|
Hacking: MD5 & SHA1 are broken
08-17-2007, 12:46 PM
|
Hacking: MD5 & SHA1 are broken
|
Posts: 5,662
Name: John Alexander
|
http://md5.rednoize.com/
This is a "search engine" for hash values. You put in a hash, and it gives you text that generates that hash value. In theory. Nothing I searched for was found.
I'm almost sure what they do is have a database, and a process that just makes up random text and stores it with the hash value. Maybe they go from a dictionary - I really don't know the specifics, I'm just guessing here. But the only way you could even TRY a search is with a reverse lookup.
For a while now we've been saying MD5 doesn't really cut the mustard. SHA1 has widely been considered a lot more secure. But it's become so popular that someone is building a honeypot ( well not really but I don't know a better word) for SHA1.
I'm not writing this to let hackers break other people's passwords. The point here is that MD5 absolutely cannot be used when security has any importance at all, and it might be time to abandon SHA1. For the mods, the whole reason behind this post ( thread?) is to bring awareness to the issue. And maybe get people to brainstorm how to not get hacked.
So, are we coming back to security by obscurity? Maybe a lesser known hash algo won't have a lookup database out there as someone's personal link bait?
|
|
|
|
|
08-17-2007, 01:22 PM
|
Re: Hacking: MD5 & SHA1 are broken
|
Posts: 2,918
Name: Keith Marshall
Location: Connecticut
|
A lot of web applications now do not rely on single layer ecryptions much. The better way is to use a mixture of the plain text hashed with a random salt that is then rehashed for a stronger encryption.
__________________
<mgraphic /> - I don't have a solution but I admire the problem.
|
|
|
|
|
08-17-2007, 01:26 PM
|
Re: Hacking: MD5 & SHA1 are broken
|
Posts: 5,662
Name: John Alexander
|
Interesting. I've been reading about salt, and I really would love to know more about how this md5 search works. I get the idea it would just make up random strings forever until it has them all, so beat salt. But if you encrypt or hash something, then add salt to the result and encrypt it again, that sounds a lot more secure.
I'm not an expert on security, although I think it's about as important as gasoline, so I want to know more about it, and more important, I think all web developers should be aware of the strengths and pitfalls. And also of trends, like if hackers are putting this stuff together, well, it's lame, but it's the way things are, so it's what we have to deal with.
|
|
|
|
|
08-17-2007, 02:20 PM
|
Re: Hacking: MD5 & SHA1 are broken
|
Posts: 2,918
Name: Keith Marshall
Location: Connecticut
|
Here is an example written in php:
PHP Code:
/**
* Return random integer
*
* @return integer
*/
function contruct_random()
{
static $seeded;
if (!$seeded)
{
mt_srand((float)microtime() * 1000000);
$seeded = true;
}
return mt_rand();
}
/**
* Hash a plaintext password
*
* @param string
*
* @return string
*/
function convert_password($plain)
{
$password = '';
for ($i = 0; $i < 10; $i++)
{
$password .= contruct_random();
}
$salt = substr(md5($password), 0, 5);
$password = md5($salt . $plain) . ':' . $salt;
return $password;
}
/**
* Validate a plaintext password
* to a stored hashed password
*
* @param string Plaintext password
* @param string Hashed password
*
* @return boolean
*/
function verify_password($plain, $password)
{
if (!empty($plain) AND !empty($password))
{
$stack = explode(':', $password);
if (count($stack) !== 2) return false;
if (md5($stack[1] . $plain) == $stack[0]) return true;
}
return false;
}
__________________
<mgraphic /> - I don't have a solution but I admire the problem.
|
|
|
|
|
08-17-2007, 04:20 PM
|
Re: Hacking: MD5 & SHA1 are broken
|
Posts: 3,621
Name: Thierry
Location: I'm the uber Spaminator !
|
Just to add my bit of salt (pun intended), this is the function I've been using for the last 4 years when I had to encrypt datas
Triple-DES + CFB with salt, I think it's pretty secure. But I'm open to criticism.
It uses the mcrypt PHP extension for the job:
PHP Code:
/**
* Main function, used to do everything
*
* What we need here are $pi_data, $pi_key and $action.
*
* @param string $pi_data The string on which we will perform the {enc|dec}ryption
* @param int $pi_key The key is used in the hash calculation.
* @param string $action Default to encrypt, if specified as decrypt, does at told to
* @param [int] $pi_iv The iv is used in the hash calculation. Better to leave at default
* @param [constant] $pi_cipher What type of encryption we want? Default to triple_des
* @param [constant] $pi_mode Which encryption mod is used ? Default is CFB
* @return string The resulting string, depending of the action
*/
function crw_crypt($pi_data, $pi_key, $action = "encrypt", $pi_iv = 0, $pi_cipher = MCRYPT_TRIPLEDES, $pi_mode = MCRYPT_MODE_CFB){
$crl = mcrypt_module_open($pi_cipher, "", $pi_mode, "")
or die("Unable to open specified module : $pi_cipher in $pi_mode mode");
$iv_lenght = mcrypt_enc_get_iv_size($crl)
or die("Unable to determine IV lenght");
$iv = substr($pi_iv, 0, $iv_lenght);
$iv = str_pad($iv, $iv_lenght, "0", STR_PAD_RIGHT);
$key_max_lenght = mcrypt_enc_get_key_size($crl);
$key = substr($pi_key, 0, $key_max_lenght);
$ret = mcrypt_generic_init($crl, $key, $iv);
if ($action == "encrypt"){
// Encrypt datas
$ret_str = mcrypt_generic($crl, $pi_data);
// Encode base64
$ret_str = base64_encode($ret_str);
}
elseif ($action == "decrypt"){
// Decode Base64
$pi_data = base64_decode($pi_data);
// Decrypt datas
$ret_str = mdecrypt_generic($crl, $pi_data);
}
else{
// Closing MCRYPT
mcrypt_generic_end($crl);
// Unknown action
die("Fatal Error : Unknown action specified");
}
mcrypt_generic_deinit($crl);
return($ret_str);
}
The base64 stuff have been added because we add problems with some funky characters when saving in specific DB, but I don't remember what those problems where.
This might be useless now, but it's not less safer anyway.
__________________
Only a biker knows why a dog sticks his head out the window.
Last edited by tripy; 08-17-2007 at 04:23 PM..
|
|
|
|
|
08-17-2007, 04:32 PM
|
Re: Hacking: MD5 & SHA1 are broken
|
Posts: 5,662
Name: John Alexander
|
No doubt trippy and mgraphic are smarter than I am on the issue. And it seems like both of them think using standard algorithms is better than using obscure ones? Even knowing about hacker tools like this one, that claims to search 25,000,000 MD5 hash values?
Although again, I have to say none of the ones I tried came up.
|
|
|
|
|
08-17-2007, 05:17 PM
|
Re: Hacking: MD5 & SHA1 are broken
|
Posts: 3,621
Name: Thierry
Location: I'm the uber Spaminator !
|
Thanks for the "smarter", John, but you are far from being dumb!
I just happens to have learned my job with competent peoples, who took security as a serious matter.
As you suggested in your first post, they surely are putting up a dictionary.
I've tried some very weak passwords (but very very weaks !), and they matched.
It was just a matter of time before someone cames up with an idea like this one.
But I feel a bit obliged to add that md5 is not to be thrown away. it's principal use today is to do checksum of a file, to be sure it's content have not been altered prior or during the transfer.
You find the hash key with almost any source file you want to download for linux, as for iso cd.
__________________
Only a biker knows why a dog sticks his head out the window.
Last edited by tripy; 08-17-2007 at 05:24 PM..
|
|
|
|
|
08-17-2007, 05:50 PM
|
Re: Hacking: MD5 & SHA1 are broken
|
Posts: 1,606
|
Quote:
|
I'm almost sure what they do is have a database, and a process that just makes up random text and stores it with the hash value. Maybe they go from a dictionary - I really don't know the specifics,
|
As I learned a couple of weeks ago while trying to recover from a hack, they will crack that hash AND add it to the database if you contact the right people on IRC.
The whole process made me consider that storing passwords in a DB may not be the smart way to do things. Comments? |
|
|
|
|
08-17-2007, 05:59 PM
|
Re: Hacking: MD5 & SHA1 are broken
|
Posts: 3,621
Name: Thierry
Location: I'm the uber Spaminator !
|
Quote:
|
The whole process made me consider that storing passwords in a DB may not be the smart way to do things.
|
Storing them in a db, in a flat file, or in a vault written on a paper is not different.
As long as you don't write them in plain text...
__________________
Only a biker knows why a dog sticks his head out the window.
|
|
|
|
|
08-17-2007, 07:46 PM
|
Re: Hacking: MD5 & SHA1 are broken
|
Posts: 3,023
Name: Forrest Croce
Location: Seattle, WA
|
"Security by obscurity" works if you're a mathematician, and can point to the weaknesses in the MD5 algorithm. Beyond "not enough bits - fast hardware got cheap" of course.
Everyone else, those of us who can't write a better algorithm than sha, really ought to leave well enough alone, and look for other holes in the system if you're worried. Netscape Navigator got themselves into a world of trouble when someone figured out the random number generator it used for cryptography ... writing good, secure crypto-code is no joke.
And obscurity is no guarantee of obscurity. I think whoever hacked Netscape just found a pattern and went from there, which is how most home grown systems will be broken ... but I know John loves .net development; in that platform if you don't obfuscate your code, it's really easy to decompile. If your source code gets out and you wrote a weak algorithm, obscurity is worthless. Notice that the best way someone has come up with to crack an sha hash is brute force. That's with the source code having been published for years.
|
|
|
|
|
« Reply to Hacking: MD5 & SHA1 are broken
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
