Security – passwords are stolen, how does it work?

I have a few sets of passwords. They are used on various websites.

I received a message from Hulu that someone logged into my account in Europe (I live in the United States). I used PW1 for hulu.

A few minutes after this notification, I received an email from Google saying that someone was trying to log into my Gmail account. I used PW2 for Gmail.

Now my question is why two sets of passwords are stolen at the same time? Or people is not my Pw stolen, but something that can bypass the Pw (maybe cookies from my PC)

The other question is how to fix?

5.0 lollipop – How easy it is to find passwords from stolen devices

My Android Tab was stolen. There was no protection. It contains at least three pieces of information that are important to me – Amazon, Google, and Microsoft accounts.

I do not think it's in the hands of hackers. How easy is it for a layman to retrieve account passwords or get to other data through unsubscribed accounts?

Group password manager, which requires multiple passwords to access a vault

I'm trying to find an optimal way to manage shared credentials for informal groups. Ultimately, I think it would be nice to have a vault that can only be accessed if a certain number (approximately 3) of correct passwords have been entered in a short time. This could provide some prevention for the possibility that a member of the group will become a villain.

Is there a service (password manager) that can offer such a feature?

Passwords – How do I save salt?

TL; DR – You can save the salt in plain text without obscuring or encrypting it, but do not just pass it on to someone who wants it.


The reason we use salts is to stop pre-calculation attacks like rainbow tables. These attacks create a database of hashes and their plaintext so that hashes can be searched for and immediately converted to plain text.

For example*:

86f7e437faa5a7fce15d1ddcb9eaeaea377667b8 a
e9d71f5ee7c92d6dc9e92ffdad17b8bd49418f98 b
84a516841ba77a5b4648de2cd0dfcb30ea46dbb4 c
...
948291f2d6da8e32b007d5270a0a5d094a455a02 ZZZZZX
151bfc7ba4995bfa22c723ebe7921b6ddc6961bc ZZZZZY
18f30f1ba4c62e2b460e693306b39a0de27d747c ZZZZZZ

Most tables also contain a list of common passwords:

5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 password
e38ad214943daad1d64c102faec29de4afe9da3d password1
b7a875fc1ea228b9061041b7cec4bd3c52ab3ce3 letmein
5cec175b165e3d5e62c9e13ce848ef6feac81bff qwerty123

* I'll use SHA-1 as an example, but later explain why this is a bad idea.

So if my password is hash 9272d183efd235a6803f595e19616c348c275055It would be extremely easy to search for it in a database and find out if it is plain text bacon4, Instead of spending a few hours cracking the hash (in this case it would take a few minutes on a decent GPU, but we'll talk about that later), you'll get the result immediately.

Obviously that's bad for security! So we use a salt. A salt is a random unique token that is stored with each password. Let's say the salt is 5aP3v*4!1bN and the hash is 9537340ced96de413e8534b542f38089c65edff3, Now your database of passwords is unusable because nobody has rainbow tables that contain this hash. It is mathematically impossible to generate rainbow tables for every possible salt.

Now we've forced the bad guys to crack the hashes again. In that case, it would be pretty easy to crack because I used a wrong password, but it's still better than he can look it up in a tenth of a second!

Now there is the goal of the salt just To prevent pre-generated databases from being created, they do not have to be encrypted or hidden in the database. You can save it in plain text. The goal is to force the attacker to crack the hashes as soon as he gets the database instead of looking them up in a rainbow table.

There is a limitation, however. If the attacker can quietly access a salt In front Burglary into your database, eg. Through a script that offers salt to anyone who asks, he can create a rainbow table for that salt as easily as possible, if there were none. This means that he can silently take the salt of your administrator account and create a nice big rainbow table, then hack into your database and log in immediately as an administrator. This will not give you time to determine that a violation has occurred and no time to take action to prevent damage, such as: Change the administrator password / lock privileged accounts. This does not mean that you should disguise your salts or try to encrypt them, but that you should design your system so that they can access the salts only when you enter the database.

Another idea to consider is a pepper. A pepper is a second salt that is constant between individual passwords but is not stored in the database. We could implement it as H(salt + password + pepper), or KDF(password + pepper, salt) for a key derivation function - we'll talk about that later. Such a value could be stored in the code. This means that the attacker must access both the database and the source code (or the Webapp binaries in the case of ASP .NET, CGI, etc.) to try to crack the hashes. This idea should only be used to complement other security measures. A pepper is useful if you are concerned about SQL injection attacks where the attacker only has access to the database, but this model becomes (slowly) rarer when parameterized queries are executed. You are with parameterized queries, right? Some argue that a pepper is safety through darkness, since you only cover the pepper, which is something true, but it is not to say that the idea is unfounded.

Now we are in a situation where the attacker can force every single password hash, but can no longer search for all hashes in a rainbow table and immediately recover plaintext passwords. How can we prevent brute force attacks?

Modern graphics cards contain GPUs with hundreds of cores. Each core is very good at math but not very good at decision-making. It can do billions of computations per second, but it's pretty awful to do operations that require complex branching. Cryptographic hash algorithms fit into the first type of calculation. As such, frameworks such as OpenCL and CUDA can be used to massively accelerate the operation of hash algorithms. If you run oclHashcat with a decent graphics card, you can calculate more than 10,000,000,000 MD5 hashes per second. SHA-1 is not much slower either. There are people with dedicated GPU cracking rigs that contain 6 or more top-end graphics cards, resulting in a cracking rate of over 50 billion hashes per second for MD5. Let me put this into context: Such a system can forcefully force an 8-digit alphanumeric password less than 4 minutes,

It's clear that hashes like MD5 and SHA-1 are way too fast for this type of situation. One approach is to do thousands of iterations of a cryptographic hash algorithm:

hash = H(H(H(H(H(H(H(H(H(H(H(H(H(H(H(...H(password + salt) + salt) + salt) ... )

This slows down the hash calculation but is not perfect. Some advocate the use of SHA-2 family hashes, but this does not provide much extra security. A secure approach is to use a key derivation function with a work factor. These functions require a password, a salt and a work factor. With the work factor, you can tailor the speed of the algorithm to your hardware and security needs:

hash = KDF(password, salt, workFactor)

The two most popular KDFs are PBKDF2 and bcrypt. PBKDF2 performs iterations of an encrypted HMAC (although it can use block ciphers), and bcrypt calculates and combines a large number of cipher text blocks from the Blowfish block cipher. Both do about the same job. A newer version of bcrypt, scrypt, works on the same principle, but introduces a memory-intensive operation that makes cracking GPUs and FPGA farms completely impossible due to memory bandwidth limitations.


To update: As of January 2017, Argon2 is the newest hashing algorithm of choice, winning the Password Hashing competition.


Hopefully this will give you a good overview of the password storage issues and will answer your salt storage question. I strongly recommend reading the "Links of Interest" at the end of Jacco's answer, as well as the following links:

Access control – passwords with exclamation points continue to fail

For the past three, maybe four years, a website I'm an administrator for had password problems. We used Linux and / or Unix in the past, but not for a long time. I think our paid server uses Apache.

As a CSR, I keep receiving emails telling me that people are logging in fresh and new, and can not access the website they've paid for. Almost all complainants used an exclamation mark in their custom password. In the end, I have to add them manually.

I'm convinced that this is a server-side problem. But I do not know enough to prove it to my teammates. I've been trying to figure this out for years, but now is the time to get serious.

What or where can I find more information about this? What would prevent a password with an exclamation point from working? Is it just correlation, not causality? Advice or advice on where to start is welcome.

Force users to think of more complex passwords

This xkcd comic shows very well that you should only worry about the length of the password:

Enter image description here


This quote puts it in a nutshell:

Through 20 years of endeavor, we have all successfully trained
Passwords that people can not remember, but which are easy on computers
guess.

You should therefore pay special attention not to limit the length of passwords (I found some websites where the maximum length was 8 characters!).

Forcing users to do something is rarely a good idea. It may be better to allow all passwords, but to display a password strength value as a direct response after entering the password. You can calculate this strength by length and / or special characters. The value could be represented by a color, e.g. red for weak, orange for strong and green for very strong.

Personally, I do not like it when websites force me to choose a password that consists of different components (numbers, different uppercase and lowercase letters, special characters). Most of these are the exact sites that receive a password reset request the next time they visit.