Several people have asked what it means to crack a password hash, and others have asked for an even simpler explanation of what a hash is.
In brief, a hash is a one-way cryptographic function. In security circles, it’s not really considered to be encryption, in the technical sense, but it is a function of cryptography. When we hash something, we take a value, it can be any length of letters, numbers, text and we perform a function on it that spits out a fixed-length value. With the LinkedIn passwords, they use a hash algorithm called SHA-1. SHA-1 always gives us an output of exactly 160 bits. You’ll see a specific example set below.
It’s this method that LinkedIn, and other sites, use to store passwords. User passwords should never be stored in plaintext. Hashed passwords (with a salt, described later) are an accepted common practice for storing user passwords. Note that some security professionals will argue that passwords should be stored using password encryption, instead of these hashes. For more on that, read comments by Thomas Ptacek on Brian Krebs’ blog. For more on what LinkedIn changed, see “Is LinkedIn lying about their new password salting?”
The idea of a hash is that it’s one-way. Every time you put in a value, you get the same output, but you can’t take the output, perform a reverse function, and arrive at the original value. That means, as in our example below, if we enter “fluffyrocks” and hash it, we’ll always get the exact same hash value. But, there’s not a way to take the hash value and directly figure out the original text is “fluffyrocks”. When a site validates your password, it’s taking the hashed value of what you enter, and comparing that to what’s stored in its database. If you entered “fluffyrocks” the hash output should enter what’s stored. If you enter anything but that, the hash won’t match and you won’t be authenticated. Even the smallest change in the original text produces a drastically different hash.
Now, this one-way function doesn’t mean that you can’t crack a hash. It’s just cracked using different methods than a two-way encryption algorithm. With hashes, attacks are brute-force using dictionary attacks and/or rainbow tables. Meaning, something analyzes pre-computed hash values. When a match of hash values is found, an attacker can see what in the cracking dictionary produced the same hash. That’s how these hashed passwords are compromised.
The most common practice when storing passwords as hashes, is to use what’s called a salt. A salt adds some entropy to the mix by introducing additional bits that will be hashed along with the password. Salt strings vary in length and are applied before or after the password in the hash algorithm. Each password in a database should have a unique salt. This won’t completely prevent the password hashes from being compromised, but it makes the task a lot more daunting and processor- and time-intensive. To crack a list of salted hashed passwords, an attacker must factor both dictionaries for the original password and the salt values.
So, how hard is it to crack unsalted passwords, such as those leaked in the LinkedIn breach? Here’s an example and fun hands-on activity for you to try.
- Your plaintext password (not stored by LinkedIn)
- LinkedIn’s unsalted SHA-1 hash stored, function (sha1($pass))
- Normal password salting with SHA-1 hash, salted with abcdef0123 (sha1($salt.$pass))
- LinkedIn’s salted double-hashed, now stored (sha1($salt.sha1($pass)))
Try it yourself:
1. First, find out the hash value of a password or string.
You can find the SHA-1 hash of a password or phrase on several sites, try http://www.xorbin.com/tools/sha1-hash-calculator or http://www.tech-faq.com/sha-1-generator , or Google “SHA-1 generator”.
2. Then use a SHA-1 cracker online.
In my example below, I used www.CrackStation.net to test out the ease of cracking. Google for SHA-1 crackers for more options.
Note the links provided are for unsalted hashes. There are tools readily available designed to crack salted hashes also. This is why I’ve noted earlier that salting the password before storing it doesn’t prevent it from being cracked, it just adds some protection.
Here in the screenshot from Crack Station below, I’ve entered 3 values:
- SHA1- hash of the unsalted password
- SHA1- hash of a salted password
- SHA1- hash of a salted of the original password hash* (What LinkedIn is doing now, read more here)
You can see the unsalted hash was cracked immediately and returned my plaintext password of “fluffyrocks”. As expected, the two salted hashes were not cracked with this tool. This is why more than 50% of the LinkedIn hashes were cracked, and the original plaintext found so quickly. Had the passwords been salted, it would have slowed the process, but not prevented it.
# # #