Your 8 char random password now means nothing

[lacion]

4 minutes ago, colonel_mortis said:

(Moved back to Tech News)

 

It's worth noting that this is specifically NTLM hashes, which means Windows passwords. Most websites will store your password using an algorithm like Blowfish, Argon2, or at least PBKDF2, which are all designed to resist brute force as much as possible. On my laptop (i7 6500U, integrated graphics) I get 235,000,000 H/s for NTLM, but only 131 H/s on Blowfish.

Your Windows password can be brute forced if someone obtains access to the password store file, but your LTT (blowfish) password is much more secure.

131H/s on blowfish is very slow, compared to for example https://www.netmux.com/blog/how-to-build-a-password-cracking-rig

 

they were getting 43551 H/s on 4 1070 GPU´s  the article has a very long list of what was possible with that hardware and a lot of different algo´s 

[Syntaxvgm]

8 minutes ago, colonel_mortis said:

(Moved back to Tech News)

 

It's worth noting that this is specifically NTLM hashes, which means Windows passwords. Most websites will store your password using an algorithm like Blowfish, Argon2, or at least PBKDF2, which are all designed to resist brute force as much as possible. On my laptop (i7 6500U, integrated graphics) I get 235,000,000 H/s for NTLM, but only 131 H/s on Blowfish.

Your Windows password can be brute forced if someone obtains access to the password store file, but your LTT (blowfish) password is much more secure.

1 minute ago, lacion said:

131H/s on blowfish is very slow, compared to for example https://www.netmux.com/blog/how-to-build-a-password-cracking-rig

 

they were getting 43551 H/s on 4 1070 GPU´s  the article has a very long list of what was possible with that hardware and a lot of different algo´s 

I persoanlly use hootie

[WereCatf]

1 minute ago, yian88 said:

i still dont understand this nonesense of hashes and forcing bullshit

no website email or banks will accept 100GH/s of password attempts it will long block such attempts before you try even 100 passwords

its only valid for offline stuff like archives or maybe encrypted phones but not even that, how do you hack your phone to accept so many passwords attempts, im sure there is something missing here that i dont understand, you cant brute force anything online with a server login

unless they obtain server database of passwords and then use this hash hack?  which means none of your passwords was any safe if a hacker used a couple powerfull computers  even before 2080ti as long he had a database copy

It has been said multiple times in this thread that this has nothing to do with hacking into phones or such or online-services: you have surely heard of all these big breaches of all sorts of big websites? The hackers obtain copies of the password-databases and such, then they work offline on those databases, trying to turn the password-hashes into the actual passwords, so they can then be used.

 

Also, the claim that those password were never any safe is just wrong: cracking e.g. a 10-character random password hashed with bcrypt would take thousands of years even on extremely powerful hardware. It's all about the cipher that was used to make the hash -- you can have literal supercomputers work at it, but if the cipher is strong and the password is a long, random one, there is no way of obtaining the password in any sort of a reasonable amount of time.

[WereCatf]

7 minutes ago, captain_to_fire said:

No wonder you're the keeper of the private keys...

 

I'm not really that familiar with password encryption protocols other than salting and hashing a password but is the blowfish cipher for passwords the same some VPN providers use?

VPN-providers don't encrypt the on-the-fly data with your password, that'd be idiotic. It's an entirely different mechanism at play there.

[colonel_mortis]

18 minutes ago, captain_to_fire said:

No wonder you're the keeper of the private keys...

 

I'm not really that familiar with password encryption protocols other than salting and hashing a password but is the blowfish cipher for passwords the same some VPN providers use?

Blowfish is a very popular (and still considered strong) password hashing algorithm, so it's fairly likely that some VPN providers will use it for storing your password. The hash algorithm only protects against someone accessing accounts after compromising the database - the actual data transferred will be encrypted using a symmetric cipher, almost certainly AES.

 

16 minutes ago, lacion said:

131H/s on blowfish is very slow, compared to for example https://www.netmux.com/blog/how-to-build-a-password-cracking-rig

 

they were getting 43551 H/s on 4 1070 GPU´s  the article has a very long list of what was possible with that hardware and a lot of different algo´s 

Yeah, I ran that on my low power laptop. The point is how much slower Blowfish is than NTLM. Even at 43551 H/s, it would take >25 days to brute force an 8 character entirely lower case password, and >3 million years 2.5 millenia to brute force an 8 character mixed upper/lower/numeric password.

Edited February 14, 2019 by colonel_mortis
Got my maths wrong

[lacion]

3 minutes ago, colonel_mortis said:

Blowfish is a very popular (and still considered strong) password hashing algorithm, so it's fairly likely that some VPN providers will use it for storing your password. The hash algorithm only protects against someone accessing accounts after compromising the database - the actual data transferred will be encrypted using a symmetric cipher, almost certainly AES.

 

Yeah, I ran that on my low power laptop. The point is how much slower Blowfish is than NTLM. Even at 43551 H/s, it would take >25 days to brute force an 8 character entirely lower case password, and >3 million years to brute force an 8 character mixed upper/lower/numeric password.

 

that is correct, but maybe missing a bit on the advancements of the last 2/3 years here.

 

if you see the official hashcat benchmarks, they were doing about 13000 H/s with 8 1080 a few years ago, the link above was on 43000 H/s with 4 1070, i just ran the benchmark locally on my 2080ti and am getting 40000 H/s with a single card. on hashcat 5.x without the new branch making use of the new tensor cores on the rtx series cards. and 2080ti is a lot cheaper than a tesla card or a Quadro meaning having farms of this thing churning hashes just became a lot more cheaper.

[WereCatf]

1 minute ago, colonel_mortis said:

The point is how much slower Blowfish is than NTLM. Even at 43551 H/s, it would take >25 days to brute force an 8 character entirely lower case password, and >3 million years to brute force an 8 character mixed upper/lower/numeric password.

You keep ninjaing what I was just about to write I was about to say that with just the English alphabet, upper- and lowercase, and a couple of special characters, for 56 different characters per position, a 10-character password would have 303305489096114176 different combinations -- with 43551 H/s speed, that'd be about 6964374850086 seconds, 116072914168 minutes, 1934548569 hours, 80606190 days, 2686873 months, 223906 years, 22390 decades, 2239 centuries or 224 millenniums.

 

Even a ten-fold speed-increase would be nothing.

[Teddy07]

1 hour ago, lacion said:

the new benchmark for hashcat means that now the entire keyspace or every possible combination of upper, lower, numbers, symbols of an 8 character password can be guessed in 2.5 hours using x8 2080 ti´s

1

Let's assume that a hacker got access to a database and got all login and passwords (hashed).

 

I assume the 2,5 are needed for every cracking every single password since the hacker doesn´t know the hash function? Or does the know enough after a few cracked passwords so he doesn´t need to crack the rest with brute force?

 

We recently had a class about security but I forgot to ask this question. I think I gotta visit his office because it interests me.

[WereCatf]

19 minutes ago, Teddy07 said:

Let's assume that a hacker got access to a database and got all login and passwords (hashed).

 

I assume the 2,5 are needed for every cracking every single password since the hacker doesn´t know the hash function? Or does the know enough after a few cracked passwords so he doesn´t need to crack the rest with brute force?

For any good cipher, every single password-hash is completely separate from the others; cracking one password doesn't speed up the cracking of the other passwords, so each and every single hash has to be cracked separately. There are also less-good ciphers, like NTLM, where this doesn't entirely apply.

[colonel_mortis]

6 minutes ago, Teddy07 said:

Let's assume that a hacker got access to a database and got all login and passwords (hashed).

 

I assume the 2,5 are needed for every cracking every single password since the hacker doesn´t know the hash function? Or does the know enough after a few cracked passwords so he doesn´t need to crack the rest with brute force?

 

We recently had a class about security but I forgot to ask this question. I think I gotta visit his office because it interests me.

It is always assumed that the attacker knows the hash function. It wouldn't be hard to find out what hash function it is - if your own password is included in the dump, just hash your password under a bunch of hash functions until you get a match.

 

For the specific hash function discussed here, NTLM (the Windows password hash algorithm), there is no salt. This means that the attacker doesn't have to target any specific user - they just calculate the hash of each 8 character password, and see whether any users match that.

 

For a more secure hash function, such as blowfish (used by LTT), each password has a unique salt added, which means the attacker has to brute force the password for each user individually. If two users have the same password, the hashes will be different because the salts were different. If that were the case for NTLM, it would take 2.5 hours per user. For blowfish, the time taken to brute force every 8 upper/lower/numeric character password is measured in millennia, and that is per hash to be cracked.

 

In theory, and in practice for the hash functions that are used for passwords, the attacker learns nothing about hash(A) by computing hash(B), for any A ≠ B. This means that they have no choice but to brute force if they want to crack the hash.

[Bananasplit_00]

this is pretty interesting news tbh

[Teddy07]

2 minutes ago, colonel_mortis said:

For a more secure hash function, such as blowfish (used by LTT), each password has a unique salt added, which means the attacker has to brute force the password for each user individually. If two users have the same password, the hashes will be different because the salts were different. If that were the case for NTLM, it would take 2.5 hours per user. For blowfish, the time taken to brute force every 8 upper/lower/numeric character password is measured in millennia, and that is per hash to be cracked..

2

Ah right the salt but this also causes the problem where to safely store the salt. If someone has access to the database then the salt is at risk too. 

 

3 minutes ago, colonel_mortis said:

if your own password is included in the dump, just hash your password under a bunch of hash functions until you get a match.

 

ok, but the hacker would only know if the hash function is correct in his case? I mean he would have to test it for a ton of cases to be sure?

 

Thanks for your informative post

[colonel_mortis]

1 minute ago, Teddy07 said:

Ah right the salt but this also causes the problem where to safely store the salt. If someone has access to the database then the salt is at risk too. 

The salt is assumed to be known to the attacker too, and is stored along with the hash in the database. The salt just exists to make H_{colonel_mortis}(r00t) ≠ H_Teddy07(r00t), so the attacker has to brute force each user (or technically each salt, but the salt should be sufficiently random that no two users have the same salt) separately.

1 minute ago, Teddy07 said:

ok, but the hacker would only know if the hash function is correct in his case? I mean he would have to test it for a ton of cases to be sure?

 

Thanks for your informative post

In the standard format for storing hashes, the hash algorithm is actually encoded with the hash, so that even if the hash algorithm used for new passwords has been changed, you can easily know which hash function to use to check the password.

 

The hash function is assumed to be public knowledge - the only thing that protects the password is the fact that actually computing the hash function, to brute force the password, is intentionally very computationally hard. If it takes 10,000 years to try all of the hash combinations for one salt, there's no way to precompute a table of hashes for all salts either (and to make the hashes practical to store, you need to use a datastructure like a Rainbow Table, which requires lots more uses of the hash function, making it even less possible).

 

However, assuming they don't know the hash function, they can be pretty sure that they have found the correct hash function as soon as they find one that produces a matching output - the probability of any given hash function producing a given output for a given input is 2^-128, or 0.000000000000000000000000000000000000003%.

[Taf the Ghost]

We found a use for Tensor Cores? Nice!

[Teddy07]

35 minutes ago, colonel_mortis said:

...

 

I soon participate in an exam about operating systems where hashing is a small part in the security chapter. You helped me to better understand the topic because I had a few fallacies. So thank you very much

Starting to learn tomorrow

[Arika]

Nothing is secure, Everything is Exposed

 

[iLostMyXbox21]

*looks at my youtube channel*

*realizes the password is easy to guess*

*realizes it’s my password for everything*

 

 

 

 

 

Spoiler

Well shit

 

[Guest]

I'm more worried about my wifi honestly, since this kind of attack is common for WPA

 

Well I changed the password to a 16 long with special characters in it, I should be safe until the RTX 19999 Ti

 

[bcredeur97]

2 hours ago, colonel_mortis said:

(Moved back to Tech News)

 

It's worth noting that this is specifically NTLM hashes, which means Windows passwords. Most websites will store your password using an algorithm like Blowfish, Argon2, or at least PBKDF2, which are all designed to resist brute force as much as possible. On my laptop (i7 6500U, integrated graphics) I get 235,000,000 H/s for NTLM, but only 131 H/s on Blowfish.

Your Windows password can be brute forced if someone obtains access to the password store file, but your LTT (blowfish) password is much more secure.

another important note is that Active Directory uses Kerberos rather than NTLM, which is also much more secure.

So the applications of this are actually pretty limited either requiring an attacker to have physical access to your machine, or some very sophisticated malware that'd likely be caught and patched or at least dumped into AV databases sooo quickly...

I don't think anyone has reason to worry, really.

 

MS should probably deprecate NTLM for local device users though

[Mihle]

2 hours ago, Cyracus said:

(someone did it to Linus a while back)

The 2 step Linus used then was from my knowledge 2 step codes over SMS that the hacker got. Not 2 step via an app.

 

The hacker called whoever company owns his SIM card, and got them to send the hacker a new SIM card that had his(Linus) number(was easier than it should have been). Hacker just put it in a phone and voila, the hacker got the codes over SMS that went to that number.

 

Edit: fixed typo and made it easier to understand

[bcredeur97]

1 minute ago, Mihle said:

The 2 step Linus used then was from my knowledge 2 step codes over SMS that the hacker got. Not 2 step via an app.

 

The hacker called whoever company owns the sun card, and for them to send the hacker a new SIM card (was easier than it should have been). Hacker just put it in a phone and voila, the hacker got the codes over SMS that went to that number.

ah, gotta love social engineering. So terrifying

[captain_to_fire]

50 minutes ago, Mihle said:

The 2 step Linus used then was from my knowledge 2 step codes over SMS that the hacker got. Not 2 step via an app.

This is why Linus is now using a U2F key to sign in through his email. I don’t know why Linus didn’t filed a litigation against his wireless carrier for reactivating his old SIM card. 

[tbake0155]

2 hours ago, colonel_mortis said:

(Moved back to Tech News)

 

It's worth noting that this is specifically NTLM hashes, which means Windows passwords. Most websites will store your password using an algorithm like Blowfish, Argon2, or at least PBKDF2, which are all designed to resist brute force as much as possible. On my laptop (i7 6500U, integrated graphics) I get 235,000,000 H/s for NTLM, but only 131 H/s on Blowfish.

Your Windows password can be brute forced if someone obtains access to the password store file, but your LTT (blowfish) password is much more secure.

I came to say this.  Not all passwords are hashed using the same algorithm. 

 

Plus, pre-computing rainbow tables for 8 characters is quite feasible, so 8 character long passwords have been pretty insecure for a while.

[Thaldor]

2 hours ago, colonel_mortis said:

Yeah, I ran that on my low power laptop. The point is how much slower Blowfish is than NTLM. Even at 43551 H/s, it would take >25 days to brute force an 8 character entirely lower case password, and >3 million years 2.5 millenia to brute force an 8 character mixed upper/lower/numeric password.

Not really on the matter but I have always found it kind of funny how people talk about passwords or similar being brute forced in X time. Usually what they mean is that with their hardware it would take that X time to go through every single possibility there is while in practice it would take around half of that time for the password to crack, because mathematics and probability.

[colonel_mortis]

Just now, Thaldor said:

Not really jumping on the matter but I have always found it kind of funny how people talk about passowrds or similar being brute forced in X time. Usually what they mean is that with their hardware it would take that X time to go through every single possibility there is while in practice it would take around half of that time for the password to crack, because mathematics and probability.

Yeah, it's an often overlooked subtlety, though I have already halved those numbers (26⁸/43551/86400 = 55.5 days to test all passwords, so an average cracking time assuming a completely random password of 27.25 days).