Hacker, Hack Thyself

[chan] newswire
Jul 4 20:27

Jeff Atwood Fri, 02 Jun 2017 08:11:16 GMT We've read so many sad stories about communities that were fatally compromised or destroyed due to security exploits. We took that lesson to heart when we founded the Discourse <https://discourse.org> project; we endeavor to build open source software that is secure and safe for communities by default, even if there are thousands, or millions, of them out there. However, we also value /portability/, the ability to get your data into and out of Discourse at will. This is why Discourse, unlike other forum software, defaults to a Creative Commons license. As a basic user on any Discourse you can easily export and download all your posts right from your user page. Discourse Download All Posts As a site owner, you can easily back up and restore your entire site database from the admin panel, right in your web browser. Automated weekly backups are set up for you out of the box, too. I'm not the world's foremost expert on backups <https://blog.codinghorror.com/international-backup-awareness-day/> for nothing, man! Discourse database backup download Over the years, we've learned that balancing security and data portability can be tricky. You bet your sweet ASCII a *full database download* is what hackers start working toward the minute they gain any kind of foothold in your system. It's the ultimate prize. To mitigate this threat, we've slowly tightened restrictions around Discourse backups in various ways: * Administrators have a minimum password length of 15 characters. * Both backup creation and backup download administrator actions are formally logged. * Backup download tokens are single use and emailed to the address of the administrator, to confirm that user has full control over the email address. The name of the security game is defense in depth, so all these hardening steps help … but we still need to *assume that Internet Bad Guys will somehow get a copy of your database*. And then what? Well, what's in the database? * Identity cookies Cookies are, of course, how the browser can tell who you are. Cookies are usually stored as hashes, rather than the actual cookie value, so having the hash doesn't let you impersonate the target user. Furthermore, most modern web frameworks rapidly cycle cookies, so they are only valid for a brief 10 to 15 minute window anyway. * Email addresses Although users have reason to be concerned about their emails being exposed, very few people treat their email address as anything particularly precious these days. * All posts and topic content Let's assume for the sake of argument that this is a fully public site and nobody was posting anything particularly sensitive there. So we're not worried, at least for now, about trade secrets or other privileged information being revealed, since they were all public posts anyway. If we were, that's a whole other blog post I can write at a later date. * Password hashes What's left is *the password hashes*. And that's … a serious problem indeed <https://blog.codinghorror.com/speed-hashing/>. Now that the attacker has your database, they can crack your password hashes with large scale offline attacks <https://blog.codinghorror.com/your-password-is-too-damn-short/>, using the full resources of any cloud they can afford. And once they've cracked a particular password hash, *they can log in as that user … forever*. Or at least until that user changes their password. ⚠️ That's why, if you know (or even suspect!) your database was exposed, the very first thing you should do is reset everyone's password. Discourse database password hashes But what if you /don't/ know? Should you preemptively reset everyone's password every 30 days, like the world's worst bigco IT departments? That's downright user hostile, and leads to serious pathologies of its own. The reality is that you probably /won't/ know when your database has been exposed, at least not until it's too late to do anything about it. So it's crucial to slow the attackers down, to give yourself time to deal with it and respond. Thus, the only real protection you can offer your users is just how resistant to attack your stored password hashes are. There are two factors that go into password hash strength: 1. *The hashing algorithm*. As slow as possible, and ideally designed to be /especially/ slow on GPUs for reasons that will become painfully obvious about 5 paragraphs from now. 2. *The work factor* or *number of iterations*. Set this as high as possible, without opening yourself up to a possible denial of service attack. I've seen guidance that said you should set the overall work factor high enough that hashing a password takes at least 8ms on the target platform. It turns out Sam Saffron <https://samsaffron.com/>, one of my Discourse co-founders, made a good call back in 2013 when he selected the NIST recommendation of *PBKDF2-HMAC-SHA256* and *64k iterations*. We measured, and that indeed takes roughly 8ms using our existing Ruby login code on our current (fairly high end, Skylake 4.0 Ghz) servers. But that was 4 years ago. Exactly how secure are our password hashes in the database today? Or 4 years from now, or 10 years from now? We're building open source software for the long haul, and we need to be sure we are making reasonable decisions that protect everyone. So in the spirit of designing for evil <https://blog.codinghorror.com/designing-for-evil/>, it's time to put on our Darth Helmet and play the bad guy – *let's crack our own hashes!* We're gonna use the biggest, baddest single GPU out there at the moment, the GTX 1080 Ti <https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a270c40#gistcomment-2060753>. As a point of reference, for PBKDF2-HMAC-SHA256 the 1080 achieves 1180 kH/s, whereas the 1080 Ti achieves 1640 kH/s. In a /single/ video card generation the attack hash rate has increased nearly 40 percent. Ponder that. First, a tiny hello world test to see if things are working. I downloaded hashcat <https://hashcat.net/hashcat/>. I logged into our demo at try.discourse.org and created a new account with the password |0234567890|; I checked the database, and this generated the following values in the hash and salt database columns for that new user: hash |93LlpbKZKficWfV9jjQNOSp39MT0pDPtYx7/gBLl5jw=| salt |ZWVhZWQ4YjZmODU4Mzc0M2E2ZDRlNjBkNjY3YzE2ODA=| Hashcat requires the following input file format: one line per hash, with the hash type, number of iterations, salt and hash (base64 encoded) separated by colons: |type iter salt hash sha256:64000:ZWVhZWQ4YjZmODU4Mzc0M2E2ZDRlNjBkNjY3YzE2ODA=:93LlpbKZKficWfV9jjQNOSp39MT0pDPtYx7/gBLl5jw= | Let's hashcat it up and see if it works: |./h64 -a 3 -m 10900 .\one-hash.txt 0234567?d?d?d| Note that this is an intentionally tiny amount of work, it's only guessing three digits. And sure enough, we cracked it fast! See the password there on the end? We got it. |sha256:64000:ZWVhZWQ4YjZmODU4Mzc0M2E2ZDRlNjBkNjY3YzE2ODA=:93LlpbKZKficWfV9jjQNOSp39MT0pDPtYx7/gBLl5jw=:0234567890| Now that we know it works, let's get down to business. But we'll start easy. How long does it take to brute force attack *the easiest possible Discourse password, 8 numbers* – that's "only" 10^8 combinations, a little over one hundred million. |Hash.Type........: PBKDF2-HMAC-SHA256 Time.Estimated...: Fri Jun 02 00:15:37 2017 (1 hour, 0 mins) Guess.Mask.......: ?d?d?d?d?d?d?d?d [8] | Even with a top of the line GPU that's … OK, I guess. Remember this is just one hash we're testing against, so you'd need one hour per row (user) in the table. And I have more bad news for you: Discourse hasn't allowed 8 character passwords for quite some time now <https://blog.codinghorror.com/your-password-is-too-damn-short/>. How long does it take if we try longer numeric passwords? |?d?d?d?d?d?d?d?d?d [9] Fri Jun 02 10:34:42 2017 (11 hours, 18 mins) ?d?d?d?d?d?d?d?d?d?d [10] Tue Jun 06 17:25:19 2017 (4 days, 18 hours) ?d?d?d?d?d?d?d?d?d?d?d [11] Mon Jul 17 23:26:06 2017 (46 days, 0 hours) ?d?d?d?d?d?d?d?d?d?d?d?d [12] Tue Jul 31 23:58:30 2018 (1 year, 60 days) | But all digit passwords are easy mode, for babies! How about some /real/ passwords that use at least lowercase letters, or lowercase + uppercase + digits? |Guess.Mask.......: ?l?l?l?l?l?l?l?l [8] Time.Estimated...: Mon Sep 04 10:06:00 2017 (94 days, 10 hours) Guess.Mask.......: ?1?1?1?1?1?1?1?1 [8] (-1 = ?l?u?d) Time.Estimated...: Sun Aug 02 09:29:48 2020 (3 years, 61 days) | A brute force try-every-single-letter-and-number attack is not looking so hot for us at this point, even with a high end GPU. But what if we divided the number by *eight* … by putting eight video cards in a single machine? <https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a270c40> That's well within the reach of a small business budget or a wealthy individual. Unfortunately, dividing 38 months by 8 isn't such a dramatic reduction in the time to attack. Instead, let's talk about nation state attacks where they have the budget to throw /thousands/ of these GPUs at the problem (1.1 days), maybe even /tens of thousands/ (2.7 hours), then … yes. Even allowing for 10 character password minimums, you are in serious trouble at that point. If we want Discourse to be nation state attack resistant, clearly we'll need to do better. Hashcat has a handy benchmark mode, and here's a sorted list of the strongest (slowest) hashes that Hashcat knows about <https://docs.google.com/spreadsheets/d/1iwoMR5TBYAZ5eiSphkIQfIEfbrVvWW_tKwS4L1cYlaI/pubhtml?gid=0&single=true> benchmarked on a rig with 8 Nvidia GTX 1080 GPUs. Of the things I recognize on that list, *bcrypt*, *scrypt* and *PBKDF2-HMAC-SHA512* stand out. My quick hashcat results gave me some confidence that we weren't doing anything terribly wrong with the Discourse password hashes stored in the database. But I wanted to be /completely sure/, so I hired someone with a background in security and penetration testing to, under a signed NDA, try cracking the password hashes of two live and very popular Discourse sites we currently host <https://discourse.org/customers>. I was provided two sets of password hashes from two different Discourse communities, containing 5,909 and 6,088 hashes respectively. Both used the PBKDF2-HMAC-SHA256 algorithm with a work factor of 64k. Using hashcat, my Nvidia GTX 1080 Ti GPU generated these hashes at a rate of ~27,000/sec. Common to all discourse communities are various password requirements: * All users must have a minimum password length of 10 characters. * All administrators must have a minimum password length of 15 characters. * Users cannot use any password matching a blacklist of the 10,000 most commonly used passwords. * Users can choose to create a username and password or use various third party authentication mechanisms (Google, Facebook, Twitter, etc). If this option is selected, a secure random 32 character password is autogenerated. It is not possible to know whether any given password is human entered, or autogenerated. Using common password lists and masks, I cracked 39 of the 11,997 hashes in about three weeks, 25 from the ████████ community and 14 from the ████████ community. This is a security researcher who commonly runs these kinds of audits, so all of the attacks used *wordlists*, along with known effective patterns and masks <https://hashcat.net/wiki/doku.php?id=mask_attack> derived from the researcher's previous password cracking experience, instead of raw brute force. That recovered the following passwords (and one duplicate): |007007bond| |123password| |1qaz2wsx3e| |A3eilm2s2y| |Alexander12| |alexander18| |belladonna2| |Charlie123| |Chocolate1| |christopher8| |Elizabeth1| |Enterprise01| |Freedom123| |greengrass123| |hellothere01| |I123456789| |Iamawesome| |khristopher| |l1ghthouse| |l3tm3innow| |Neversaynever| |password1235| |pittsburgh1| |Playstation2| |Playstation3| |Qwerty1234| |Qwertyuiop1| |qwertyuiop1234567890| |Spartan117| |springfield0| |Starcraft2| |strawberry1| |Summertime| |Testing123| |testing1234| |thecakeisalie02| |Thirteen13| |Welcome123| If we multiply this effort by 8, and double the amount of time allowed, it's conceivable that a /very/ motivated attacker, or one with a sophisticated set of wordlists and masks <https://arstechnica.com/security/2013/10/how-the-bible-and-youtube-are-fueling-the-next-frontier-of-password-cracking/>, could eventually recover 39 × 16 = 624 passwords, or about *five percent* of the total users. That's reasonable, but higher than I would like. We absolutely plan to add a hash type table in future versions of Discourse, so we can switch to an even more secure (read: much slower <http://www.pxdojo.net/2015/08/what-i-learned-from-cracking-4000.html>) password hashing scheme in the next year or two. |bcrypt $2*$, Blowfish (Unix) 20273 H/s scrypt 886.5 kH/s PBKDF2-HMAC-SHA512 542.6 kH/s PBKDF2-HMAC-SHA256 1646.7 kH/s | After this exercise, I now have a much deeper understanding of our worst case security scenario, a database compromise combined with a professional offline password hashing attack. I can also more confidently recommend and stand behind our engineering work in making Discourse secure for everyone. So if, like me, you're not entirely sure you are doing things securely, it's time to put those assumptions to the test. Don't wait around for hackers to attack you — *hacker, hack thyself!* [advertisement] At Stack Overflow, we put developers first. We already help you find answers to your tough coding questions; now let us help you find your next job <http://careers.stackoverflow.com>.

[chan] newswire

Subject Last Count
Your privacy - VPN & Firefox (+ other Gecko browsers)* Jul 27 12:28 1
Your privacy - VPN & Firefox Jul 27 12:16 2
broadcasts Jul 25 04:57 1
hire a hacker Jul 21 01:38 1
The Life, Death, and Legacy of iPhone Jailbreaking - Motherboard Jul 4 21:53 2
Juha Saarinen: Stop the cyber war now - New Zealand Herald Jul 4 21:53 1
Cyberattack On Israeli Hospitals Led By 'Palestinian' Hacker - Defenseworld.net Jul 4 21:53 1
Derry republican Tony Taylor to sue Secretary of State for wrongful arrest and false imprisonment - Derry Now Jul 4 21:53 1
U.S. Cyber Warrior Begins NATO Job as Trump Pressures Alliance ... - Bloomberg Jul 4 21:53 1
Pope: Hunger caused by 'indifference of many, selfishness of a few' - Catholic News Service Jul 4 21:53 1
Vatican note on Reformed Churches' signing of Justification ... - Vatican Radio Jul 4 21:53 1
The Petrov Affair: Russian spy couple who defected to Australia during Cold War - Brisbane Times Jul 4 21:53 1
Foisting Blame for Cyber-Hacking on Russia - Antiwar.com Jul 4 21:53 2
Paul Goble: 8 reasons why Russian Communism and Russian Orthodoxy are so interchangeable - Kyiv Post Jul 4 21:53 1
Five Eyes Unlimited: What A Global Anti-Encryption Regime Could ... - EFF Jul 4 21:53 1
HTTPS Certificate Revocation is broken, and it’s time for some new tools Jul 4 21:53 1
United Nations News Centre - On anniversary of Somalia's ... - UN News Centre Jul 4 21:53 1
CIA has been hacking into Wi-Fi routers for years, leaked documents show - ZDNet Jul 4 21:53 1
Is the 'deep state' paranoia of Texas Republicans a sign of times to come? - Daily Kos Jul 4 21:53 1
New Orleans Man Called White Nationalist for Supporting Confederate Monuments - The New American Jul 4 21:53 1
How AMC's 'Preacher' Hopes to Bring a "Degree of Affection" for Hitler - Hollywood Reporter Jul 4 21:53 1
Lawmakers must step up to protect digital privacy - Herald-Whig - - Herald-Whig Jul 4 21:53 1
Yes, There Is A Civil War Looming, And The Alt-Right Is Pushing It - HuffPost Jul 4 21:05 1
News Brief: Trump CNN Tweet Is Criticized, Latest Vatican Shake-Up - NPR Jul 4 21:05 1
Lucknow slum children impress at Model United Nations - Hindustan Times Jul 4 21:05 1
No contract, no worries for unemployed cricketers - The Australian Jul 4 21:04 1
Google's Elite Project Zero Hackers Teach Business a Lesson - Fortune Jul 4 21:04 1
Why We HAVE To Start Talking About Child Sex Trafficking - Collective Evolution Jul 4 21:04 1
Officials warn 'hacktavists' could target 2019 election? - BBC News Jul 4 21:03 1
Hacker Fears? US Tech Companies Still Want To Work With Sanctioned Russian Spy Agencies - Forbes Jul 4 21:02 2
Major League Baseball has a racism problem - SB Nation Jul 4 21:02 1
NASA Will Soon Confirm Intelligent Alien Life Existence, Hacker ... - MobiPicker Jul 4 21:01 2
No, Brad Pitt Did Not Confirm Hollywood Is a Child Sex Ring - VICE Jul 4 21:01 1
Great Zionism Survey reveals: 75% of Sephardi Jews in Israel suffered from prejudice - JerusalemOnline Jul 4 21:01 1
Embattled SA attorney faces sex trafficking charges - KSAT San Antonio Jul 4 21:01 1
Petya: Is it ransomware or cyberwarfare? - CSO Online Jul 4 21:01 1
Some Erie County OCY cases part of statewide data breach - GoErie.com Jul 4 21:00 1
Aussie mobile phone use rises to 88pc but privacy fears linger - The Australian Jul 4 21:00 1
Whales, Mail Rail, And A Secret Society: July's Best Exhibitions - Londonist Jul 4 21:00 1
In its final season, 'Turn: Washington's Spies' set pieces go to auction - Richmond.com Jul 4 20:59 1
Putin admits he once ran an international spy network | New York Post - New York Post Jul 4 20:59 1
New Documents Reveal CIA Motives, Tactics in 1953 Iranian Coup - teleSUR English Jul 4 20:59 1
All 17 Intelligence Agencies Did Not Say Russia Hacked Election, New Update Reveals - Heavy.com Jul 4 20:57 1
In its final season, 'Turn: Washington's Spies' set pieces go to auction - Roanoke Times Jul 4 20:57 1
Security Pros, Librarians Holding Digital Privacy Clinics Across US - ConsumerReports.org Jul 4 20:57 1
Shadow Brokers Group Leaks Stolen National Security Agency Hacking Tools - NPR Jul 4 20:55 2
No, NASA is not hiding kidnapped children on Mars - Washington Post Jul 4 20:55 1
PayPal Phishing Site Asks Victims to Submit a Selfie Holding Their ID Card - BleepingComputer Jul 4 20:54 1
Vladimir Putin: inside the Russian leader's inner sanctum - The Australian Jul 4 20:54 1
Trump's America Isn't Any More Independent Than Obama's - Fortune Jul 4 20:50 1
The Hacker Hunters Chasing Russian Shadows - The Moscow Times Jul 4 20:50 2
The Civil Rights Act was a victory against racism. But racists also won. - Washington Post Jul 4 20:50 1
"Nationalist" accused of plot to attack French leader, minorities - CBS News Jul 4 20:49 1
Catholic and Reformed Churches mark ecumenical "milestone" - Vatican Radio Jul 4 20:47 1
A privacy group is suing Trump's election-integrity panel for trying to collect voter data - Business Insider Jul 4 20:46 2
Video: 2018 guard David Duke spring highlights - Inside the Hall Jul 4 20:46 1
Alt-Right in Fat Elvis Mode: 100 or so Nazis gather for “Freedom of ... - Baltimore City Paper (blog) Jul 4 20:44 1
The Age of Detesting Trump - London Review of Books (subscription) Jul 4 20:44 1
Microsoft: Latest security fixes thwart NSA hacking tools - ZDNet Jul 4 20:44 1
VA whistleblower doc faces ax unless Trump steps in - Fox News Jul 4 20:42 1
Bringing children home: A CMU spinoff goes after sex traffickers - Pittsburgh Post-Gazette Jul 4 20:41 1
Report: Status quo on conversions to Judaism in Israel to remain ... - Cleveland Jewish News Jul 4 20:41 1
Vatican hospital offers to take in baby Charlie Gard - CNN Jul 4 20:41 1
Risk — a searching profile of Julian Assange - Financial Times Jul 4 20:41 1
What Fashion Doesn't Get About Black Lives Matter - Refinery29 Jul 4 20:41 1
California internet privacy bill deserves quick OK - The San Diego Union-Tribune Jul 4 20:40 1
Industroyer or Crash Override: This Russian cyber weapon can take ... - Techworm Jul 4 20:40 1
Why more than a million Russians have lined up to see a piece of ... - Washington Post Jul 4 20:34 1
Watch the Drones: Can Black Folks Benefit From the New World Order? - The Root Jul 4 20:34 1
The girl who slapped Goebbels' naughty son.. before his father murdered him: Nurse reveals last, desperate days she ... - Daily Mail Jul 4 20:33 1
FBI Says Hackers Managed to Extort $28 Million in Cryptocurrencies - The Merkle Jul 4 20:33 2
By Facebook&#39;s Logic, Who Is Protected From Hate ... - Wired - WIRED Jul 4 20:33 1
GDPR: who needs to hire a data protection officer? - Naked Security Jul 4 20:32 1
Cowboys Casino's data targeted again by anonymous hackers ... - Casinopedia Jul 4 20:32 1
Mr. Sillypants Goes to Washington Jul 4 20:32 1
Leaked Manual Reveals How CIA Can Track Windows Users by Gauging Wi-Fi Signal - Gizmodo Jul 4 20:32 1
Hacks Raise Fear Over N.S.A.'s Hold on Cyberweapons - The New ... - New York Times Jul 4 20:31 1
Petya Weren't Expecting This: Ransomware Takes Systems Hostage Across the Globe - Security Intelligence (blog) Jul 4 20:30 1
Stand up to everyday racism and hate crimes, Jeremy Corbyn urges ... - The Guardian Jul 4 20:29 1
The MSN’s Eliot Ness Jul 4 20:28 1
Russia Hacked Election Systems In 39 US States, Obama Had To Use The “Red Phone” Warning - Fossbytes Jul 4 20:28 1
Hacker, Hack Thyself Jul 4 20:27 1
The alt-right is tearing itself apart. What remains after will be the future of far-right politics. - Mic Jul 4 20:26 1
Were the Founding Fathers White Supremacists? Liberals Seem To ... - NewsBusters (press release) (blog) Jul 4 20:25 1
So. A cross-Europe cyberwar simulation. Of ransomware • The ... - The Register Jul 4 20:24 1
Russian Orthodox Church thinks kids should have to learn Church ... - The Calvert Journal Jul 4 20:23 1
Russian TV channel offers gay people one way plane ticket out of ... - The Independent Jul 4 20:23 1
Russia was behind global cyber attack, Ukraine says - The Independent Jul 4 20:23 1
Her artwork was based on videos of her own children. Now she's ... - Washington Post Jul 4 20:23 1
New reports raise some big questions about Michael Flynn and Russian hackers - Vox Jul 4 20:23 1
The cyber attack that knocked out Ukraine this morning is now going global - Quartz Jul 4 20:22 1
Government plays a dangerous game with mass surveillance - The Hill (blog) Jul 4 20:21 1
Councilors,Martins Sound Off on Boston Globe 'Secret Society' Story ... - Everett Independent Jul 4 20:21 1
It's time for the NSA to speak up about its stolen cyber weapons - Salon Jul 4 20:21 1
Powerful new 'Stuxnet II' digital weapon can crash electricity grids and cripple economies, tech experts warn - The Sun Jul 4 20:20 1
Racist thug who ripped niqab from woman's face while yelling 'you f***ing stupid Muslim' swears outside court as he ... - The Sun Jul 4 20:20 1
IBM Named a Leader in Inaugural Gartner Magic Quadrant for Access Management, Worldwide - Security Intelligence (blog) Jul 4 20:19 1
Legalize It - Hacked Jul 4 20:19 1
Hacker "Incursio" Gets Two Years in Prison for Hacking CIA, DHS, DOJ, and FBI - BleepingComputer Jul 4 20:18 1