back to article German 'hacker' uses rented computing to crack hashing algorithm

A German security enthusiast has used rented computing resources to crack a password scrambled by SHA-1, a supposedly secure hashing algorithm. Thomas Roth used a GPU-based rentable computer resource to run a brute force attack to crack SHA1 hashes. Encryption experts warned for at least five years SHA-1 could no longer be …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Title and intro are misleading.

    As far as I can tell, he didn't "crack" the algorithm. He just calculated all the hash values for passwords up to 6 characters. You could do that with any hashing algorithm so it doesn't demonstrate a weakness of SHA-1. It merely demonstrates that short passwords are insecure and hashes should be salted, which we knew anyway.

    Still, it's a good demo of Amazon EC2.

    1. The Other Steve
      FAIL

      Crypto fail

      "You could do that with any hashing algorithm so it doesn't demonstrate a weakness of SHA-1."

      Er, it does, it demonstrates that an exhaustive attack on SHA-1 is easily achievable with commodity computational power (49 minutes, $2, FFS).

      That's a pretty large weakness.

      1. Anonymous Coward
        Anonymous Coward

        exhaustive attack

        Eh no - covering only 1-6 character passwords is not an exhaustive attack. I'm not going to do the math but I would imagine just choosing a few extra characters for your password will increase the time exponentially. So we're back in the realm of SHA-1 working just fine as long as you pick long passwords and salt them - just as the original poster said.

        1. The Other Steve
          FAIL

          Pointless arguing with ignorant anons

          So I will merely refer you to the following article, the title of which is "SHA 1 Broken"

          http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

          Keep on failtruckin.

          1. Boring Bob

            Pointless

            SHA1 is "broken" just means that that there is an easier attack than that printed on the tin. I.e. in the case of SHA1 there is an attack that uses less resources than a brute-force attack. It does not necessarily mean that the attack is practical.

            The attack in the article on "The Register" is a brute-force attack on short passwords, as the article states the only thing clever about it is how it uses the technology. The attack is not related to SHA1, it just so happened to use it, it could use any algorithm. The attack is not against SHA1 but small length passwords.

            Saying this attack breaks SHA1 is a bit like saying RSA is broken because someone did a brute-force attack an 46-bit RSA key.

        2. jonathanb Silver badge

          Re: exhaustive attack

          For one extra character in your password:

          Multiply by 26 times if you use only lower case letters

          52 times if you use lower and upper case letters

          62 times if you use lower and upper case letters and numbers

          98 times if you use every character available on my uk keyboard

        3. Liam Johnson
          FAIL

          increase the time exponentially

          Ah, so it's safe since it costs $20 or $200 or even $2000 of cash from stolen credit cards to crack???

          Those exponential numbers are a real bitch.

        4. Liam Johnson
          Terminator

          Geometric rate

          OK, that series was only growing at a geometric rate, but that is bad enough.

        5. Liam Johnson
          Pint

          Oh no it wasn't

          OK sorry, correcting my own posts and getting it wrong. How come there isn't a malt whisky icon?

      2. Bamsemums
        Linux

        not really, no..

        Actually, it proves that you can do an exhaustive search of all possible 6-char permutations in 49minutes using a set of fermi chips. As far as I can see, this is a bruteforce attack on the *passwords*, not directly on SHA1

      3. Werner McGoole
        WTF?

        No it doesn't

        The only defence against this so-called attack is to use a hashing algorithm that runs much much much slower. A factor of 10**100 should to the trick.

        But personally, I don't see the fact that a hashing algorithm runs fast as a weakness.

        Just use a longer password.

      4. Mr Spuratic

        Neat hack, misleading headline

        SHA-1 wasn't designed to be slow, it was designed to be "cryptographically secure". This is why proper password implementations which use any type of hashing have multiple rounds and salt ("PBKDF" and "password strengthening" are terms associated with these).

        Read http://www.akkadia.org/drepper/SHA-crypt.txt for a real password implementation (which uses SHA-2 rather than SHA-1, but the principle is the same).

        5000 rounds + 16 characters of salt makes brute-force a *lot* harder. Approx 2^108 times harder, if you don't have the salt, and only ~2^12 if you do (making a 2 hour exercise into a ~12 month exercise). I've read the results, the input file had one hash round.

        I see a neat hack (nicely documented too) showing what you can do with EC2, and a misleading headline... "crack sha-1 hashes" != "crack sha-1 hashing"

        Wake me up when someone uses EC2 to find useful SHA-1 collisions :)

  2. The Other Steve
    Unhappy

    The CLOUD! It is EVIL!!! Oh noes!

    This is awful, I had previously assumed that CLOUD could only be used for good. Cloud is good! Cloud can not be evil! Cloud will solve all problem of humanity ! BAD CLOUD!

    1. Elmer Phud
      Thumb Up

      Brown lining

      Yes, cloud is fluffy - we know what clouds are like.

      They cut bits off to make marshmallows.

      We're not supposed to remember that clouds can get dark and fat and totally fuck you over.

  3. Havin_it

    Get used to it

    Crypto is a numbers game that's always going to favour the attacker. The defender relies on the attack being more costly (by orders of magnitude) than the building of the wall was. Crypto defenses on a weedy device like a phone will never (well, not for long) win that one against an attacker who can leverage all the compute-power they could possibly want, no matter how clever/tortuous the algorithm used.

    Any resource that's worth protecting with a password should not give the attacker several billion attempts to get the answer right. Get the wrong login to my box 3 times on the bounce, bet your ass you're not getting any more tries.*

    *Admittedly distributed attacks do make this a bit of a game of whack-a-mole, but unlike legit clouds, botnets do get tired eventually - longest I've suffered was almost a week. And I'm hoping you can't conduct a distributed attack from a cloud...

    1. Steve Roper

      Exactly

      Our websites all have a 3-strikes login for both admins and members - get a password wrong 3 times, and the account is locked for 24 hours. An email is sent to the owner advising them of the failed login attempt and that their account will be reactivated tomorrow. In addition, two login attempts from more than one IP address within 60 seconds also locks the account - this is protect against exactly the sort of thing mentioned in the article, people using botnets to brute-force a password.

      It's not hard to program this functionality (about 10-20 lines of code in PHP all up), and it's just common sense to put in this kind of security. Banks have been doing this for decades - get your PIN wrong 3 times at an ATM and you lose your card. Why haven't so many web developers done the same thing?

    2. Anonymous Coward
      Anonymous Coward

      sorry to disappoint you

      I've already had networks attacked by EC2 hosts. And found that the their 'reporting requirements' favor miscreants over good.

  4. soaklord

    And...here's your title

    Hmm... how long to crack a 15 character password? 20? And why aren't they required? I am guessing that $2 investment will very quickly turn into a 6 figure investment with that many variations even sans NaCl.

  5. ZenCoder

    Don't use short passwords.

    Anyone using short passwords should be worried, but by my math if it costs $2 to brute force a 6 character password it will take roughly $8 thousand to crack a 8 character password and $33 million to crack a 10 character password.

    My passwords are 10 digits. What would scare me is a vulnerability that let people unlock my stored Firefox passwords without the master password.

    1. Sir Runcible Spoon

      Sir

      you do WHAT!!?

      Isn't trusting a browser (even the hallowed fox) a bit like, well, trusting a fox with the henhouse?

  6. Anonymous Coward
    Alert

    One man's botnet is another man's cloud

    I guess it won't be long before hackers use their botnets to act as Clouds - either for their own nefarious computations, or to hire out commercially like Amazon etc do for general computation.

    In fact, given their hardware costs are paid for by the infected machine owners, they could easily undercut the existing commercial Cloud providers.

    The trouble with the Cloud is you never really know where the machines are that you're using. Often that doesn't matter, but it could be embarrassing if it turned out your company was running on a botnet!

    1. Paul 172
      Stop

      Title

      Botnets are already rented out, regularly. That's kind of the idea :-D

  7. Anonymous Coward
    Anonymous Coward

    re: Security watchers warn that the development opens up the possibility

    So they will also be using the Botnets for bad things - wait a minute!

  8. Anonymous Coward
    FAIL

    cheap shot

    "Er, it does, it demonstrates that an exhaustive attack on SHA-1 is easily achievable with commodity computational power (49 minutes, $2, FFS).

    That's a pretty large weakness."

    rubbish. bruteforcing via incrementation password/passphrase from 1 to 6 chars/bytes, checksuming it and comparing to hash - whatever long it is - isn't proving _anything_ (besides your/"crack" performer's lack of understanding of basics of cryptography). using another method here is crazy - rainbow tables for 6 chars-long phrase? overkill.

    basically hashes aren't reinforcing short/weak passowords if hashed unmodified (by salt - for example; other option: engine seeding - like in SSHA or most of symmetric cipher modes). once again we see how el reg badly needs competent tech experts. it's good habit to ask specialist for comment before putting such crap on site.

  9. Helena Handcart

    Clouds and rainbows?

    It'll be unicorn's tears next.

  10. Anonymous Coward
    Anonymous Coward

    letter$ and d1g1t$

    so...SHA1 can be cracked for $2 in 49mins, just so long as the target system allows unlimited unsuccessful retries...?

  11. Anonymous Coward
    Dead Vulture

    Old news....

    It was reported over a year ago how easy this is (yes there is a recent update in light of this story)

    http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html

  12. Robert Carnegie Silver badge

    $2 + Moore's Law = ?

    It costs $2 now, less tomorrow.

    For that matter - step one, crack the billing system on the rented computing service; step two, take over every computer in the world; thus, take over the world. That's $2 well spent!

    Although if you do take over the world then it becomes your responsibflity to back it up...

    ...which is why sysadmins rarely run for public office.

This topic is closed for new posts.

Other stories you might like