489 |
489 |
490 \begin{center} |
490 \begin{center} |
491 \pcode{5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8} |
491 \pcode{5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8} |
492 \end{center} |
492 \end{center} |
493 |
493 |
494 \noindent then just a lookup in the dictionary will reveal |
494 \noindent then just a lookup in the dictionary will reveal that the |
495 that the plain-text password was \pcode{password}. What is |
495 plain-text password was \pcode{password}. What is good about this |
496 good about this attack is that the dictionary can be |
496 attack is that the dictionary can be precompiled in the ``comfort of |
497 precompiled in the ``comfort of the hacker's home'' before an |
497 the hacker's home'' before an actual attack is launched. It just needs |
498 actual attack is launched. It just needs sufficient storage |
498 sufficient storage space, which nowadays is pretty cheap. A hacker |
499 space, which nowadays is pretty cheap. A hacker might in this |
499 might in this way not be able to crack all passwords in our database, |
500 way not be able to crack all passwords in our database, but |
500 but even being able to crack 50\% can be serious damage for a large |
501 even being able to crack 50\% can be serious damage for a |
501 company (because then you have to think about how to make users to |
502 large company (because then you have to think about how to |
502 change their old passwords---a major hassle). And hackers are very |
503 make users to change their old passwords---a major hassle). |
503 industrious in compiling these dictionaries: for example they |
504 And hackers are very industrious in compiling these |
504 definitely include variations like \pcode{passw0rd} and also include |
505 dictionaries: for example they definitely include variations |
505 rules that cover cases like \pcode{passwordpassword} or |
506 like \pcode{passw0rd} and also include rules that cover cases |
506 \pcode{drowssap} (password reversed).\footnote{Some entertaining rules |
507 like \pcode{passwordpassword} or \pcode{drowssap} (password |
507 for creating effective dictionaries are described in the book |
508 reversed). Historically, compiling a list for a dictionary |
508 ``Applied Cryptography'' by Bruce Schneier (in case you can find it |
509 attack is not as simple as it might seem. At the beginning |
509 in the library), and also in the original research literature which |
510 only ``real'' dictionaries were available (like the Oxford |
510 can be accessed for free from |
511 English Dictionary), but such dictionaries are not |
511 \url{http://www.klein.com/dvk/publications/passwd.pdf}.} |
512 ``optimised'' for the purpose of passwords. The first real |
512 Historically, compiling a list for a dictionary attack is not as |
513 hard data about actually used passwords was obtained when a |
513 simple as it might seem. At the beginning only ``real'' dictionaries |
514 company called RockYou ``lost'' 32 Million plain-text |
514 were available (like the Oxford English Dictionary), but such |
515 passwords. With this data of real-life passwords, dictionary |
515 dictionaries are not ``optimised'' for the purpose of passwords. The |
516 attacks took off. Compiling such dictionaries is nowadays very |
516 first real hard data about actually used passwords was obtained when a |
517 easy with the help of off-the-shelf tools. |
517 company called RockYou ``lost'' 32 Million plain-text passwords. With |
|
518 this data of real-life passwords, dictionary attacks took |
|
519 off. Compiling such dictionaries is nowadays very easy with the help |
|
520 of off-the-shelf tools. |
518 |
521 |
519 These dictionary attacks can be prevented by using salts. |
522 These dictionary attacks can be prevented by using salts. |
520 Remember a hacker needs to use the most likely candidates |
523 Remember a hacker needs to use the most likely candidates |
521 of passwords and calculate their hash-value. If we add before |
524 of passwords and calculate their hash-value. If we add before |
522 hashing a password a random salt, like \pcode{mPX2aq}, |
525 hashing a password a random salt, like \pcode{mPX2aq}, |
556 possible if each password gets its own salt: since we assume |
559 possible if each password gets its own salt: since we assume |
557 the salt is generated randomly, each version of \pcode{123456} |
560 the salt is generated randomly, each version of \pcode{123456} |
558 will be associated with a different hash-value. This will |
561 will be associated with a different hash-value. This will |
559 make the life harder for an attacker. |
562 make the life harder for an attacker. |
560 |
563 |
561 Note another interesting point. The web-application from the |
564 Note another interesting point. The web-application from the previous |
562 previous section was only secure when the salt was secret. In |
565 section was only secure when the salt was secret. In the password |
563 the password case, this is not needed. The salt can be public |
566 case, this is not needed. The salt can be public as shown above in the |
564 as shown above in the Unix password file where is actually |
567 Unix password file where is actually stored as part of the password |
565 stored as part of the password entry. Knowing the salt does |
568 entry. Knowing the salt does not give the attacker any advantage, but |
566 not give the attacker any advantage, but prevents that |
569 prevents that dictionaries can be precompiled. While salts do not |
567 dictionaries can be precompiled. The moral is that you should |
570 solve every problem, they help with protecting against dictionary |
568 never store passwords in plain text. Never ever. |
571 attacks on password files. It protects people who have the same |
569 |
572 passwords on multiple machines. But it does not protect against a |
|
573 focused attack against a single password and also does not make poorly |
|
574 chosen passwords any better. Still the moral is that you should never |
|
575 store passwords in plain text. Never ever.\medskip |
|
576 |
|
577 \noindent |
|
578 If you want to know more about passwords I recommend viewing some |
|
579 youtube videos from the PasswordCon(ference) which takes place each |
|
580 year. The book by Bruce Schneier about Applied Cryptography is also |
|
581 recommendable, though quite expensive. Clearly, passwords are a |
|
582 technology that comes to the end of its usefulness, because brute |
|
583 force attacks become more and more powerful and it is unlikely that |
|
584 humans get any better in remembering (securely) longer and longer |
|
585 passwords. The big question is which technology can replace |
|
586 passwords\ldots |
570 \end{document} |
587 \end{document} |
571 |
588 |
572 %%% Local Variables: |
589 %%% Local Variables: |
573 %%% mode: latex |
590 %%% mode: latex |
574 %%% TeX-master: t |
591 %%% TeX-master: t |