Advertisement:

Author Topic: [MOD] [PENDING] Password security  (Read 33116 times)

Offline Sorunome

  • Semi-Newbie
  • *
  • Posts: 30
    • Sorunome on GitHub
Re: [MOD] [PENDING] Password security
« Reply #60 on: February 24, 2017, 10:42:28 AM »
So the risk is that you have to have your DB leaked so that people can break into your site?

If they already have your DB, job done?
If an attacker has your DB and you only use sha1 for passwords they also have practically your cleartext passwords, so why hash them at all and not just store them in cleartext?
Quote
And if people didn't reuse passwords (or better, password managers), that's not an issue either.
This assumes that the avarage internet user does that, which is false.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,050
    • Arantor on GitHub
Re: [MOD] [PENDING] Password security
« Reply #61 on: February 24, 2017, 12:10:27 PM »
They don't have "practically" anything. Stop exaggerating. They have a salted hash that is salted on a per user basis. They'd have to create a rainbow table per user to obtain a password.

And frankly for most users, hitting up the top 1000 passwords would cover most bases which they could do if they had a DB dump since it's just as possible, albeit slower, to do the rainbow table deal with even something like bcrypt. Especially since you don't need to hit everything, hitting the top 1k passwords would hit a disturbingly large number of users.

Fun fact: most of the people who would be targetable in the kinds of attack you're describing have already had their password breached already from other services. The kinds of people you think will become vulnerable that aren't already vulnerable won't become vulnerable because different password/password manager etc.

I'm not sure what user base you genuinely think is as risk here.

Honestly if I believed the risk were as serious as you're hyping it out to be, I'd have already backported the bcrypt code from 2.1 myself including its password upgrade process. It's not like I don't have the skill to do so or the reputation within the community to be trusted with such a task, it's that I just don't believe it is as serious as it is claimed. Though that is not to say that there is no risk, it's just hyped out of proportion.

Unfortunately there's been a lot of scaremongering about such things where malicious actors are presumed but the reality is that the types of resources involved are bordering on state government level to realistically do the kinds of damage theorised.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 55,119
  • Gender: Male
    • Kindred-999 on GitHub
Re: [MOD] [PENDING] Password security
« Reply #62 on: February 24, 2017, 01:24:19 PM »
Unfortunately for you, the FUD, exaggeration and hyperbole basically weaken your case to nothing.

Arantor has already clearly explained the situation -- even if you don't accept it, fact beats opinion, 100% of the time -- so, no... it is unlikely that 2.0.x is going to change the password formula any time soon.
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Sorunome

  • Semi-Newbie
  • *
  • Posts: 30
    • Sorunome on GitHub
Re: [MOD] [PENDING] Password security
« Reply #63 on: February 24, 2017, 03:22:41 PM »
They don't have "practically" anything. Stop exaggerating. They have a salted hash that is salted on a per user basis. They'd have to create a rainbow table per user to obtain a password.
....which can be obtained extremely quickly because sha1 hashes things extremely quickly, it was never meant for passwords in the first place, it was meant for hashing larger files. But, you know what, just ignore that i am keep saying that because nothing I say matters anyways, right? I mean, it's not like you find that everywhere on the internet and it is actually a fact that the sha hashes were designed to digest a large amount of data, and thus are very weak on passwords.
Quote
Honestly if I believed the risk were as serious as you're hyping it out to be, I'd have already backported the bcrypt code from 2.1 myself including its password upgrade process. It's not like I don't have the skill to do so or the reputation within the community to be trusted with such a task, it's that I just don't believe it is as serious as it is claimed. Though that is not to say that there is no risk, it's just hyped out of proportion.
Ok, then go ahead and backport it, if it is such a simple task and vastly improves the security, what stops you from doing that?
Quote
Unfortunately there's been a lot of scaremongering about such things where malicious actors are presumed but the reality is that the types of resources involved are bordering on state government level to realistically do the kinds of damage theorised.
This is not scaremongering, this is fact. If you hash on GPU the entire process doesn't take 6.6k years at all like you proclaimed earlier. Now start using a botnet and suddenly bruteforcing sha1 is way too realistic already. Such password-hashing issues need to be solved before they become feasable for your avarage everyday hacker, and bruteforcing sha1 is already rather feasable bruteforcing, even for more complex passwords.
Also, your 6.6k years are for bruteforcing, the new mentioned SHAttered attack performs 100000 times faster ( https://shattered.it/ ), so let's do some math.
6600 years / 100000 = 0.066 years
0.066 years * 365 days / year = 24.09 days.
Woops, that doesn't seem that long anymore, does it? And they are saying they are still improving this.....
Now think about this: All the hash collisions mentioned are for large files........you are hashing single passwords with sha1. That is way fewer data, meaning you can, well, create hash collisions far quicker. Meaning you could easily get an sha1-hashed password within a day


If you happen to know german, here's another very reliable source on the subject: https://www.heise.de/newsticker/meldung/Todesstoss-Forscher-zerschmettern-SHA-1-3633589.html


Bottom line: sha1 is not secure anymore and was never secure for passwords.

[...]

Arantor has already clearly explained the situation -- even if you don't accept it, fact beats opinion, 100% of the time -- so, no... it is unlikely that 2.0.x is going to change the password formula any time soon.
This is correct, fact beats opinion, which is why I actually argue based on facts ;)

It seems you are implying that SMF 2.0.x will continue recieving poor security, which gives me nothing to believe that future SMF versions should have any better security.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,050
    • Arantor on GitHub
Re: [MOD] [PENDING] Password security
« Reply #64 on: February 24, 2017, 03:33:41 PM »
Quote
If you hash on GPU the entire process doesn't take 6.6k years at all like you proclaimed earlier

The 6.6k years figure came out of the study recently done by the team that actually produced a collision on an SHA-1 hash. That's how much compute time it actually took them to intentionally produce a collision. That's why I call this scaremongering because talking about collisions is one thing, talking about password security is another. I'll stop blowing holes in your strawman as soon as you stop setting it back up.

And here's the problem: no-one is denying that SHA-1 has a problem for this use. I dispute that it was never designed for secure applications (hint: what does the S stand for again?) but as a password mechanism it was certainly adequate for a very long time. And it was discussed back as far as 2011 to update it in SMF - the problem is that the people who have the skill don't necessarily have the time.

You're asserting that I claimed it was simple; I certainly didn't and each time you insinuate something that wasn't there, you just piss off me and all the other people whose reputations you're maligning, those who could actually do something about this. I said if I thought it was necessary to have done so before now, I would have done so. Especially as time before now I had the time to spend fixing things in my spare time so that people like you could benefit from it. I also found that I preferred getting paid to having warm fuzzy feelings, so I now have somewhat less free time, and burning it dealing with people like you does limit my interest in so doing - but make no mistake, it isn't because I can't. It's because I haven't seen it as necessary, I still don't consider it necessary, but you'll take that to insinuate that I have a problem with security or some inference that doesn't exist because you have a grudge and you don't understand enough to do something about it yourself, other than hype the problem out of proportion and blame everyone else about it.

Quote
I actually argue based on facts

When you start showing me some rather than conflating two arguments, we'll talk.

Quote
Also, your 6.6k years are for bruteforcing

You know better than Google security researchers now? Interesting.
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 55,119
  • Gender: Male
    • Kindred-999 on GitHub
Re: [MOD] [PENDING] Password security
« Reply #65 on: February 24, 2017, 07:15:47 PM »
Please stop trying to spread FUD.
You have taken one instance and suggested that it is applicable across the board. That is not a fact, that is conflation.

Also, please stop suggesting false things about the security of SMF. Your comments are uncalled for.
For anyone viewing this thread: please do not be confused by, or get afraid because of, sorunome's (latest) commentary. SMF's security is in good shape, and we're always monitoring it in order to keep it that way. We always have and we always will do that, as a secure product for our users has the highest priority.

And, on that note, I think this thread has ran its course and should be locked.
« Last Edit: February 24, 2017, 11:52:46 PM by CoreISP »
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline CoreISP

  • Server Admin
  • Server Team
  • SMF Super Hero
  • *
  • Posts: 16,990
  • Gender: Male
  • CoreISP.net
    • liroyvh on LinkedIn
    • @liroyvh on Twitter
    • CoreISP Corporation :: WebHosting, Dedicated Servers, and more!
Re: [MOD] [PENDING] Password security
« Reply #66 on: February 25, 2017, 12:40:43 AM »
My apologies for violating the lock

Hello again,


We appreciated your first report (despite its tone, for which you later apologised.) and are closely watching any and all developments in this area, and appreciate your concerns and efforts to raise security awareness. But in your passion, and/or perhaps your lack of fully understanding exactly what the (scope of the) problem is (as explained above, namely by Arantor (thanks! :))): you're now strongly over-exaggerating the dangers and impact of this matter.

We know about this, and we have absolutely joined in on the industry efforts to move away from SHA-1 in future products - we jumped on that bandwagon a long time ago. But the hyper-inflated sense of urgency, with an undertone of "doom scenario", you're trying to impose on us for this particular subject is quite unnecessary. Moreover, your remarks about "poor security" are absolutely unnecessary, uncalled for, simply NOT true, and actually borderline insulting. And you already knew that it's not true, because it has been explained to you before and you already know the mechanism our new products use - and if I remember right: you even agreed they're very well secured indeed.
SMF 2.0 is not insecure at all, and if I may be so free: I think it's very unkind and unfair of you to make claims that it is.

Last time we all met in this thread, you apologised for being too quick to jump to conclusions and for coming off way too aggressive - I'm afraid this happened again just now, and I would advise, and kindly ask you, to put more consideration in to what you post here in the future. I admire your passion, but please stick to the truth, don't over-exaggerate and don't get in to scaremongering.

Last but not least: that we're not sharing the same sense of urgency due to a variety of reasons (as outlined above by others), does not mean that we're not closely watching it nor that we're dismissing everything you're saying regarding SHA-1. It also does not mean that we're not going to look in to seeing if we should be making a change to 2.0's core at all - we always look at ways to improve our security, even if there isn't a security issue (yet); such as this case. We pride ourselves at spending a significant amount of time and resources towards product security, and even sometimes pre-emptively make changes as we're rather safe than sorry.
We're just simply not rushing it and are carefully prioritizing, so our devs can work efficiently. We're not saying (at this time) that we're never going to change it, we're simply saying we're not going to instantly... It's not urgent enough to dedicate our precious and scarce development time towards this immediately, as at this moment: it's not a threat towards the security of SMF 2.0. If we're going to change it: it's merely an improvement to the strength of 2.0's security, which already is one of the most (if not *the* most ) secure open-source community software product on the market, and it will make it more future-proof. But SMF 2.1 development has a much higher priority for that purpose, especially as SMF 2.1 *is* the future and already contains the more resilient and future-proof hashing methods.

Thank you in advance for your future consideration, and despite our disagreements: I'd like to thank you again for your input. :)
Incidentally, I support the locking of this thread - enough has been said.
« Last Edit: February 25, 2017, 01:13:58 AM by CoreISP »
- CoreISP.net Corporation -
  WebHosting, Colocation, Domain Registration & Network Services
- DedicatedBox.us Servers -
  Low priced Servers in a high-quality Network, the place for all your (advanced) server needs.
  We specialize in hosting big boards. Contact us!

((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Offline nend

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 1,755
  • 2 deep n2 the code
    • sicommnend on GitHub
    • SIComm.us
Re: [MOD] [PENDING] Password security
« Reply #67 on: February 28, 2017, 01:30:24 AM »
Sorry for the late reply, been real busy as of lately.

I know we discussed this before but in order to keep things black and white, after much consideration I regret to inform that we can not approve this modification due to Customization approval guidelines under Installation / Uninstallation.

Please note this modification was only denied due to a technicality in which conflicted with the customization guidelines. I do recommend on continuing development and as you posted those interested in this customization will find this topic and download it from GitHub.

If at any point you would like to reopen this topic to discussion or updated code that would remedy the issue, please let us know.

We appreciate the devotion and time that you have spent on this customization and hope to see more work in the future.