The last password you should remember– It saves your password and automatically fills it in
when you open a website
33
LastPass
• The last password you should remember– It generates secure password
34
LastPass
• The last password you should remember– It is safe• All your information store is encrypted using 256-bit
AES– Even if lastpass is hacked, your information will not leak
• Encrypted channel is used exclusively for all communications• Only you know the decryption key
– Lastpass has no access to your information
35
LastPass
• One thing that concerned me when I first start to use lastpass– The login key and decryption key is the same???!!!– They are not• Hash of your master key is used for login• Combination of your username and master key (in the
original form) is passed through PBKDF2-SHA256 (using a lot of iterations) to generate the decryption key• However, you do need a long and strong master
password so that recover it from the hash is infeasible
36
• References and picture source:– http://www.troyhunt.com/2011/07/science-of-pas
sword-selection.html– http://www.troyhunt.com/2011/06/brief-sony-pas
sword-analysis.html– http://www.guokr.com/article/61644/– https://xato.net/passwords/more-top-worst-pass
words/– http://crackstation.net/hashing-security.htm