1

What do you know about password?

By Guang LingOct. 8th, 2012

2

What password are you using?

• Before going to the next slide, can you guess what is the most used password?

3

4

5

Some statistics on password

• 4.7% of users have the password password• 8.5% have the passwords password or 123456;• 9.8% have the passwords password, 123456 or

12345678;• 14% have a password from the top 10 passwords• 40% have a password from the top 100 passwords• 79% have a password from the top 500 passwords• 91% have a password from the top 1000

passwords

6

Some statistics on password

thx1138 (turns out this is a movie from forty years back)gundam (actually an anime series)ncc1701 (codename for the USS Enterprise in Star Trek)

7

Some statistics on password

8

I am not concerned!

So what!I am not using these weak passwords!

9

Wait, is your password secure?

• Try your password at here.

10

What is strong password?

• Common misunderstand– The more complex the password, the more secure

it is!

11

What is strong password?

• Measure strength of password using entropy–

• So what is the key to the strength of a password?– Length!

12

Wait, is your password secure?

13

I am not concerned!

HAHA!!!My password is impossible to crack!

14

You should be concerned!

• Recent password leakage incidents in China– In December 22nd, 2011, a famous programmer

forum CSDN has its server hacked and 6,000,000 user accounts leaked

– In December 25th, 2011, user accounts of one of the major discuss forum in China, 天涯 , is leaked and 40,000,000 accounts exposed

– In the following weeks, 人人网 (5m) ，多玩网(8m), 猫扑 (10m), 开心网，世纪佳缘，百合网，美空 all have at least part of their accounts leaked

15

You should be concerned!

• To make things worse, passwords leaked from CSDN and 天涯 are all in clear text!

WHAT!!!!!!I use this username password combination for every website!!!

16

You should be concerned!

• Someone claim that 人人网’ s database is also clear text, it turns out that this might not be true

• However, only 0.84% (4001/4768600) password cannot be cracked

17

A peak at the leaked password files

18

Server-side password

• To better understand how to secure our online identity, let’s take a short detour to talk about password transmission and storage.

19

Password storage

• Form of password storage– Clear text– Hash– Salted hash

hash("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824hash("hbllo") = 58756879c05c68dfac9866712fad6a93f8146f337a69afe7dd238f3364946366hash("waltz") = c0e81794384491161f1777c232bc6bd9ec38f616560b120fda8e90f383853542

helloHbllowaltz

hash("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824hash("hello" + "QxLUF1bgIAdeQX") = 9e209040c863f84a31e719795b2577523954739fe5ed3b58a75cff2127075ed1hash("hello" + "bv5PehSMfV11Cd") = d1d3ec2e6f20fd420d50e2642992841d8338a314b8ea157c9e18477aaef226abhash("hello" + "YYLmfY6IehjZMQ") = a49670c3c18b9e079b9cfaf51634f563dc8ae3070db2c4a8544305df1b60f007

20

Password storage

• Clear text– Simple and easy to implement– Maybe viewed by website administrator and

employee– Maybe viewed by hacker– Most insecure– Never store password in clear text

helloHbllowaltz

21

Password storage

• Hash– Use cryptography level hash function to hash the

password and obtain a fixed length digest– MD5, SHA-1, SHA-512, WHIRLPOOL– Store the digest (hash) instead of the password– Better than clear text– Vulnerable to attack when the password length is

shorthash("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824hash("hbllo") = 58756879c05c68dfac9866712fad6a93f8146f337a69afe7dd238f3364946366hash("waltz") = c0e81794384491161f1777c232bc6bd9ec38f616560b120fda8e90f383853542

22

Password storage

• Offline attack of hash– Cryptography level hash function are designed to

be secure, i.e. it is hard to find phrase such that Hash(phrase) = given digest

– But hash value is vulnerable to the following method of attacks• Dictionary and Brute force attack• Lookup tables and Rainbow Tables

23

Hash attack

• Dictionary attack and Brute force attack

• Lookup tables and Rainbow tables– Pre-compute the hash for all possible combinations up to a length

limit– Free hash cracker at here– Hash cracker that can crack all combination up to length 8 for MD5,

NTLM, LM, SHA1 exists (5711GB of data)

Dictionary Attack

Trying apple        : failedTrying blueberry    : failedTrying justinbeiber : failed...Trying letmein      : failedTrying s3cr3t       : success!

Brute Force Attack

Trying aaaa : failedTrying aaab : failedTrying aaac : failed...Trying acdb : failedTrying acdc : success!

24

Password storage

• Salted hash– Rainbow tables attack renders most short password

the same as clear text– Hash the password and salt (randomly generated

string) to obtain a hash, store the hash and the salt value

– Cannot be pre-computed because of the salt– Can be cracked by brute force if the password

strength is weakhash("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824hash("hello" + "QxLUF1bgIAdeQX") = 9e209040c863f84a31e719795b2577523954739fe5ed3b58a75cff2127075ed1hash("hello" + "bv5PehSMfV11Cd") = d1d3ec2e6f20fd420d50e2642992841d8338a314b8ea157c9e18477aaef226abhash("hello" + "YYLmfY6IehjZMQ") = a49670c3c18b9e079b9cfaf51634f563dc8ae3070db2c4a8544305df1b60f007

25

Password transmission

• Password can be transmitted to the server in different forms and through different channels– Forms: clear text V.S. hash– Channel: unencrypted V.S. encrypted

26

Password transmission

Clear text• Maybe eavesdropped

during transmission

Hash• Eavesdropper can get at

most your password’s hash

• Looks like transmitting the hash is a good idea!– Not really– If hash instead of the clear text is transmitted, the intruder can fake

the identity of the user by sending the hash

27

Password transmission

Unencrypted• No overhead• Insecure

Encrypted• Some overhead, negligible

by today’s hardware speed• Secure

• A website should use encrypted connection channel for user login whenever possible

28

Best practice on a login server

• Store the password in salted hash form• Encrypt the login page and every page if

possible• Transmit the password instead of the hash

29

How to manage our password?

• Never use the same password for different sites

30

How to manage our password?

• Never use the same password for different sites

• Use long and strong password• Use rule based methods to ease the

management of passwords

[ 密码 ]=2* （ [ 用户名标识符（小写 / 大写） ]+[ 用户名长度 ]+[.]+[ 网站标识符（大写 / 小写） ] ）

例： guokr123@gmail.com ，密码为： gk8.GM GK8.gm

songshuhui@hotmail.com 密码为： ssh10.HTSSH10.ht

31

How to manage our password?

• Use dedicated password manager– 1Password– LastPass

32

LastPass

• The last password you should remember– It saves your password and automatically fills it in

when you open a website

33

LastPass

• The last password you should remember– It generates secure password

34

LastPass

• The last password you should remember– It is safe• All your information store is encrypted using 256-bit

AES– Even if lastpass is hacked, your information will not leak

• Encrypted channel is used exclusively for all communications• Only you know the decryption key

– Lastpass has no access to your information

35

LastPass

• One thing that concerned me when I first start to use lastpass– The login key and decryption key is the same???!!!– They are not• Hash of your master key is used for login• Combination of your username and master key (in the

original form) is passed through PBKDF2-SHA256 (using a lot of iterations) to generate the decryption key• However, you do need a long and strong master

password so that recover it from the hash is infeasible

36

• References and picture source:– http://www.troyhunt.com/2011/07/science-of-pas

sword-selection.html– http://www.troyhunt.com/2011/06/brief-sony-pas

sword-analysis.html– http://www.guokr.com/article/61644/– https://xato.net/passwords/more-top-worst-pass

words/– http://crackstation.net/hashing-security.htm