Hash + salt as a panacea for the decrypt
Habr is not a place for repost and save-pastes - remember!
This is a repost comment mentioned in habrposte , and the comment itself is a comment (sorry for the tautology) here on this article , where it can be found. In my opinion he has a place on the Habré, because he is a masterpiece! Every programmer and DBA should read this, and indeed it is useful for any% username%.
Add in turn the salt, the water, then something else, you can endlessly ... I do not see the point.
The first problem is a short, “not perverted” (and often consisting of only numbers) user password. Hacking is comparing a stolen hash and hash from a rainbow table. The sizes of the table are not infinite. Say, when searching all the passwords of 6 characters (i.e., having tried all possible characters in such a password, for example, 0-9, az, AZ, only 62 characters), we get 62 ^ 6 (62 characters to the 6th degree) = 56 ' 800'235'584 hashes. Each is 32 bytes long, which means disk space to store the table needs 56'800'235'584 * 32 = 1'817'607'538'688, i.e. approximately 2 Tbytes. This is not very much, but our password was only 6 characters long, and it was these short passwords (or a little longer than 9 -12 characters, but then password hashes are generated and stored in the dictionary, i.e. according to the list of most frequently used users of passwords, these are ordinary words, numbers, well, etc., that is, not “perverted” passwords). And now count how many hashes will be with a password length of 32 characters. But to force the user to enter and remember a password of 32 characters, of course, is not realistic, so we simply run the real password of the user 2 times, for example with the function md5 () ;. After the first run, we get a password, which is not simple, but “perverted”, and is 32 bytes long. And at the second run, already a password of 32 characters, we get a new hash, which we save. Now, what would be by iterating to determine from the existing hash the previous hash, and then, based on the previous hash found, the real password of the user will need, to put it mildly, an “endless” table of hashes ...
So, about!
But it was all a saying !!! and the tale is ahead ...
Now we return to our main problem, SHORT AND EASY PASSWORD users.
')
What I need to “crack” the above described method of “storing” passwords. And the main thing is that I already HAVE for this?
And I have absolutely NOT LITTLE! We can say that I already have the password of the user !!! Or rather, I already have all the passwords of the majority of users !!! And why? yes all because "Short and simple user passwords".
Now what am I doing ...
1. I register on a hacked site.
2. Hack the database or the place where password hashes are stored. (this is a condition of this topic)
3. I find my hash. (by my user name)
-. Why do I need the first three steps?
+. In order to determine how to get the hash on the site. That is, I go through the possible options:
md5 ($ pass);
md5 (md5 ($ pass));
md5 (md5 (md5 ($ pass)));
sha1 (md5 (crypt ($ pass)));
... and so on, until I get my hash!
If the programmer used simply md5 (md5 ($ pass)); then it is easier for me.
4. I have a “formula” of getting a hash, now I need a program that will generate
all the hashes are according to this formula (I will download it or write it myself), and not a lot of time (if there are 1'000'000 hashes per second, then for 56'800'235'584 hashes it is about 20 hours, BUT consider this MAXIMUM, and if the dictionary to go through or just passwords from numbers, then it will take less time).
AND EVERYTHING! All passwords up to 6 characters long are in my pocket!
So! This method has been hacked, now PRO SALT ...
We break the method of the author of the article ...
-. Perform the first 3 steps.
Now, if I hacked the database and got the password hashes, then I also got every “salt” !!!
And what am I doing?
Yes, all the same !!!
Just now, when I search for a “formula” for obtaining a hash, I add this salt, with what are all the possible options!
md5 (md5 ($ pass. $ salt));
md5 (md5 ($ pass). $ salt);
md5 (sha1 ($ salt.crypt ($ pass)));
… etc…
Well, then I think already guess ... Genera all the hashes adding salt ALREADY in the right place and using the correct formula.
But here, as you can see, there is already one “slim” plus sign.
We are already talking not about breaking all passwords, but about breaking a single account, the salt is different for each user, and therefore it will be necessary to generate a new table for each user. In both!
And why the plus "thin"?
Yes, again, all because "SIMPLE AND SHORT PASSWORDS" !!! (sure I am already tired of you! .. be patient!)
I start to generate a dictionary using only numbers (most passwords are dates of birth). Typically, a website requires a password of at least 6 characters, i. E. I iterate over for example:
dates of type 010101; (6 characters in length, all from January 1, 1901, until April 22, 2011, where it is 365 * 110 = 36500 !!! TOTAL !? and I am still generous, but you can safely remove the first 50 years and the last 10-15 years .
Also, the date when the user writes something like 111977; (January 1, 1977, i.e. variants without zeros)
Also options with 7-digit dates and 8-digit ...
“I had a year ... 3 - for the escape ... 5 - for the kindergarten ... well, how much for the old woman? Well, let 10 years ... And I'm due to some 16 years ... "
Well, let us have only 1'000'000 variants of the date of birth! If the machine generates 1'000'000 hashes per second - it turns out I will open the user per second, and if you move from younger to older, then even faster !!!
And what have we got? We have opened in one hour - 3600 users "with SALT"!
And the beauty is that the salt did not help! And why? I see in the face, already guessed!
last time: "SIMPLE AND SHORT PASSWORDS" !!!
"So what?" - you say - "then there is no reliable method?".
And rightly say!
You are looking for a reliable method on the Internet or how you still like the “frequently used method”, and at the same time you WILL ALWAYS MAKE AN ERROR! therefore, as “what two people know, everyone knows!” and as you know, “what one person built, the other will always be able to break.”
So what to do?
And everything is simple, "WANT TO LIVE - LEAD AT BOOM!"
Do not use well-known techniques, or change them in your own way, saw off, glue, change places, copy, invent something of your own, and so on and so forth ... Think with your head. And in general, think, is it worth it? !!! Do you need this concrete fortress, or can you live in a wooden one ... Even if you write a code that will alternate the hash functions 10-20 times, for example, in the “enter.php” file. First of all: what's stopping me from writing a program that will go through all the options for alternating functions md5, sha1, crypt, etc., and in the end will find the desired sequence in a matter of seconds. And secondly: where is the guarantee that I will not force the server to not execute your “enter.php” file, but simply read it, or find another hole in your site and get the source code of the file. And then at least your code alternates 1000 times, and anything, I just repeat your code when generating a table of hashes and the result will be the same, and all your efforts will be in vain ...
So, there is no reliable protection. It can only be more reliable protection, and there is a hacker who is more cunning than you, by the way, who is not necessarily smarter than you!
PS the comment is left by a certain "k313", perhaps this , if the author of the original comment against this repost, I will remove.
PSS with this repost from the original comment removed the extra punctuation.
This is a repost comment mentioned in habrposte , and the comment itself is a comment (sorry for the tautology) here on this article , where it can be found. In my opinion he has a place on the Habré, because he is a masterpiece! Every programmer and DBA should read this, and indeed it is useful for any% username%.
Add in turn the salt, the water, then something else, you can endlessly ... I do not see the point.
The first problem is a short, “not perverted” (and often consisting of only numbers) user password. Hacking is comparing a stolen hash and hash from a rainbow table. The sizes of the table are not infinite. Say, when searching all the passwords of 6 characters (i.e., having tried all possible characters in such a password, for example, 0-9, az, AZ, only 62 characters), we get 62 ^ 6 (62 characters to the 6th degree) = 56 ' 800'235'584 hashes. Each is 32 bytes long, which means disk space to store the table needs 56'800'235'584 * 32 = 1'817'607'538'688, i.e. approximately 2 Tbytes. This is not very much, but our password was only 6 characters long, and it was these short passwords (or a little longer than 9 -12 characters, but then password hashes are generated and stored in the dictionary, i.e. according to the list of most frequently used users of passwords, these are ordinary words, numbers, well, etc., that is, not “perverted” passwords). And now count how many hashes will be with a password length of 32 characters. But to force the user to enter and remember a password of 32 characters, of course, is not realistic, so we simply run the real password of the user 2 times, for example with the function md5 () ;. After the first run, we get a password, which is not simple, but “perverted”, and is 32 bytes long. And at the second run, already a password of 32 characters, we get a new hash, which we save. Now, what would be by iterating to determine from the existing hash the previous hash, and then, based on the previous hash found, the real password of the user will need, to put it mildly, an “endless” table of hashes ...
So, about!
But it was all a saying !!! and the tale is ahead ...
Now we return to our main problem, SHORT AND EASY PASSWORD users.
')
What I need to “crack” the above described method of “storing” passwords. And the main thing is that I already HAVE for this?
And I have absolutely NOT LITTLE! We can say that I already have the password of the user !!! Or rather, I already have all the passwords of the majority of users !!! And why? yes all because "Short and simple user passwords".
Now what am I doing ...
1. I register on a hacked site.
2. Hack the database or the place where password hashes are stored. (this is a condition of this topic)
3. I find my hash. (by my user name)
-. Why do I need the first three steps?
+. In order to determine how to get the hash on the site. That is, I go through the possible options:
md5 ($ pass);
md5 (md5 ($ pass));
md5 (md5 (md5 ($ pass)));
sha1 (md5 (crypt ($ pass)));
... and so on, until I get my hash!
If the programmer used simply md5 (md5 ($ pass)); then it is easier for me.
4. I have a “formula” of getting a hash, now I need a program that will generate
all the hashes are according to this formula (I will download it or write it myself), and not a lot of time (if there are 1'000'000 hashes per second, then for 56'800'235'584 hashes it is about 20 hours, BUT consider this MAXIMUM, and if the dictionary to go through or just passwords from numbers, then it will take less time).
AND EVERYTHING! All passwords up to 6 characters long are in my pocket!
So! This method has been hacked, now PRO SALT ...
We break the method of the author of the article ...
-. Perform the first 3 steps.
Now, if I hacked the database and got the password hashes, then I also got every “salt” !!!
And what am I doing?
Yes, all the same !!!
Just now, when I search for a “formula” for obtaining a hash, I add this salt, with what are all the possible options!
md5 (md5 ($ pass. $ salt));
md5 (md5 ($ pass). $ salt);
md5 (sha1 ($ salt.crypt ($ pass)));
… etc…
Well, then I think already guess ... Genera all the hashes adding salt ALREADY in the right place and using the correct formula.
But here, as you can see, there is already one “slim” plus sign.
We are already talking not about breaking all passwords, but about breaking a single account, the salt is different for each user, and therefore it will be necessary to generate a new table for each user. In both!
And why the plus "thin"?
Yes, again, all because "SIMPLE AND SHORT PASSWORDS" !!! (sure I am already tired of you! .. be patient!)
I start to generate a dictionary using only numbers (most passwords are dates of birth). Typically, a website requires a password of at least 6 characters, i. E. I iterate over for example:
dates of type 010101; (6 characters in length, all from January 1, 1901, until April 22, 2011, where it is 365 * 110 = 36500 !!! TOTAL !? and I am still generous, but you can safely remove the first 50 years and the last 10-15 years .
Also, the date when the user writes something like 111977; (January 1, 1977, i.e. variants without zeros)
Also options with 7-digit dates and 8-digit ...
“I had a year ... 3 - for the escape ... 5 - for the kindergarten ... well, how much for the old woman? Well, let 10 years ... And I'm due to some 16 years ... "
Well, let us have only 1'000'000 variants of the date of birth! If the machine generates 1'000'000 hashes per second - it turns out I will open the user per second, and if you move from younger to older, then even faster !!!
And what have we got? We have opened in one hour - 3600 users "with SALT"!
And the beauty is that the salt did not help! And why? I see in the face, already guessed!
last time: "SIMPLE AND SHORT PASSWORDS" !!!
"So what?" - you say - "then there is no reliable method?".
And rightly say!
You are looking for a reliable method on the Internet or how you still like the “frequently used method”, and at the same time you WILL ALWAYS MAKE AN ERROR! therefore, as “what two people know, everyone knows!” and as you know, “what one person built, the other will always be able to break.”
So what to do?
And everything is simple, "WANT TO LIVE - LEAD AT BOOM!"
Do not use well-known techniques, or change them in your own way, saw off, glue, change places, copy, invent something of your own, and so on and so forth ... Think with your head. And in general, think, is it worth it? !!! Do you need this concrete fortress, or can you live in a wooden one ... Even if you write a code that will alternate the hash functions 10-20 times, for example, in the “enter.php” file. First of all: what's stopping me from writing a program that will go through all the options for alternating functions md5, sha1, crypt, etc., and in the end will find the desired sequence in a matter of seconds. And secondly: where is the guarantee that I will not force the server to not execute your “enter.php” file, but simply read it, or find another hole in your site and get the source code of the file. And then at least your code alternates 1000 times, and anything, I just repeat your code when generating a table of hashes and the result will be the same, and all your efforts will be in vain ...
So, there is no reliable protection. It can only be more reliable protection, and there is a hacker who is more cunning than you, by the way, who is not necessarily smarter than you!
PS the comment is left by a certain "k313", perhaps this , if the author of the original comment against this repost, I will remove.
PSS with this repost from the original comment removed the extra punctuation.
Source: https://habr.com/ru/post/145667/
All Articles