Cybersecurity isn’t always a battle to keep hackers out at all costs. Sometimes it’s actually about making the costs just not worth the effort. This is particularly true when it comes to how passwords are stored on your server. Let’s take a look at how to make it more unreasonably costly to the hacker who just compromised the server that holds user passwords.
Storing Passwords In Plaintext
Storing passwords in plaintext is a major cybersecurity faux pas. For the hacker, it’s like winning the lottery. They get the keys to your system. And because most people reuse passwords, even a low value system may end up jeopardizing your highest value data.
The obvious risk of storing passwords in plaintext doesn’t mean some of the largest and most data-rich companies in the world don’t do it. Social media giant, Facebook, revealed that it had stored “hundreds of millions” of Facebook users’ passwords in plaintext. These plaintext passwords were accessible to thousands of Facebook employees, but Facebook maintains they have found no evidence that this access has been abused. Google has also disclosed a similar case of using plaintext passwords.
Despite repeated warnings and obvious danger,s passwords are still being stored in plaintext.
Using Basic Password Hashing
Password hashing add a layer of security. Hashing allows passwords to be stored in a format that can’t be reversed at any reasonable amount of time or cost for a hacker.
Hashing algorithms turn the plaintext password into an output of characters of a fixed length. The hash output will look nothing like the original password and the length of the hash will be the same regardless of the length of the plaintext password.
For example, using a simple MD5 hash generator with the password “Dragon” produces this output:
This hash value can be stored on the server instead of the plaintext password. The plaintext is then only used in memory during the login process. When a user enters their password at login, the server immediately converts the plaintext using the same algorithm so it can compare the hash value to what is stored on the server.
The goal of hashing is to make the computational costs of reverse engineering hashes too costly in terms of time or dollars for the computing power to be worthwhile.
Why Hashes Should Be Costly For Hackers
Hashes are generally difficult to reverse engineer because there is nothing in the hash value that gives a clue about the original plaintext value. Hash algorithms are designed in a way that even a small change to the input will produce a vastly different output.
As we discussed, the MD5 hash of the password “Dragon” produces this output:
If we change one letter in that password, making it “Dragons”, we get the following output:
As you can see, these are entirely different hashes with no way to turn hash back into plaintext. However, with enough time and computer power, a hacker could run every possible combination of characters into the hash algorithm to find the one password that produces the hashed value.
Unfortunately, computational power has become dramatically cheaper. A typical cracking rig with 8 NVIDIA 1080ti graphics card can run through 720 trillion MD5 hashes per hour.
This decrease in the cost of computing power now makes MD5 hashes completely inappropriate for secure password storage. We need to consider other hashing algorithms.
A Closer Looking At Hashing Algorithms
There are many different hashing options, and not all hashing algorithms are equal when it comes to the cost they impose on hackers.
Let us take a look at just a few of the hashing algorithms.
- As discussed, MD5’s downfall when it comes to passwords was that it was too fast and also too popular. The speed made brute force attacks easier since large numbers of inputs can be quickly tested. The popularity of the function makes it attractive to hackers. At this point, anyone can find the password for an MD5 hash – just Google it.
- MD5Crypt added extra functionality to MD5 in order to make it more resistant to brute force attacks. However, in 2012 the author of MD5Crypt, Poul-Hennin Kamp, declared it as insecure due to the speed of modern hardware. He said “[The] only problem with md5crypt is speed: it’s too fast.”
- SHA-1 suffers from many of the same problems MD5 does. It’s very fast, it’s also experienced collision attacks, and it’s now considered unsafe. Faster computations now mean faster brute force attacks making SHA-1 inherently insecure at storing passwords.
- Unlike SHA-1 and MD5, Bcrypt is designed to be slow, which is a good thing when it comes to password security because it limits the attacker’s ability to successfully perform brute force attacks. This slowed down hashing function makes cracking the hashes more infeasible because it is time-consuming and uses a lot of computing power.
- Argon2 maximizes resistance to GPU cracking attacks. It uses an “adaptive” one-way function which means it can be configured, using a “work factor”, to control how “hard” it is to complete.
Common Passwords Jeopardized Even Hard Hashes
Because people reuse the same passwords so often, hackers don’t have to guess every possible combination of characters. They only need a list of common, compromised passwords.
As a result of the many data breaches large and small, Cybercriminals now have access to billions of password choices humans have actually made. Looking at this data has shown the same password being reused again and again.
This knowledge allows hackers to easily generate the hashes for the most common passwords for even the most resource consuming hashes. This allows the hacker to “look-up” any hash to find the corresponding password.
Many organizations are modifying password policies to restrict common and compromised passwords. This solution involves the IT department taking up to date lists of compromised passwords to help users avoid selecting common passwords.
By eliminating the use of common, compromised passwords hackers have to revert to brute force guessing.
The Benefit of Adding Salt to Your Hash
There is another common approach to make reversing hashes harder. It involves adding random characters called salt to the user’s password. The salt value would be different for each user. When multiple users select the same plaintext password, each will end up having a completely different hash value stored on the server.
This frustrates the hacker and adds substantial costs to their hacking. The hacker would need to go through the same expenses of hash guessing exercise for each possible password with each user’s salt value.
However, a motivated hacker will be able to easily crack even hard hashes with salt when the user has chosen a very common password.
The goal of hashing is to strike the right balance for “hardness”. This means it’s not so slow to calculate that it affects user experience when they enter the password. But it also means that it’s really costly in terms of time and computing resources for attackers to figure out passwords if the database gets breached and the password hashes are released. This goal can be best achieved by selecting a modern hash algorithm and preventing users from selecting common, compromised passwords.