skip to main |
skip to sidebar
Such systems can only operate against off-line password lists, but
given the number of system breaches leading to massive password leaks
throughout 2012, it should be enough to make websites reconsider how
they store user passwords, and how users choose and use their passwords.
There are two primary methods used by attackers to recover the
plaintext password from a hash: brute force and dictionary attacks.
Brute force involves re-hashing every possible combination of characters
and comparing the result to the stored hash until a match is found and
the plaintext password discovered.
Dictionary attacks involve
pre-computed tables of the more likely passwords: names, places, words
etcetera. The target hash is checked against the dictionary to find the
password. Dictionary attacks have proven very successful because users
tend to use obvious passwords that they can easily remember.
Salting is used to defeat dictionary attacks. A random value is added to
each plaintext password before it is hashed, making it almost
impossible to include the result in a dictionary. As a result, passwords
stored as salted hashes can effectively only be recovered by brute
force. But what Jeremi Gosney, founder and CEO of Stricture Consulting
Group, demonstrated last week is that improved software and more powerful hardware is making brute force increasingly feasible. While he used a cluster of 25 GPUs, it is worth noting that Jens Steube, the author of Hashcat, has added VCL support for up to 128 AMD GPUs in oclHashcat-plus v0.09.
In raw terms Gosney’s system processed 348 billion guesses per second
against NTLM hashes, 180 billion g/s against MD5, 63 billion against
SHA1, and 20 billion against LM. These are known as ‘fast’ hashes – the
computation is done rapidly to benefit the user; but clearly it also
benefits a brute force attacker. To make things more difficult for the
attacker, cryptographers have developed ‘slow’ hashes. While the extra
computing time is hardly noticeable to the user (and could be further
disguised by a requirement to complete a CAPTCHA process), Gosney shows
that it has a dramatic effect on brute forcing. His system processed 77
million guesses per second against md5crypt, 364,000 guesses against
sha512crypt and a relatively tiny 71,000 against bcrypt.
The implication of Gosney’s findings are that websites should
consider moving to or using a modern slow hash to defeat brute force
attacks, with added salting to beat the dictionary attacks. Users,
however, should seriously consider that 8-character passwords are no
longer sufficient, and should rather use long passwords to help defeat
brute forcing, and complex passwords to help defeat dictionary attacks.
Furthermore, of course, users should not use the same password on
multiple accounts: if it is recovered from a weakly defended website,
there is no need for the attacker to expend the time and effort cracking
it in a well-defended website.
Algorithms Of Some Hashing Modules
DES(Unix)
Example: IvS7aeT4NzQPM
Used in Linux and other similar OS.
Length: 13 characters.
Description: The first two characters are the salt (random characters;
in our example the salt is the string "Iv"), then there follows the
actual hash.
Domain Cached Credentials
Example: Admin:b474d48cdfc4974d86ef4d24904cdd91
Used for caching passwords of Windows domain.
Length: 16 bytes.
Algorithm: MD4(MD4(Unicode($pass)).Unicode(strtolower($username)))
MD5(Unix)
Example: $1$12345678$XM4P3PrKBgKNnTaqG9P0T/
Used in Linux and other similar OS.
Length: 34 characters.
Description: The hash begins with the $1$ signature, then there goes the
salt (up to 8 random characters; in our example the salt is the string
"12345678"), then there goes one more $ character, followed by the
actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 2000 times.
MD5(APR)
Example: $apr1$12345678$auQSX8Mvzt.tdBi4y6Xgj.
Used in Linux and other similar OS.
Length: 37 characters.
Description: The hash begins with the $apr1$ signature, then there goes
the salt (up to 8 random characters; in our example the salt is the
string "12345678"), then there goes one more $ character, followed by
the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 2000 times.
MD5(phpBB3)
Example: $H$9123456785DAERgALpsri.D9z3ht120
Used in phpBB 3.x.x.
Length: 34 characters.
Description: The hash begins with the $H$ signature, then there goes one
character (most often the number '9'), then there goes the salt (8
random characters; in our example the salt is the string "12345678"),
followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 2048 times.
MD5(Wordpress)
Example: $P$B123456780BhGFYSlUqGyE6ErKErL01
Used in Wordpress.
Length: 34 characters.
Description: The hash begins with the $P$ signature, then there goes one
character (most often the number 'B'), then there goes the salt (8
random characters; in our example the salt is the string "12345678"),
followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 8192 times.
MySQL
Example: 606717496665bcba
Used in the old versions of MySQL.
Length: 8 bytes.
Description: The hash consists of two DWORDs, each not exceeding the value of 0x7fffffff.
MySQL5
Example: *E6CC90B878B948C35E92B003C792C46C58C4AF40
Used in the new versions of MySQL.
Length: 20 bytes.
Algorithm: SHA-1(SHA-1($pass))
Note: The hashes are to be loaded to the program without the asterisk that stands in the beginning of each hash.
RAdmin v2.x
Example: 5e32cceaafed5cc80866737dfb212d7f
Used in the application Remote Administrator v2.x.
Length: 16 bytes.
Algorithm: The password is padded with zeros to the length of 100 bytes,
then that entire string is hashed with the MD5 algorithm.
MD5
Example: c4ca4238a0b923820dcc509a6f75849b
Used in phpBB v2.x, Joomla version below 1.0.13 and many other forums and CMS.
Length: 16 bytes.
Algorithm: Same as the md5() function in PHP.
md5($pass.$salt)
Example: 6f04f0d75f6870858bae14ac0b6d9f73:1234
Used in WB News, Joomla version 1.0.13 and higher.
Length: 16 bytes.
md5($salt.$pass)
Example: f190ce9ac8445d249747cab7be43f7d5:12
Used in osCommerce, AEF, Gallery and other CMS.
Length: 16 bytes.
md5(md5($pass))
Example: 28c8edde3d61a0411511d3b1866f0636
Used in e107, DLE, AVE, Diferior, Koobi and other CMS.
Length: 16 bytes.
md5(md5($pass).$salt)
Example: 6011527690eddca23580955c216b1fd2:wQ6
Used in vBulletin, IceBB.
Length: 16 bytes.
md5(md5($salt).md5($pass))
Example: 81f87275dd805aa018df8befe09fe9f8:wH6_S
Used in IPB.
Length: 16 bytes.
md5(md5($salt).$pass)
Example: 816a14db44578f516cbaef25bd8d8296:1234
Used in MyBB.
Length: 16 bytes.
md5($salt.$pass.$salt)
Example: a3bc9e11fddf4fef4deea11e33668eab:1234
Used in TBDev.
Length: 16 bytes.
md5($salt.md5($salt.$pass))
Example: 1d715e52285e5a6b546e442792652c8a:1234
Used in DLP.
Length: 16 bytes.
SHA-1
Example: 356a192b7913b04c54574d18c28d46e6395428ab
Used in many forums and CMS.
Length: 20 bytes.
Algorithm: Same as the sha1() function in PHP.
sha1(strtolower($username).$pass)
Example: Admin:6c7ca345f63f835cb353ff15bd6c5e052ec08e7a
Used in SMF.
Length: 20 bytes.
sha1($salt.sha1($salt.sha1($pass)))
Example: cd37bfbf68d198d11d39a67158c0c9cddf34573b:1234
Used in Woltlab BB.
Length: 20 bytes.
SHA-256(Unix)
Example: $5$12345678$jBWLgeYZbSvREnuBr5s3gp13vqiKSNK1rkTk9zYE1v0
Used in Linux and other similar OS.
Length: 55 characters.
Description: The hash begins with the $5$ signature, then there goes the
salt (up to 8 random characters; in our example the salt is the string
"12345678"), then there goes one more $ character, followed by the
actual hash.
Algorithm: Actually that is a loop calling the SHA-256 algorithm 5000 times.
SHA-512(Unix)
Example: $6$12345678$U6Yv5E1lWn6mEESzKen42o6rbEmFNLlq6Ik9X3reMXY3doKEuxrcDohKUx0Oxf44aeTIxGEjssvtT1aKyZHjs
Used in Linux and other similar OS.
Length: 98 characters.
Description: The hash begins with the $6$ signature, then there goes the
salt (up to 8 random characters; in our example the salt is the string
"12345678"), then there goes one more $ character, followed by the
actual hash.
Algorithm: Actually that is a loop calling the SHA-512 algorithm 5000 times.
SHA-1(Django) = sha1($salt.$pass)
Example: sha1$12345678$90fbbcf2b72b5973ae42cd3a19ab4ae8a1bd210b
12345678 is salt (in the hexadecimal format)
90fbbcf2b72b5973ae42cd3a19ab4ae8a1bd210b is SHA-1 hash.
SHA-256(Django) = SHA-256($salt.$pass)
Example: sha256$12345678$154c4c511cbb166a317c247a839e46cac6d9208af5b015e1867a84cd9a56007b
12345678 is salt (in the hexadecimal format)
154c4c511cbb166a317c247a839e46cac6d9208af5b015e1867a84cd9a56007b is SHA-256 hash.
SHA-384(Django) = SHA-384($salt.$pass)
Example: sha384$12345678$c0be393a500c7d42b1bd03a1a0a76302f7f472fc132f11ea6373659d0bd8675d04e12d8016d83001c327f0ab70843dd5
12345678 is salt (in the hexadecimal format)
c0be393a500c7d42b1bd03a1a0a76302f7f472fc132f11ea6373659d0bd8675d04e12d8016d83001c327f0ab70843dd5 is SHA-384 hash.
SHA-1(ManGOS) = sha1(strtoupper($username).':'.$pass)
SHA-1(ManGOS2) = sha1($username.':'.$pass)
MD5(Custom) = '=='.md5(md5(md5($pass).md5($pass).md5($pass).md5($pass)))
md5(3 x strtoupper(md5($pass))) = md5(strtoupper(md5(strtoupper(md5(strtoupper(md5($pass)))))))
MD5(ZipMonster) = 50000 x strtoupper(md5(strtoupper($pass)))
Notes:
[1] Since the hashing requires not
only a password but also a salt (or a user name), which is unique for
each user, the attack speed for such hashes will decline proportionally
to their count (for example, attacking 100 hashes will go 100 times
slower than attacking one hash).
[2] The hash is to be loaded to the
program in full, to the "Hash" column - the program will automatically
extract the salt and other required data from it.
[3] The ':' character can be used as
salt; however, since it is used by default for separating hash and salt
in PasswordsPro, it is recommended that you use a different character
for separating fields; e.g., space.
[4] Salt can contain special
characters - single or double quotes, as well as backslash, which are
preceded (after obtaining dumps from MySQL databases) by an additional
backslash, which is to be removed manually. For example, the salt to be
loaded to the program would be a'4 instead of a\'4, as well as the salts
a"4 instead of a\"4 and a\4 instead of a\\4.
