A German security enthusiast has used rented computing resources to crack a secure hashing algorithm (SHA-1) password. Thomas Roth used a GPU-based rentable computer resource to run a brute force attack to crack SHA1 hashes. Encryption experts warned for at least five years SHA-1 could no longer be considered secure so what's …
Title and intro are misleading.
As far as I can tell, he didn't "crack" the algorithm. He just calculated all the hash values for passwords up to 6 characters. You could do that with any hashing algorithm so it doesn't demonstrate a weakness of SHA-1. It merely demonstrates that short passwords are insecure and hashes should be salted, which we knew anyway.
Still, it's a good demo of Amazon EC2.
"You could do that with any hashing algorithm so it doesn't demonstrate a weakness of SHA-1."
Er, it does, it demonstrates that an exhaustive attack on SHA-1 is easily achievable with commodity computational power (49 minutes, $2, FFS).
That's a pretty large weakness.
Eh no - covering only 1-6 character passwords is not an exhaustive attack. I'm not going to do the math but I would imagine just choosing a few extra characters for your password will increase the time exponentially. So we're back in the realm of SHA-1 working just fine as long as you pick long passwords and salt them - just as the original poster said.
not really, no..
Actually, it proves that you can do an exhaustive search of all possible 6-char permutations in 49minutes using a set of fermi chips. As far as I can see, this is a bruteforce attack on the *passwords*, not directly on SHA1
Pointless arguing with ignorant anons
So I will merely refer you to the following article, the title of which is "SHA 1 Broken"
Keep on failtruckin.
Re: exhaustive attack
For one extra character in your password:
Multiply by 26 times if you use only lower case letters
52 times if you use lower and upper case letters
62 times if you use lower and upper case letters and numbers
98 times if you use every character available on my uk keyboard
No it doesn't
The only defence against this so-called attack is to use a hashing algorithm that runs much much much slower. A factor of 10**100 should to the trick.
But personally, I don't see the fact that a hashing algorithm runs fast as a weakness.
Just use a longer password.
OK, that series was only growing at a geometric rate, but that is bad enough.
increase the time exponentially
Ah, so it's safe since it costs $20 or $200 or even $2000 of cash from stolen credit cards to crack???
Those exponential numbers are a real bitch.
Oh no it wasn't
OK sorry, correcting my own posts and getting it wrong. How come there isn't a malt whisky icon?
SHA1 is "broken" just means that that there is an easier attack than that printed on the tin. I.e. in the case of SHA1 there is an attack that uses less resources than a brute-force attack. It does not necessarily mean that the attack is practical.
The attack in the article on "The Register" is a brute-force attack on short passwords, as the article states the only thing clever about it is how it uses the technology. The attack is not related to SHA1, it just so happened to use it, it could use any algorithm. The attack is not against SHA1 but small length passwords.
Saying this attack breaks SHA1 is a bit like saying RSA is broken because someone did a brute-force attack an 46-bit RSA key.
Neat hack, misleading headline
SHA-1 wasn't designed to be slow, it was designed to be "cryptographically secure". This is why proper password implementations which use any type of hashing have multiple rounds and salt ("PBKDF" and "password strengthening" are terms associated with these).
Read http://www.akkadia.org/drepper/SHA-crypt.txt for a real password implementation (which uses SHA-2 rather than SHA-1, but the principle is the same).
5000 rounds + 16 characters of salt makes brute-force a *lot* harder. Approx 2^108 times harder, if you don't have the salt, and only ~2^12 if you do (making a 2 hour exercise into a ~12 month exercise). I've read the results, the input file had one hash round.
I see a neat hack (nicely documented too) showing what you can do with EC2, and a misleading headline... "crack sha-1 hashes" != "crack sha-1 hashing"
Wake me up when someone uses EC2 to find useful SHA-1 collisions :)
The CLOUD! It is EVIL!!! Oh noes!
This is awful, I had previously assumed that CLOUD could only be used for good. Cloud is good! Cloud can not be evil! Cloud will solve all problem of humanity ! BAD CLOUD!
Yes, cloud is fluffy - we know what clouds are like.
They cut bits off to make marshmallows.
We're not supposed to remember that clouds can get dark and fat and totally fuck you over.
Get used to it
Crypto is a numbers game that's always going to favour the attacker. The defender relies on the attack being more costly (by orders of magnitude) than the building of the wall was. Crypto defenses on a weedy device like a phone will never (well, not for long) win that one against an attacker who can leverage all the compute-power they could possibly want, no matter how clever/tortuous the algorithm used.
Any resource that's worth protecting with a password should not give the attacker several billion attempts to get the answer right. Get the wrong login to my box 3 times on the bounce, bet your ass you're not getting any more tries.*
*Admittedly distributed attacks do make this a bit of a game of whack-a-mole, but unlike legit clouds, botnets do get tired eventually - longest I've suffered was almost a week. And I'm hoping you can't conduct a distributed attack from a cloud...
Our websites all have a 3-strikes login for both admins and members - get a password wrong 3 times, and the account is locked for 24 hours. An email is sent to the owner advising them of the failed login attempt and that their account will be reactivated tomorrow. In addition, two login attempts from more than one IP address within 60 seconds also locks the account - this is protect against exactly the sort of thing mentioned in the article, people using botnets to brute-force a password.
It's not hard to program this functionality (about 10-20 lines of code in PHP all up), and it's just common sense to put in this kind of security. Banks have been doing this for decades - get your PIN wrong 3 times at an ATM and you lose your card. Why haven't so many web developers done the same thing?
sorry to disappoint you
I've already had networks attacked by EC2 hosts. And found that the their 'reporting requirements' favor miscreants over good.
And...here's your title
Hmm... how long to crack a 15 character password? 20? And why aren't they required? I am guessing that $2 investment will very quickly turn into a 6 figure investment with that many variations even sans NaCl.
Don't use short passwords.
Anyone using short passwords should be worried, but by my math if it costs $2 to brute force a 6 character password it will take roughly $8 thousand to crack a 8 character password and $33 million to crack a 10 character password.
My passwords are 10 digits. What would scare me is a vulnerability that let people unlock my stored Firefox passwords without the master password.
you do WHAT!!?
Isn't trusting a browser (even the hallowed fox) a bit like, well, trusting a fox with the henhouse?
One man's botnet is another man's cloud
I guess it won't be long before hackers use their botnets to act as Clouds - either for their own nefarious computations, or to hire out commercially like Amazon etc do for general computation.
In fact, given their hardware costs are paid for by the infected machine owners, they could easily undercut the existing commercial Cloud providers.
The trouble with the Cloud is you never really know where the machines are that you're using. Often that doesn't matter, but it could be embarrassing if it turned out your company was running on a botnet!
Botnets are already rented out, regularly. That's kind of the idea :-D
re: Security watchers warn that the development opens up the possibility
So they will also be using the Botnets for bad things - wait a minute!
"Er, it does, it demonstrates that an exhaustive attack on SHA-1 is easily achievable with commodity computational power (49 minutes, $2, FFS).
That's a pretty large weakness."
rubbish. bruteforcing via incrementation password/passphrase from 1 to 6 chars/bytes, checksuming it and comparing to hash - whatever long it is - isn't proving _anything_ (besides your/"crack" performer's lack of understanding of basics of cryptography). using another method here is crazy - rainbow tables for 6 chars-long phrase? overkill.
basically hashes aren't reinforcing short/weak passowords if hashed unmodified (by salt - for example; other option: engine seeding - like in SSHA or most of symmetric cipher modes). once again we see how el reg badly needs competent tech experts. it's good habit to ask specialist for comment before putting such crap on site.
Clouds and rainbows?
It'll be unicorn's tears next.
letter$ and d1g1t$
so...SHA1 can be cracked for $2 in 49mins, just so long as the target system allows unlimited unsuccessful retries...?
It was reported over a year ago how easy this is (yes there is a recent update in light of this story)
$2 + Moore's Law = ?
It costs $2 now, less tomorrow.
For that matter - step one, crack the billing system on the rented computing service; step two, take over every computer in the world; thus, take over the world. That's $2 well spent!
Although if you do take over the world then it becomes your responsibflity to back it up...
...which is why sysadmins rarely run for public office.