More Stupidity From Lacatena

Sorry. No preamble this time. This is my third post in one day, and I’m out of wit.

Bob Lacatena told a user:

And I am all in favor of salting passwords — and we have on the new forum — but salting is protection against dictionary attacks, rainbow tables and other intricate password hacking schemes. Our DoS protections would pretty much also thwart a dictionary attack or brute-force attack.

This is stupid. Before I explain, we need to cover some basic information.

Passwords are stored on a server in an encrypted form called hashes. A hash is a unique string of characters generated via an algorithm for a given input. This algorithm goes only one way. There is no way to take a hash and “calculate” the input. There is only one way to figure out the input when all you have is a hash – guessing. You generate an input, run the algorithm on it and see if the output matches the hash you have.

Of course, if you have a password list with thousands of hashes, you’re far more likely to guess right. To combat this, there is a process called “salting.” In salting, you add randomly generated values to each password prior to encrypting them. Think of like changing “password” to “password327” or “password9$6.”

Now then, the salt for each password is often stored along with the hash. That means it isn’t harder to guess an individual password. If you wanted to guess “password” and you know the salt is “a8X,” you’d just guess “passworda8X.” The only time salting matters is when you have a bunch of hashes. If you have a thousand hashes with a thousand different salts, guessing “password” for each one will take a thousand attempts.

Given all this, let’s remember Lacatena said:

And I am all in favor of salting passwords — and we have on the new forum — but salting is protection against dictionary attacks, rainbow tables and other intricate password hacking schemes. Our DoS protections would pretty much also thwart a dictionary attack or brute-force attack.

DoS stands for denial of service in which abnormal amounts of traffic are generated to slow or shut down a resource (like a website). That can include a person who trying to guess thousands of passwords at a site. If a person is trying every word in the “dictionary” as a password, DoS protections may well stop them.

But what does that have to do with salting? Salting only matters when you’re doing an attack against multiple hashes. That doesn’t happen when you try to log into a site. It only happens when you have a password file. He’s talking about two totally different things.

The phrase “dictionary attack” just says what form the attack takes. It doesn’t say what the target of the attack is. If the target is a password file, salting helps. If the target is the login screen of a website, DoS protection helps. Both cannot help at the same time.

Advertisements

5 comments

  1. Yes. That’s why I got confused. I read ‘salting’ as in “affects relationship between password and hack”.

    So this improves securithy in some types of attacks but not others. And– it helps with some times of “dictionary attacks” and not others.

    Someone using a dictionary to guess passwords at login wouldn’t care what the salt is. It doesn’t matter– you enter a username and password, hit submit. It either words or it doesn’t. This is one kind of dictionary attack and salting doesn’t help at all. On the other hand DoS protection might help. (Whether it would stop them depends on what the do for DoS protection. But it could help.)

    On the other hand, if someone already had a huge list of user names and password hash pairs. salting matters, but DoS doesn’t. The reason DoS can’t matter is they already have the list of user names and passwords!! But salting helps. Then you have a dictionary. You take the first password in your “common password” dictionary, guess a salt, add it apply the hash algorithm used by the software (e.g. WordPress). If a password matches, you’ve almost certainly found the salt. Assuming all the salts are shared, once you know the salt, the problem because the same as backing out passwords from unsalted hashes. But salting helped because they attacker first had to find the common salt, which would take some time.

    Of course if each password has a different salt, that makes things harder. But I’m not sure how different salts are accomplished in a way that the software knows the salt for each user password…. but I imagine there is a well know secure way. But in these cases, salting matters, but DoS doesn’t matter at all.

    Obviously, both these things involve a “dictionary” and so might be a “dictionary attack”, but they aren’t the same thing at all and presumably Bob meant one type of attack when he used “dictionary” in the first half of the sentence and another when he used “dictionary” in the 2nd half of the sentence. Very confusing.

    That said: Their databases have been unintentionally released to the public in the past. They ought to be salting their passwords. (And not sending them in clear text over email!!)

  2. lucia, salts are not supposed to be repeated. And while there are (relatively) secure ways to have unique salts for each password, it generally isn’t done. Usually they store salts in the same file as the passwords. It’s not secure, but it does make the passwords harder to crack. A hundred users may have picked “password” as their password, but if there are ten thousand users with ten thousand different salts, it’ll take a while to find those hundred people. You won’t just be able to guess “password” once and see it matches a hundred hashes in the file.

    I think in time storing salts in the password file will be phased out. It’s already far less common in Linux servers than it used to be. If that happens (and salts aren’t repeated), a hacker would pretty much need to get both the password and salt files if they wanted to crack passwords. They couldn’t hope to do anything like a dictionary attack otherwise.

    But really, none of that bothers me as much as his casual admission they use two-way encryption. The idea anyone with the right key could decrypt their entire password file is disturbing. All a hacker would need to do is know one password then try each encryption key on the hash of it until they got a match. As though that’s not bad enough, most two-way encryption schemes are far weaker than one-way meaning they’re easier to find exploits for.

  3. Salting encrypted values is generally done when you have a fixed number of values for a column or where there may be multiple occurences of the same value, in order to prevent people to derive knowledge out of the encrypted. For example, a yes/no bit in a table, without salting, would have exactly two encrypted values – looking at other fields, you could probably determine which was which. Or, if you’re looking at a salary column in a table (encrypted without salting) you could determine who was making the same amount of money (as each other, or you, in which case you’d know their salary).

    It’s also used to strengthen passwords, as mentioned above, but in my experience is used more to strengthen encryption behind a firewall…

  4. lucia, salts are not supposed to be repeated.

    I’m pretty sure they are in WordPress. I could create two ‘users’ give them the same password and check. Of course… if the salt is password dependent? Like based on length of letters in password? Nah… it would still be predictable.

    It’s all passwords sharing the same is still better than no salt. And one way encryption even without salt is better than two way encryption.

  5. I have seen some systems which apply the same salt to all passwords. It doesn’t make much sense. The entire point of salting is to use different keys to ensure unique hashes for all inputs. If you don’t use different salts with each input, that doesn’t happen.

    Technically, I’m not sure it can even be called salting if you use the same salt each time. It’d just be creating hashes from the inputs. There may be value in that, but it’s just another generic encryption step. As far as I can see, it has nothing to do with salting.

    That said, sometimes you can set a variable labeled salt that isn’t the value being added. Instead what you set is a seed value for the RNG the salting function uses.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s