Posted on 07/25/2013 3:49:38 PM PDT by Errant
The U.S. government has demanded that major Internet companies divulge users' stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed.
If the government is able to determine a person's password, which is typically stored in encrypted form, the credential could be used to log in to an account to peruse confidential correspondence or even impersonate the user. Obtaining it also would aid in deciphering encrypted devices in situations where passwords are reused.
"I've certainly seen them ask for passwords," said one Internet industry source who spoke on condition of anonymity. "We push back."
(Excerpt) Read more at news.cnet.com ...
and the hits just keep rollin
Says a lot of bad things about the United States.
Given the hashes, it's actually fairly straightforward to brute force something that will work most accounts, as people seldom use more than 10 characters in a password, especially on a web service.
Are you absolutely certain that some clever Ph.D. hasn't come up with a method of breaking a hash code?
I don't think you really understand what a hash is. A hash is not an encrypted password. It is the result of a defined algorithm executed on the password.
Here's a really good example of a hash (this particular example is using the MD5 hashing algorithm: 265043fa6b45db9f70c260e87d1a592c
There is no way you could take that hash and use it to reconstruct the document it represents. How do I know? There simply is not enough information there. That was the MD5 hash of an ascii text file of the King James Bible. There is no way to extract 5 MB of data from those few characters.
Let's look at this from another direction as well.
Here's a little one line shell script for generating some hashes:
for x in abcde qwerty 1234567 gjhagjadklgjhalgkafjghadflgkd 5 ; do echo $x | md5sum;done
Here's the output of that script: 9b9af6945c95f1aa302a61acf75c9bd6 - a86850deb2742ec3cb41518e26aa2d89 - 1b504d3328e16fdf281d1fb9516dd90b - 9dd78b66da1c2e5e38ad521594b6c5b4 - 1dcca23355272056f04fe8bf20edfce0 -
Now, you may well be able to run a password guessing program that could come up with the passwords abcde, querty, 1234567, and 5, but you'll spend a lot more time trying to crack the account whose password is gjhagjadklgjhalgkafjghadflgkd. You'll notice that the hash doesn't vary in length regardless of how much data is fed to it. The has of just the number "5" pretty mch looks like the hash for gjhagjadklgjhalgkafjghadflgkd, so you can't determine from the hash how long the password is. Rather, you simply brute force all possible passwords until you hit one that has the same hash as the one you're looking for.
You'll notice I didn't say that you''ll necessarily hit the same password, but you will have found some string that hashes to the same value, so for your purposes, it works just as well. This is because it is possible to have what they call a 'collision'. A hash collision is where two different texts result in the same hash. They aren't likely, (in fact they are pretty darned rare, especially when you're dealing with strictly ascii text), but they are possible. You are probably more likely to hit multiple lotteries than hit such a collision by chance, but you do know, don't you, that there is a fellow who has actually won 2 lotteries?
Anyway this is all a long-winded explanation of why you don't actually reconstruct data from a hash.
However, it is still a very, very bad thing for a company to provide these hashes to our feral government, because of how much easier it makes it for the feral thugs to crack people's accounts given how poorly most people construct passwords.
Do you have any idea how few tears I would shed if I woke up tomorrow morning and learned right here on FreeRepublic that a meteorite had struck the White House lawn, and had created a crater about 10 miles in diameter the previous evening?
That was just to store the hashes produced by going through all of the possible 13-character printable ASCII passwords (to cite one example — there are also all the 14-character passwords and all the 15-character passwords, etc. — better order more drives).
The number of distinct 20-byte hashes is 2**160, or approximately 1.46e48, a far higher number.
The number of 13-byte printable ASCII passwords is 95**13, or about 5e25. There are 2.85e22 times as many possible 20 byte hashes as there are 13-byte printable ASCII passwords.
This is not to say there are no collisions (more than one 13-byte password producing the same 20-byte hash), but it should be extremely unlikely.
Unless there is an undiscovered flaw in the SHA1 algorithm, which would reduce the password search space substantially. That's always possible.
But the larger point is, it doesn't make sense for the government to be going after passwords when they have inside access to the providers and the carriers.
When I was first introduced to real computing --- structural engineering, hydraulics, 2D and 3D coordinate geometry, geodesics, etc., the IBM 720 was the cloud. And it took over 15 years to have the ability to control our own data and records.
Wang and Olivetti come to mind.
I know that, up to the year I retired, engineers and surveyors would no more use the cloud than an outdoor filing cabinet.
Lawyers? A whole different animal.
So I guess it's magic anytime you type in your password on a website and it just works huh?
No. It's not magic. It is a hash. If you are doing business with a company, and you forget your password, and their tech support line can actually give you your old password, run. Do not walk. Run away from them because they are absolutely violating very fundamental and elementary protocols. There is never a situation where they should be able to tell you what your password is.
This is pretty basic stuff, really.
Better yet, send them randomly generated hash data and watch them reduced to babbling... He he heh.
Given that hash codes inherently allow multiple inputs to generate the same output, this is a far less demanding problem.
Not simple, not trivial, not straightforward, but in the realm of possibility.
Especially if you know the algorithm used to generate a given provider's hash.
I've never worried about anything I've done, but when younger used to stay awake nights wondering what I would do if ever asked, "where were you the evening of March 12, 1989, between the hours of 11 pm and 3 am?
If my life depended on it, I would be unable to answer correctly.
When the government itself manufactures reasonable doubt for me, I consider that an improvement.
LOL. Evil.
I used to regularly send out PGP messages that were basically nothing but a collection of random lines generated from other PGP messages. Or, encrypt something large, like the Bible (yeah, this was a long time ago, and 5MB was a lot of data), then cut the 1st 10 lines, the last 10 lines, and every other line in between to make what was essentially random gibberish. Then send it along.
There are all kinds of fun things you can do to annoy feral government.
Given that hash codes inherently allow multiple inputs to generate the same output, this is a far less demanding problem.
Not simple, not trivial, not straightforward, but in the realm of possibility.
Especially if you know the algorithm used to generate a given provider's hash.
Absolutely. From later posts, it's obvious that you understand this better than your initial message indicated to me.
This is why I really dislike use of MD5, though it is good for examples. I recall someone being able to successfully generate some email message collisions quite a while back. Even SHA1 has some known weaknesses. sha256 should leave you outside of any reasonable likelihood of collision this side of the sun's eventual death by nova.
OK. so, here's another thought that's almost completely off topic, but not quite...
Let's say Alice makes claims on the internet to have built a spaceship that contains a functional time machine in it. (A time machine without an accompanying spaceship is pretty useless for obvious reasons)
Bob reads about those claims and is rightfully sceptical. "Prove it" says he.
Alice agrees and posts something that looks like this...
Today is 7/26/2013 b4a551c8edf7f28a19353f95a74275af46bf620165d85e11032b165f188d22aa I'll post again on 7/28/2013
On the 28th, she posts:
Today is 7/28/2013 echo "07/27/2013 25 32 35 50 51 MB: 46" | sha256sum QED
Would you say that could suffice as proof?
Therefore you don't need to test every possible 13 character, 14 character, 15 character, 16 character, full length of War and Peace character input.
That being said, I did miscalculate the data requirements by a wee little bit.
And that being said, human remember-able passwords are a much smaller set of all possible passwords. I'd bet that even now fewer than a thousand words make up 80% of them (with "password" being #1)...
Beats me! Mongo just pawn in game of life...
I’m just waiting for the first case where, due to these revelations, the jury acquits someone because of the “reasonable doubt” cast upon any Internet-based or digital evidence (and most evidence is going to be digital, with paper accounting files, and so on in decline). All it will take is one astute jury and one convincing defense attorney.
After that, it will be back to square one, with shoe leather and interviews for the coppers...
OMG, you're not kidding. People suck at remembering passwords.
Here are the 25 most common passwords of 2012, along with the change in rank from last year. From a CBS site. You'll find similar lists all over the place.
1. password (Unchanged)
2, 123456 (Unchanged)
3. 12345678 (Unchanged)
4. abc123 (Up 1)
5. qwerty (Down 1)
6. monkey (Unchanged)
7. letmein (Up 1)
8. dragon (Up 2)
9. 111111 (Up 3)
10. baseball (Up 1)
11. iloveyou (Up 2)
12. trustno1 (Down 3)
13. 1234567 (Down 6)
14. sunshine (Up 1)
15. master (Down 1)
16. 123123 (Up 4)
17. welcome (New)
18. shadow (Up 1)
19. ashley (Down 3)
20. football (Up 5)
21. jesus (New)
22. michael (Up 2)
23. ninja (New)
24. mustang (New)
25. password1 (New)
Of course, in a corporate environment, it's hardly the user's fault. How the hell are you supposed to remember a 30 character password that has UPPERS lowers and specials in it, that you can't mistype 3 times in a row without locking your account out if the morons in the "security" group make you change it every 60 days?
A 30 char passwd is actually pretty decent, and would take a while for even the feral government to crack. However, noone is going to be able to learn a 30 char passwd easily. You'd be surprised how easy it gets to enter a really strong password if you enter it a couple of times a day for 6 months.
Always ask our security guys if they want good passwords or just want to pass an audit. The answer should be obvious given what has come to be standard policies.
Because the NetSec weenies force us to use sucky passwords that we must remember, even those of us who take care to craft awesome passwords for our personal data, we generally don't go beyond the minimum requirements necessary for the passwd to pass muster. Also, because of the rules they put in place, even those of us who actually care about things like password security will use a method of gnerating them that is reproducable so that we won't easily screw ourselves over because of a forgotten password.
Passwords suck, but it's not entirely our fault they suck. Though anyone using any of those top 25 passwords above needs to be shot, hanged, and then left to rot in the Texas sun for a month or two.
*shrug* I have a different password for each account/website.
On the other hand, if they turn over the stored hash, then conceivably if they require the web companies to change how they respond to password requests, then they don’t need the password.
Any length password protected windows 7 box can be opened in about 30 mins if you have physical access.
I thought the goal was to build a database that would allow you quickly to obtain a password corresponding to some 20-byte SHA1 pulled out of a provider's password database. A password, i.e., some printable ASCII string which will allow Agent Henshaw to log in and snoop or worse, that is. Not necessarily the password used by the target.
The problem is actually even harder than what I discussed above. This is because providers use salts in conjunction with the passwords. A salt is a random value chosen at password assignment / change time. To check a password, they don't calculate the SHA1 of the password. Rather, they compute the SHA1 of the password concatenated to the salt. This means a user using the same password on two different accounts will have completely different hashed passwords. It also means calculating that giant database on all those yottabytes would be an exercise in futility.
human remember-able passwords are a much smaller set of all possible passwords. I'd bet that even now fewer than a thousand words make up 80% of them (with "password" being #1)...
That is definitely true. Weak passwords are a whole other problem.
The other day, Anonymous apparently got into Congress's email system and disclosed the password list (not hashed at all, much less as described above, LOL). They wrote:
NOTE: FOR THE PURPOSES OF BEING FAR TOO GENEROUS WITH YOU GUYS, WE HAVE REMOVED SOME OF THE PASSWORDS AND SHUFFLED THE ORDER OF THE REMAINING ONES.
THESE ARE ALL CURRENT, VALID CREDENTIALS BUT THEY ARE NOT IN THE ORIGINAL PAIRINGS. WE RESERVE THE RIGHT TO SPONTANEOUSLY DECIDE THIS RESTRAINT WAS UNJUSTIFIED.
and then proceeded to list 2046 scrambled email / password pairs. What was funny was the number of times the morons made passwords out of pairing recognizable names with congressional districts. It nicely defeats the "restraint" of the hackers, while highlighting the stupidity of the critters and their staffs.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.