Linked by Thom Holwerda on Mon 4th Jul 2011 21:43 UTC
Apple So, Anonymous, under the guise of its AntiSec campaign, has hacked an Apple server, got access to 27 administrator usernames and passwords, and put them on Pastebin. Is it time to panic? Is it time to point and laugh at Apple? Is it time to stop using iTunes? Not really - this is a small hack that will cause little to no damage.
Thread beginning with comment 479556
To read all comments associated with this story, please click here.
SHA1 hashed
by siimo on Tue 5th Jul 2011 02:57 UTC
siimo
Member since:
2006-06-22

SHA1 is a one way hash like MD5. So can't get passwords from it, its pretty much useless to the hacker.

All the google results are pointing to the same hacked paste dump. How do you figure that they are not salted from that?

Edited 2011-07-05 02:59 UTC

Reply Score: 0

RE: SHA1 hashed
by Alfman on Tue 5th Jul 2011 05:00 in reply to "SHA1 hashed"
Alfman Member since:
2011-01-28

siimo,

"SHA1 is a one way hash like MD5. So can't get passwords from it, its pretty much useless to the hacker.

All the google results are pointing to the same hacked paste dump. How do you figure that they are not salted from that?"



It may not be possible to reverse the SHA1 hash *directly*, but it is possible to enumerate password combinations to build a reverse index.

Attackers have databases of enumerated passwords (many gigabytes to terrabytes in size) which are organized to allow one to effectively look up the original text for any SHA1 hash which was enumerated during the generation of the database.

I found an interface to one such database here:
http://www.hashcrack.com/

aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d -> "hello"

Note that you have to hash values without a CR:
> echo -n "hello" | sha1sum

If you have an SHA1 hashed password, it is very likely you can obtain the original password.


edbd1887e772e13c251f688a5f10c1ffbb67960d -> "secretpassword"


The difference with "hash salting" is that each uniquely salted password would need it's own index of cleartext->hash values. So at the very least an attacker would have to generate a new hash database from scratch for each unique salt instead of using a pre-existing database.

However even salting alone is insecure since building the reverse index is feasible using free software. A single desktop processor can try over 10M hashes/sec. That's nearly a trillion per day. A cluster (or running on amazon S3) will crack a salted password in very little time.

The solution is to make the the hash function much slower by applying it recursively. Therefor it takes far more resources to generate the reverse index. However it cannot be too slow otherwise it will effect the legitimate use of the hash.

Edited 2011-07-05 05:01 UTC

Reply Parent Score: 6

RE[2]: SHA1 hashed
by sorpigal on Tue 5th Jul 2011 13:24 in reply to "RE: SHA1 hashed"
sorpigal Member since:
2005-11-02

Informative, but a minor quibble: echo -n suppresses a newline, not a carriage return.

Reply Parent Score: 3

RE[2]: SHA1 hashed
by Soulbender on Tue 5th Jul 2011 15:53 in reply to "RE: SHA1 hashed"
Soulbender Member since:
2005-08-18

However even salting alone is insecure since building the reverse index is feasible using free software.


Actually, no. A sufficiently long salt (say at least 48 bits) makes pre-computed attacks unfeasible.
Of course, combining salting with key-stretching (as in bcrypt) makes it even more unfeasible.

Reply Parent Score: 2

RE: SHA1 hashed
by StephenBeDoper on Tue 5th Jul 2011 19:50 in reply to "SHA1 hashed"
StephenBeDoper Member since:
2005-07-06

SHA1 is a one way hash like MD5. So can't get passwords from it, its pretty much useless to the hacker.

All the google results are pointing to the same hacked paste dump. How do you figure that they are not salted from that?


My understanding is that it works something like this:

1) You have a hashed version of a password (and you don't know the real password), E.g. 81dc9bdb52d04dc20036dbd8313ed055

2) In the past, you've also created hashes from a large number of common passwords (dictionary words, given names, etc), giving you a database listing the plain text passwords in one column and the hashed output in another column.

3) You look up "81dc9bdb52d04dc20036dbd8313ed055" in this collection and notice that it's the same hash you get when running MD5 on the password "1234".

The "googleable" part comes in at step 2, I'd imagine: instead of creating the list of un-hashed and hashed passwords yourself, you just google "81dc9bdb52d04dc20036dbd8313ed055", under the assumption that someone has already done that work and posted the details online.

Lo and behold, the first google result shows the un-hashed text right in the summary:

"Google Hash. md5(1234) = 81dc9bdb52d04dc20036dbd8313ed055"

Reply Parent Score: 2