Password Checker
Scott
Douglas A. Gwyn
Yeah, right, let's type our password into somebody's
Web site.
rjh
Naturally. Otherwise, we're just relying on "security by obscurity". But
before anyone uses that site, it might be better for them to get peer
review on the security of their passwords by posting them on this
newsgroup, where the experts can analyse them for weaknesses.
Why isn't this in the FAQs?
--
Richard Heathfield : bin...@eton.powernet.co.uk
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
K&R answers, C books, etc: http://users.powernet.co.uk/eton
Rob Warnock
+---------------
What's interesting is what happens when you *do* type something in.
I ran a program I use to generate random URLs[1] and handed it the
string "s3nXUwafyxqquXuX", and got back this response:
We did not find your word "s3nxuwafyxqquxux" but since
you seem to be dumb enough to hand it out to just anyone,
take it from us -- it's not safe!
Amusing, at least. [But note that they down-cased all the capitals
in my "password"!! *That's* certainly not "safe", either...]
-Rob
[1] When putting things up on my web site temporarily for selected
people to download that I don't necessarily want the whole world
to see (e.g., pictures from a party, drafts of a document, etc.),
I used to make up per-occasion user IDs & random passwords, and then
configure a ".htaccess" file and Apache password file, and distribute
the login/password to the above-mentioned selected people. But that's
a big pain, so recently I've started doing something which actually
seems equally "secure" but is *much* more convenient: Simply generate
a random filename (or subdirectory, for collections) with enough bits
of entropy to be a good symmetric key, and give people the resulting URL,
e.g., something like <URL:http://my.dom.ain/tmp/dWJqf=LtOnRQFV0I.html>
or <URL:http://my.dom.ain/tmp/dWJqf=LtOnRQFV0I/> for a directory full
of stuff. Using a 64-character alphabet, such a 16-char junk string
can code 96 bits of randomness (pulled from /dev/random, say).
Anybody see anything in this scheme that's weaker than using an actual
login/password pair? Initially, I dissed it myself as being "security
by obscurity" (that is, no security at all), but then realized that in
a sense it's a symmetric-key scheme (albeit trivial) with a fairly large
key. In either case the "password" is being sent in the clear (given
that the former case was using HTTP "Authentication: Basic", not SSL,
and given that the login/password pair was being *emailed* in the clear,
anyway!), so I don't see any obvious reason why the latter and more-
convenient scheme is any worse for such temporary access purposes.
Comments?
-----
Rob Warnock, PP-ASEL-IA <rp...@rpw3.org>
627 26th Avenue <URL:http://rpw3.org/>
San Mateo, CA 94403 (650)572-2607
Scott
> before anyone uses that site, it might be better for them to get peer
> review on the security of their passwords by posting them on this
> newsgroup, where the experts can analyse them for weaknesses.
>
> Why isn't this in the FAQs?
We're using md5 on all of our internal passwords. Admins can't do much
on the site anyway. The password checker is meant to be a joke, and
you both seem to have gotten it... but what about all the people you
dislike? Will they get the joke? :)
Seriously tho... you would be surprised how many people show up and
type in something resembling a real password, and then right after,
they type in something like "YOU GOOF I WAS KIDDING" or something more
robust/profane. :P
I spit coffee thru my nose this morning, one of them was that funny!!
My thoughts are that they arrive to the site and see if their favorite
password is in it... only to find out that it's a joke site and
they've been duped.
I think it's good to have because our passwords are only as secure as
we are -- and it's a good point to drive home, isn't it?
Regards,
Scott
lurker
It's not just passwords that can leak information. I recently found a
server someone named "Juliet". I am sure a couple of slide attacks
would reveal additional passphrases and information.
Scott
> I ran a program I use to generate random URLs[1] and handed it the
> string "s3nXUwafyxqquXuX", and got back this response:
>
> We did not find your word "s3nxuwafyxqquxux" but since
> you seem to be dumb enough to hand it out to just anyone,
> take it from us -- it's not safe!
>
> Amusing, at least. [But note that they down-cased all the capitals
> in my "password"!! *That's* certainly not "safe", either...]
>
>
> -Rob
Rob,
Glad you tried our little joke site out! :)
I believe that PHP's md5 function forces everything to lowercase, or
so it seems.
I'm not sure why it does this, so as a result, we followed suit. It
wouldn't matter for hashes either way, because in PHP:
md5('s3nXUwafyxqquXuX') == md5('s3nxuwafyxqquxux')
I wonder if PHP's sha1 forces to lower too...
Rob Warnock
+---------------
| > Amusing, at least. [But note that they down-cased all the capitals
| > in my "password"!! *That's* certainly not "safe", either...]
|
|
| md5('s3nXUwafyxqquXuX') == md5('s3nxuwafyxqquxux')
Then PHP is broken, or using MD5 is a weird way. Compare with the
standard command-line MD5 program on Linux/FreeBSD/etc.:
% md5 -s s3nXUwafyxqquXuX
MD5 ("s3nXUwafyxqquXuX") = accc25f35db17d554cd49b2e55f1eeaf
% md5 -s s3nxuwafyxqquxux
MD5 ("s3nxuwafyxqquxux") = f07884fc1e7568445a2604854c64da90
%
Quite a bit of difference, I'd say!
-Rob
TC
"Scott" <dolo...@planetquake.com> wrote in message
news:81de5c6d.03021...@posting.google.com...
I WISH TO ANNOUNCE TO THE CRYPTO COMMUNITY THAT I HAVE FOUND A CLASH FOR
MD5!!
md5('s3nXUwafyxqquXuX') == md5('s3nxuwafyxqquxux') !!!!!
EMPLOYMENT OFFERS TO MY EMAIL, PLEASE!
TC
Scott
> standard command-line MD5 program on Linux/FreeBSD/etc.:
>
> % md5 -s s3nXUwafyxqquXuX
> MD5 ("s3nXUwafyxqquXuX") = accc25f35db17d554cd49b2e55f1eeaf
> % md5 -s s3nxuwafyxqquxux
> MD5 ("s3nxuwafyxqquxux") = f07884fc1e7568445a2604854c64da90
> %
>
> Quite a bit of difference, I'd say!
I agree with you, but the PHP likely have a reason for doing this
lowercase thing.
I checked my hashes using the common vb md5 and I was surprised to
learn that any word entered into PHP's md5() was forced to lower by
PHP. I might add that even if the PHP team was to try and patch this,
they couldn't because all the hashes out there would be broken if
users thought their passes were multicase.
They would break many forums doing this, at least. So I think we're
stuck with it. I wonder why there's no documentation on it at php.net?
I think I'll ask them. :)
Mok-Kong Shen
Rob Warnock wrote:
>
> What's interesting is what happens when you *do* type something in.
> I ran a program I use to generate random URLs[1] and handed it the
> string "s3nXUwafyxqquXuX", and got back this response:
>
> We did not find your word "s3nxuwafyxqquxux" but since
> you seem to be dumb enough to hand it out to just anyone,
> take it from us -- it's not safe!
One gets the same response with the string 'safepassword'.
M. K. Shen
Rich
> > How common is your password?
> > http://www.x47.org/passwordcheck.php
Let clueless users tell you their passwords, voluntarily.