All your passwords are belongs to Elite Hacker Group. Sony, repeat.

The passwords were shared via a Russian hacker site

Thanks LINKEDIN !!! That's just what 6.5 million people needed this morning. And just think of the savings!

That's what you get for buying Ferraris instead of staffing your company and then bragging about the ROI per employee, then eating an entire Dunkin Donuts to boot.

You lookin' at me? Are you lookin' at me???

You know it.

Of course who knows if that's saving passwords and hashes ....

 Edit: changed hack for crack.

C

1 hour ago, JuanZamudio wrote

@blowdart:It would be genius if the hackers put that site to get the passwords they couldn't hack.

It wouldn't be really useful if they couldn't tie it to a specific email address.

3 hours ago, Charles wrote

unsalted Sha-1.... That's pretty lame.

C

Even if the passwords were hashed with salt, if you have six million of them, you could likely guess the salt from the distribution. If you took the most common passwords, and compared it to a histogram of common passwords, you could leverage that knowledge to guess the salt. Or maybe not.

-Josh

1 hour ago, magicalclick wrote

Didn't read it, but, they didn't salt each password? Hard to imagine why didn't they do it.

No they didn't *faceplam*

1 hour ago, JoshRoss wrote

*snip*

Even if the passwords were hashed with salt, if you have six million of them, you could likely guess the salt from the distribution.

Not really, salts should, ideally, be unique. Even if they used the email address you're going to have a slow old time with rainbow tables, or precomputing.

Even if they used a single salt it's not really guessable as far as I can see.

But lets face it, for 6.5M+ leaked auth info with passwords likely duplicated across services like banks, paypal, ect... it would be way more cost effective to pay off a former employee who it can't be traced back to. Tell him he'll get a million, then right before he turns it over tell him 10k and if he doesn't turn it over, you'll give him up to the FBI.

Especially if you're some dude in Russia. Then 10 years later when you free your jailed Lukoil/Cayman island buddies from today's generation of black hat internet degenerates, you can fund the next Mark Zuckerberg and have Silicon Valley ignore all the horrible sh1t you did and treat you like a hero. "This guy made it out of the slums of St. Petersburg (clap) by the might of his keyboard alone"

2 hours ago, blowdart wrote

*snip*

Not really, salts should, ideally, be unique. Even if they used the email address you're going to have a slow old time with rainbow tables, or precomputing.

Even if they used a single salt it's not really guessable as far as I can see.

 

I wonder if anyone use "lossy" encryption. This may sound dumb, but, if you simply crap out the original password, like say, when user supply the password, you do some stupid

foreach(char c in stringValue)    total += (int)c;

And use "total" as the new password and run it through encryption. So, even if they managed to hack the entire thing. All they get is garbage password, LOLz.

Obviously my example is bad because "PASS" and "ASSP" can both login, and the encoding is too lossy. But, basically if you can do this with balanced encoding quality, you are able to protect the user password as the encoding is lossy.

It is not the same as typical file encryption because you don't care about getting perfect binary back. You want to make sure after you decrypt the password 100%, it is still useless.

Additionally, the only reason that would be any more secure than just hashing the passwords is if the hackers don't know that you're doing it. This is security by obscurity, which is also a terrible idea.

Just salt the damn hashes, problem solved.

Either way, I wouldn't want to roll my own crypto system. If security was important enough to warrant something compute intensive, like PBKDF2, then they should have the backend system strong enough to handle the authentication load.

-Josh

5 hours ago, magicalclick wrote

*snip*

I wonder if anyone use "lossy" encryption. This may sound dumb, but, if you simply crap out the original password, like say, when user supply the password, you do some stupid

1	foreach(char c in stringValue)    total += (int)c;

And use "total" as the new password and run it through encryption. So, even if they managed to hack the entire thing. All they get is garbage password, LOLz.

Obviously my example is bad because "PASS" and "ASSP" can both login, and the encoding is too lossy. But, basically if you can do this with balanced encoding quality, you are able to protect the user password as the encoding is lossy.

It is not the same as typical file encryption because you don't care about getting perfect binary back. You want to make sure after you decrypt the password 100%, it is still useless.

That's not dumb at all... what you call "lossy" encryption is just a form of hashing, including the problem with collisions.

It's always nice to see a mind click. Impressed.

The ONLY reason salts exist is to break/combat rainbow tables.    

Let's go back to basics: 
 - We take a plain text password.
 - This works fine for authentication but if our database is stolen then the thief can use all of those passwords without delay. 
 - Logic dictates that what we store MUST be 1:1 equivalent with the original password so the thief will eventually be able to get a list of plain text passwords. 
 - Perhaps we can delay the thief from using the passwords in order to give our users more time to change them?  
 - Suddenly appears: One way hashing algorithms. These require computation to generate and therefore are either expensive or time consuming to compute. 
 - So we turn our passwords into a one way hash.
 - Problem: Most of our passwords are 5-8 characters long and made up of a small number of characters (A-Z,a-z,0-9). 
 - So now people start generating lists of generated one-way hashes. These lists or "rainbow tables" turn a previously expensive and slow operating into an instantaneous lookup.    
 - How do we combat these lookup tables?
 - 1: Make our passwords longer
 - 2: Add unique information for our domain (site salting)
 - 3: Add unique information per each password (user salting)
 - 4: Do 1, 2, and 3.  
 - So let's say our users look like this:
 USERNAME: BobSmith
 PASSWORD: Yellow Submarine
 UID: 10302
 - We can store their password like this:
 Hash(USERNAME + UID + PASSWORD)   
 - This accomplishes all three of our anti-lookup requirements above (length, site salt, and user salt). Which means calculating our hashes continues to be computationally expensive.
 - But keep in mind even with the salt passwords will still eventually get turned back into plain text.  

This is like criticizing somebody for using "1111" as the combination for a safe inside of a house while ignoring that the homeowner leaves the front door to the house wide open.

Apparently my password wasn't leaked, but it would have been nice for LinkedIn to have sent out a message to its users.

4 hours ago, cbae wrote

The more interesting topic for me is how the hackers got into the database to begin with. IMO, that's a bigger security flaw than how the user passwords were stored.

This is like criticizing somebody for using "1111" as the combination for a safe inside of a house while ignoring that the homeowner leaves the front door to the house wide open.

Even more interesting is why I continue to use LinkedIn.  It's nothing more than a way for clueless and lazy recruiters to harrass developers.

Their "sorry for the inconvenience" doesn't really help when it means I have to replace my password across a multitude of websites (most of which I can't even remember). I'm just thankful I use unique passwords and two factor authentication for important sites like my email, WLID, online banking and facebook.

11 minutes ago, GoddersUK wrote

Looks like last.fm have been hit too - http://nakedsecurity.sophos.com/2012/06/07/last-fm-password/.

Their "sorry for the inconvenience" doesn't really help when it means I have to replace my password across a multitude of websites (most of which I can't even remember). I'm just thankful I use unique passwords and two factor authentication for important sites like my email, WLID, online banking and facebook.

 

Only unique passwords for important sites? For shame sir.

Mind you, I use lastpass to generate unique passwords for each site - my memory is not that good.

6 minutes ago, blowdart wrote

*snip*

Only unique passwords for important sites? For shame sir.

Mind you, I use lastpass to generate unique passwords for each site - my memory is not that good.

I'm always reticent to trust a 3rd party with my passwords, particularly when they want to sync them with the cloud (although I can see how that is a requirement for convenience sake...). Currently I only use the password managers in Firefox and Opera, encrypting the password store in both with a master password.

That said this inconvenience may be incentive enough for me to switch to something like lastpass.

32 minutes ago, GoddersUK wrote

That said this inconvenience may be incentive enough for me to switch to something like lastpass.

So if you believe they do what they say they do they're encrypting the passwords with your master password (pretty standard), so they can't see the actual data.

40 minutes ago, blowdart wrote

*snip*

So if you believe they do what they say they do they're encrypting the passwords with your master password (pretty standard), so they can't see the actual data.

Well, lets at least hope that lastpass is salting that....

3 minutes ago, AndyC wrote

*snip*

Well, lets at least hope that lastpass is salting that....

https://lastpass.com/whylastpass_technology.php

LastPass strongly believes in using local encryption, and locally created one way salted hashes to provide you with the best of both worlds for your sensitive information: Complete security, while still providing online accessibility and syncing capabilities. We've accomplished this by using 256-bit AES implemented in C++ and JavaScript (for the website) and exclusively encrypting and decrypting on your local PC.

However this incident is bad enough that I have to think about whether continue trusting them to hold my personal information.

As it's partially a recruitment website

Here's a little trick with head hunters. Their contracts don't mean squat. You can easily directly contact whoever you interviewed with and negotiate the headhunter fee back to your pocket. ( and make sure the sleezy head hunter gets nothing which is exactly how much they deserve )

Headhunters charge between 10-20%.

Just don't tell the "recruiter" and that's pretty much it. The head hunter may get mad, or they may threaten, but at the end of the day they're just a bunch of idiots with no clue, so they'll STFU and dissipate.

I don't like how recruiters are allowed to stalk people on Linkedin, in particular though. That's probably the worst part of Linkedin, and Linkedin loves those people because they are the main customers for premium services.

5 minutes ago, ZippyV wrote

@blowdart: What about using bcrypt instead of SHA for hashing passwords? Isn't SHA too fast to prevent brute-forcing all the passwords (even with salt)?

Yea, there's been some interesting discussion around that recently. Even then it's only a matter of time before someone comes up with an optimised way to precompute bcrypt hashes - computation time is getting cheaper and cheaper.

The only sensible advice I have around this is to store the algorithm used beside the salt and the hash so you can change it later when you have to and still support older hashes.

The salt can be computed from the hash of one single username which you know the password to.

A portion of decrypted passes were posted after the LinkedIn attack which means they've already brute forced the passwords at this point.

The real risk is not the compromised Linkedin accounts, but the fact that people trust linkedin enough to use the same passwords as their bank, gmail, paypal, ect...

11 hours ago, ZippyV wrote

@blowdart: I'm eagerly waiting for the 2nd edition of your book.

Oh dear lord, the first was bad enough

http://www.amazon.com/Barry-Dorrans/e/B004L59WF4/

I won't be reading it unfortunately.

I don't see what it has to do with LinkedIn either. LinkedIn doesn't use .NET and therefore, in my opinion, really has nothing to do with ASP.

http://www.slideshare.net/linkedin/linkedins-communication-architecture

If you look at the response header, you can see it uses Apache Coyote.

Is this the new Microsoft?

Windows 8 Rave, then when they're all high on extasy you tell them that Windows Server Clusters by failover and not actual load balancing of any kind?

14 hours ago, 01001001 wrote

It doesn't matter what algorithm you use (short of a public/private key). As long as you have the salt, you can run a dictionary against the sums, MD5, SHA1, ect...

The salt can be computed from the hash of one single username which you know the password to.

There is actually a form of authentication not requiring a RSA style public/private scheme you can implement which is unbreakable. But it's not cheap and it won't fall into the hands of GNU.

3 hours ago, 01001001 wrote

The funny thing is that the real Beer developed a password encryption and security system for a major software vendor, and he doesn't have to write books explaining mundane ten year old tech to prove it. He takes his gratitude in cold hard cash.

How do you know? Did you ever met him?

There is actually a form of authentication not requiring a RSA style public/private scheme you can implement which is unbreakable. But it's not cheap and it won't fall into the hands of GNU.

We're listening. Douse us with your arcane knowledge.

1 day ago, PaoloM wrote

We're listening. Douse us with your arcane knowledge.

If I put up a Visio or UML diagram detailing the technology and how it works, even if it is in fact unbreakable not through obfuscation.... How much would that technology be worth in dollar value after the posting?

zero maybe?

Even posting it to the USPTO would be a mistake, because somebody would just make a variant.

Remember all those CD/DVD game protection schemes from Eastern Europe way back when that made people in Poland and other block countries overnight millionaires?

How much would anything be worth if you explained it to people, even if the technology is 100% sound?

How much would Goldman Sach's automated trading system be worth if a detailed technical overview was posted?

Part of it's value is the fact that it's protected and a trade secret.

Tell me if you ever find someone who believes you. I've got a bridge to sell them.

http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

There's a large difference between public/private key cryptography and internet passwords being stored as computed hashes for authentication comparison.

People would like to think MD5 is one way encryption to compare passwords, but now that you can spin up a super computer on AWS in 5 minutes within registering, it's not a fantastic thing to be able to break even a well thought out password.

http://www.scribd.com/doc/82701103/Analyst-Desktop-Binder-REDACTED

Is your cryptography good enough to beat that? They're decrypting SSH transport in real time on a national basis. (again, they can do that because it's published and used as a standard)

The little company I worked for had maybe a few tens of millions in budget, but the government has trillions. Think about what you can do if you put trillions of dollars on any given task.

and yes, my mechanism, though I can't really say it's mine because I developed it for another company, is the shiznit...

14 minutes ago, 01001001 wrote

...

and yes, my mechanism, though I can't really say it's mine because I developed it for another company, is the shiznit...

*your* mechanism? I thought Beer was the inventor. Or are you talking about something else?

Wait a second, what mechanism? When did you talk about it? This sounds like a plot hole...

12 hours ago, 01001001 wrote

something else entirely

"Hey, everybody, look at me!!!!"

14 hours ago, 01001001 wrote

Is your cryptography good enough to beat that? They're decrypting SSH transport in real time on a national basis. (again, they can do that because it's published and used as a standard)

If I'm reading this right, then this amazing password security thingy of yours is just using security through obscurity (you seem to believe it's somehow more secure because no one knows how the passwords are encrypted).

Could you tell me what company this was developed for, so I know never to give them any of my passwords?

17 hours ago, 01001001 wrote

*snip*

If I put up a Visio or UML diagram detailing the technology and how it works, even if it is in fact unbreakable not through obfuscation.... How much would that technology be worth in dollar value after the posting?

zero maybe?

Even posting it to the USPTO would be a mistake, because somebody would just make a variant.

Remember all those CD/DVD game protection schemes from Eastern Europe way back when that made people in Poland and other block countries overnight millionaires?

How much would anything be worth if you explained it to people, even if the technology is 100% sound?

How much would Goldman Sach's automated trading system be worth if a detailed technical overview was posted?

Part of it's value is the fact that it's protected and a trade secret.

 

Well show us the cash you've been making by selling this then.

2 hours ago, Sven Groot wrote

*snip*

If I'm reading this right, then this amazing password security thingy of yours is just using security through obscurity (you seem to believe it's somehow more secure because no one knows how the passwords are encrypted).

Could you tell me what company this was developed for, so I know never to give them any of my passwords?

Just what I was thinking.  Yeah, he's full of it.  At the very least, you'd have a patent application if it was worth anything.  The only unbreakable schemes out there, in theory, are based on quantum cryptography.

18 hours ago, 01001001 wrote

*snip*

If I put up a Visio or UML diagram detailing the technology and how it works, even if it is in fact unbreakable not through obfuscation.... 

I think that is possibly the most outlandish claim I've ever read on the internet, and that's after reading a post from someone who claims he was punched in the neck by Jesus.

Unbreakable? 

Are you quite sure you wouldn't like to retract that?

11 minutes ago, Ray7 wrote

*snip*

I think that is possibly the most outlandish claim I've ever read on the internet, and that's after reading a post from someone who claims he was punched in the neck by Jesus.

Unbreakable? 

Are you quite sure you wouldn't like to retract that?

It's a budhist koan:

7 hours ago, GoddersUK wrote

*snip*

Well show us the cash you've been making by selling this then.

Even that wouldn't really prove this technology is as great as he says it is, just that he's managed to dupe someone into thinking it is (of course, since he's making the whole thing up there's actually no technology or cash, I realize that).

He wants to prove that this stuff is so great (and real), he'd better show us some published, peer-reviewed scientific papers in leading cryptographic conferences or journals.