News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

IMPORTANT: Community security breach

Started by LiroyvH, July 23, 2013, 12:45:08 PM

Previous topic - Next topic

LiroyvH

Quote from: giappaig on July 28, 2013, 01:30:29 PM
If you encode password in md5, sha-1, Do hacker can decode it ?

Yes, it can be decrypted.
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Tiny Clanger

Quote from: CoreISP on July 28, 2013, 01:53:24 PM
Yes, it can be decrypted.

But if your password has sufficient entropy, an ordinary pest like Sputn1k probably won't bother trying. For alphanumeric passwords of 12 characters or more, your cracker is more likely to work for someone with their own undersea lair or a seat on the UN security council.

青山 素子

Quote from: CoreISP on July 28, 2013, 01:53:24 PM
Quote from: giappaig on July 28, 2013, 01:30:29 PM
If you encode password in md5, sha-1, Do hacker can decode it ?

Yes, it can be decrypted.

To be accurate, the encryption (it's actually called a hash) can be broken by finding something else that matches the hash. It can't be decoded in the sense of being able to reverse the encryption.

If you have a really strong password, it'll be more difficult for the hash to be broken for you. If you use a weak password, it'll be easier and faster. No matter what, it's a matter of time and you should be careful and change the password here.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


rickmastfan67

Man, it took 3+ days before I got the e-mail about this.  But I have changed my password.  Don't think I used it on any other website.

Tiny Clanger

Quote from: 青山 素子 on July 28, 2013, 02:20:49 PM
it's a matter of time

Potentially, millennia - though it's a reasonable precaution to change a password if the hash has been pinched. The more usual way to get hold of someone's login is in plain text off their own compromised machine.

French

Quote from: 青山 素子Many prominent security minds disagree with your opinion
In this case that's hard to believe .

QuoteUnfortunately for us, a Administrator used the same password elsewhere on another site and access to our site was obtained when the password from the other hacked site was successfully decrypted. As a result, the hacker was able to login here with admin rights.

The database of the SMF forum has been hacked because an administrator password has been cracked..........that' a fact.
No problem its history nothing more can be done about it.
But it was a result of poor password policy.

So tell me what's wrong if admins and team members passwords should being changed on a regularly base,in order to reduce the chance that this will ever happen again.

LiroyvH

Quote
Potentially, millennia - though it's a reasonable precaution to change a password if the hash has been pinched. The more usual way to get hold of someone's login is in plain text off their own compromised machine.

Considering you can brute with billions of different hashes per second, it all depends on the password strength.
If you use a password like "redwinebottle", it's a matter of seconds to minutes.
If you use a password with 30 completely random characters, upper/lower case differences and special characters: it's going to be *a lot* more difficult.


Quote
So tell me what's wrong if admins and team members passwords should being changed on a regularly base,in order to reduce the chance that this will ever happen again.

Nothing if it's maybe once a year or so, but your comparison is wrong. In order to reduce the chance of this happening, it's not a matter of changing password regularly. It's a matter of not using the same password on different sites.
If the person that wants access doesn't know the hashed password, it's impossible to decrypt it and you'll have to brute force it on the server. (Which is a lot harder due to various reasons, if someone tries to brute force it with billions of attempts per second: the server will crash on the first second. In fact, the amount of data required to send so many hashes would probably already choke the network connection so it would be more a denial of service than a bruteforce attack...)

So, as long as different passwords are used on different websites, the only reason to change passwords would be if it's potentially obtained in another way.
BUT, if it's stolen from a computer, say due to the use of a keylogger, network sniffing or whatever: the password is instantly obtained and no matter how many times you change password: the hacker can obtain access right then and there.

Which leads to the question: what's the major advantage in changing it over and over again if you have a very strong password that you don't use elsewhere?
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Kindred

as I have said previously.. forcing users (even a limited subset of users) to change password leads to INSECURE passwords.
Since they have to change them, people user series or other easily remembered passwords instead of one, very secure password that they can memorize once....
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

青山 素子

Quote from: Tiny Clanger on July 28, 2013, 02:35:54 PM
Quote from: 青山 素子 on July 28, 2013, 02:20:49 PM
it's a matter of time

Potentially, millennia - though it's a reasonable precaution to change a password if the hash has been pinched.

Yes, with current technology. Unfortunately, technology seems to have a way of getting better and better at things. Also, sometimes flaws are discovered in existing cryptography methods that break hashes. New methods of analysis are being developed everyday by very smart people.


Quote from: French on July 28, 2013, 03:37:54 PM
Quote from: 青山 素子Many prominent security minds disagree with your opinion
In this case that's hard to believe .

Did you bother to check my references? I mean, Bruce Schneier, creator of PGP, Blowfish (used in bcrypt) disagrees with you. Gene Spafford, who analyzed the Morris Worm (the first Internet "virus") and is an adviser to the National Science Foundation disagrees with you. Steve Bellovin, a creator of USENET, creator of a few security protocols, and Chief Technologist at the Federal Trade Commission disagrees with you. So do M. Angela Sasse and Anne Adams, prominent security researchers.

Provide your credentials or some citations showing that you're right. I'm waiting.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


IchBin™

I still have not received any announcement from SMF. This has happened before in the past to me. Curious if you can find any reason why Core. :D
IchBin™        TinyPortal

LiroyvH

Quote from: IchBin™ on July 28, 2013, 08:43:07 PM
I still have not received any announcement from SMF. This has happened before in the past to me. Curious if you can find any reason why Core. :D

It doesn't like you! :P
I'll try to check it out mate, it's not in your spam folders either?
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

French

Quote from:  CoreISPWhich leads to the question: what's the major advantage in changing it over and over again if you have a very strong password that you don't use elsewhere?
Okay you all convinced me ............ nice instructive and useful discussion,thank you all  ;)

Tiny Clanger

Quote from: CoreISP on July 28, 2013, 03:57:29 PM
Considering you can brute with billions of different hashes per second, it all depends on the password strength.
If you use a password like "redwinebottle", it's a matter of seconds to minutes.

Actually redwinebottle is relatively resistant to brute force. It's susceptible to dictionary attack. (... I'll get my coat.)

Quote
If you use a password with 30 completely random characters, upper/lower case differences and special characters: it's going to be *a lot* more difficult

to remember  ;) (and a bit OTT even for a keychain)

see http://xkcd.com/936/

for a more human approach, though the example's a bit light on entropy. Or you can still use mnemonic phrases. I could think that SMF makes me think of Smurfs and I associate Smurfs with the Barron Knights' 1978 spoof of the Smurf Song: "Where are you all coming from? We're from Dartmoor, on the run." So my password would be (but isn't) BK78WayacfWfDotr, which is annoyingly memorable. It's nowhere near random, just humanly muddled, but it's long enough for muddled to be good enough, even with a fast hash. That is, it would last the time taken for admins to notice their db's been pinched and alert users, even if users then realise they've been a bit human and are using the same login elsewhere. (Don't need to worry too much about future technologies for present purposes.)

In the case of the Ubuntu hack, Sputn1k claims that cracking the passwords would be too much bother for the return. But with all those lovely email addresses, were I similarly minded, I'd go phishing.  :(

LiroyvH

Quote
Actually redwinebottle is relatively resistant to brute force. It's susceptible to dictionary attack.

* CoreISP considers a dictionary attack as a way of brute forcing as well.
After all, it has to keep trying different words/word combinations.
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Tiny Clanger

Obviously you're entitled to your opinion  :) :), but they are distinctly different forms of attack, not least in resources required, and shouldn't really be conflated.
Quote from: CoreISP on July 28, 2013, 03:57:29 PM
Considering you can brute with billions of different hashes per second
That describes a brute force attack, but it's not the method that'll get you redwinebottle in a hurry.

LiroyvH

* CoreISP shrugs
If you want to deny the similarities, be my guest. :)
Sure they are different type of attacks, doesn't mean they don't have quite a few things in common.

But actually, bruting a pass like that, if it's even actually required and there isn't a previously available hash for something simple like that, shouldn't take too long.
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Tiny Clanger

Quote from: CoreISP on July 29, 2013, 11:33:11 AM
If you want to deny the similarities

Now you know that's not what I was doing.  ;) I was showing that you were confusing the two.  :) ::)

Let's try a quick MD5 hash.  :) Hmm, not in the database I have to hand. Lets try ripping it. Nope, nope, gotcha - though I did know what I was looking for. Were I to feed it to the cat, on the other hand, it would potentially be chewing for a lot longer and/or at greater expense than you suspect. In this case it wouldn't be necessary because we've already caught it the easy way, but in general it wouldn't be attempted without a very strong reason to need that particular password.

LiroyvH

Quote
I was showing that you were confusing the two.

No not really actually. It was you who made the link to dictionary attacks. I didn't say anything about that myself :P
"redwinebottle" was a simple example of a random simple password... Such a password will still be much easier to brute than say a password like this: "FIN6@,k;vUcf>I<*7dl54r~2401[XxEZ[-A{N". (That's the root password to nsa.gov! :P Before anyone gets their hopes up: it's a password I randomly created.)

Sure, a dictionary attack might be (much) faster to crack "redwinebottle" and less resource intensive, but that wasn't really what I was gaining at. I was merely pointing out what a simple password is and show an example, rather than picking the best method to crack such a password...
On a sidenote, "redwinebottle" has probably already calculated so many times that I doubt it needs more than a second to compare it with pre-calculated hash tables, heh.
((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Tiny Clanger

QuoteConsidering you can brute with billions of different hashes per second, it all depends on the password strength.
If you use a password like "redwinebottle", it's a matter of seconds to minutes.

suggests a confusion between brute-force and dictionary attacks, and the explanatory assertion

QuoteCoreISP considers a dictionary attack as a way of brute forcing as well.
After all, it has to keep trying different words/word combinations.

confirms the confusion. The alternative explanation:

QuoteBut actually, bruting a pass like that [...] shouldn't take too long.

Well, we're not talking "seconds to minutes". There are different ways to estimate it, but for a flavour, see http://password-checker.online-domain-tools.com/ (It's not something you'd try in bulk.) Then try the dictionary-attack check.

Quote"redwinebottle" has probably already calculated so many times that I doubt it needs more than a second to compare it with pre-calculated hash tables, heh

I think salting has already been discussed, but see also https://crackstation.net/hashing-security.htm

tomreyn

Quote from: 青山 素子 on July 27, 2013, 02:46:58 PM
SMF might switch to something more complex very soon, assuming hosts upgrade. The problem, of course, is that long-lived popular server distributions like RHEL/CentOS are still using PHP 5.3.3 in their latest stable releases. What they are doing makes sense for them, but it does make it a bit tough when one wants to use newer functionality. (Luckily, there are repositories like IUS that help.)

There are plenty of good solutions out there, the problem is compatibility.

That's why I think the right solution is one where the admin(s) configure(s) the hashing mechanism to use, and where SMF upgrade scripts allow you to switch to a different one (by means of a site-wide password reset, a process which needs yet to be developed or documented in a secure fashion, too). Making this configurable is the only way you can keep both users of legacy and current software happy. And this issue of having to support both old and current versions, where only current versions provide sufficient security by contemporary standards, is not going to go away any time soon.

Quote from: 青山 素子 on July 27, 2013, 02:46:58 PM
Just to note, I'm not a developer on this project.

Thanks for pointing this out, I actually missed it.

Advertisement: