e4b48fd541b3dcb99cababc87c2ee88f = elephant

This post on the Light Blue Touchpaper blog tells us all yet another thing we can do with Google:

Find a password, if our l337 h4XX0r skillz have already allowed us to harvest the MD5 hash for it.

The completely stupid way to store passwords, implemented by small children writing programs in BASIC and by $300-an-hour consultants writing enterprise software, is to just save all of the usernames and matching passwords as plain text in a file somewhere. If an attacker can read that file, they can now log in as anybody.

A much better, but still not as secure as it should be, method of saving passwords is to "hash" them using a "one way" or "trapdoor" algorithm, like MD5. A trapdoor algorithm runs very quickly in one direction (turning a password into an almost-unique string of seemingly random characters), but is almost impossible to run the other way, if you don't have access to cubic kilometres of sci-fi nanotech.

If someone gets hold of the file in which you store password hashes, the one-wayness of the hash algorithm means the attacker still can't figure out what passwords correspond to what hashes, and so cannot make use of his discovery.

Well, that's the theory.

In practice, attackers can take a dictionary of passwords, hash them all, then search for matches between their new hash dictionary and the password hashes. There are even helpful online tools that'll do it for you, like the long-established passcracking.com/ru, or md5oogle. When there's a match, you've got the password.

And this is what Google allows you to do in two seconds, if the password hash you're trying to "reverse" corresponds to a common word.

The word "elephant", for instance, hashes to e4b48fd541b3dcb99cababc87c2ee88f. Search for that in Google and you'll get a bunch of pages which, for reasons explained in the Light Blue Touchpaper post and its comments, often also have the word "elephant" on them, or right in their title.

(This post will probably be very high in those search results in a day or two. Check out the above-linked online reverse MD5 hash lookup tool if you'd like to explore other options - it lets you hash any string you like, then checks some databases for it. While it's checking, you can be Googling the same string. Md5oogle lets you generate MD5 hashes as well, but it converts everything to uppercase first - which many password systems also do.)

This technique only works for passwords that're common words - or, at least, have for some reason been hashed and stored in a Google-visible file. If your password is something nonsensical like dj347F, which hashes to 54041c87e2e431f3fc4c47e55d114ef3, the hash won't be found anywhere on the Web (except, again, on this page, once Google indexes it).

This technique also doesn't work if the passwords are "salted" with some extra data before being hashed. So if a user foolishly decides to choose "mypassword" as his password, the software actually hashes, say, 28391mypassword, and thus creates an un-findable hash.

Adding a simple fixed salt to every password still doesn't give you really industrial-strength security, but it's streets ahead of a lot of the junk that makes it to production. And it does stop dumb attacks like Google searching - well, at least until people find out that MurderDeathKill 3D's online gaming logon system just adds 28391 before hashing passwords, and start making tables of dictionary words with 28391 in front of 'em.

Lots of current popular software uses unsalted hashes, including the WordPress software that runs this blog.

So it's pretty lucky that I made my admin password "3hv78UEr", isn't it?

6 Responses to “e4b48fd541b3dcb99cababc87c2ee88f = elephant”

  1. TimDurnan Says:

    I've always been a big fan of the "move one or both hands away from home row and type your passphrase via touch-type" method of passwords. As an example, if both hands are moved directly up one row, the passphrase danielrutter becomes eqh83o475534, and so on. This makes passwords that are both pretty-darn-difficult and pretty-easy-to-remember, and I've been using this technique for about seven years or so with great success.

  2. TimDurnan Says:

    And, of course, by "pretty-darn-difficult" I mean "pretty-darn-secure." Heh.

  3. rho Says:

    Salted passwords are good, but it isn't the Holy Grail. How long is the salt valid? A salt that lasts forever isn't forever unbreakable, and changing salts introduces all new problems.

    By by and large, it's not a bad idea.

  4. EEK Says:

    I think it's worth mentioning that a Google Search for "e4b48fd541b3dcb99cababc87c2ee88f" now returns this blog as the first result...

  5. loseweightslow Says:

    I was always of the belief that the salt is stored in plain sight right next to the hashed password in the passwords file and that a new salt is generated each time a password is written to the file. That way if two users have the same password the hashed passwords always look different because each has a different salt. Most secure systems require a password to be changed every few months and for it to meet minimum length and character type composition with the time frame for password change chosen by how long it a brute force checker would take to get a small way through a brute force attempt. You can improve the security by making the hash calculation computationally long, like 4096 iterations of MD5. If it takes a second to calculate the hash then it will take a huge amount of processing power and many years just to get a tiny way though the key space of an 8 character password containing upper, lower and punctuation characters. Very secure.

  6. gluino Says:

    >"A trapdoor algorithm runs very quickly in one direction (turning a password into an almost-unique string of seemingly random characters), but is almost impossible to run the other way, if you don’t have access to cubic kilometres of sci-fi nanotech."

    I don't think the terms "trapdoor function" and "one-way function" are strictly interchangeable.
    I think MD5 is considered a one-way function, while RSA encryption is considered a trapdoor function, because there is a trapdoor (i.e. shorcut, the key) which helps you reverse the encryption... decrypt.

    Whereas in the case of MD5, there is no shortcut to restoring the plaintext from the hash, or even to get some other string that collides with the plaintext.


Leave a Reply