2
votes

Today I discovered something incredibly stupid - my friend hashes user passwords with sha512 algorithm without a salt. I immediately raised this issue to him but he said he wants to see anyone crack a single password in his database. I told him that without a hash his database is vulnerable to rainbow attack but he said no one had this large rainbow table for sha512 as each has is 64 hex characters long.

How do I convince him that he still needs to add salt? Does anyone know what the hash cracking rate of sha512 is? I could argue then that it would take this much or that much time to crack all 8 char passwords, etc.

3
Try a dictionary attack against his database.Henry

3 Answers

6
votes

Ask you friend if he's got any of the following hashes in his database:

b109f3bbbc244eb82441917ed06d618b9008dd09b3befd1b5e07394c706a8bb980b1d7785e5976ec049b46df5f1326af5a2ea6d103fd07c95385ffab0cacbc86
bc547750b92797f955b36112cc9bdd5cddf7d0862151d03a167ada8995aa24a9ad24610b36a68bc02da24141ee51670aea13ed6469099a4453f335cb239db5da
adfb6dd1ab1238afc37acd8ca24c1279f8d46f61907dd842faab35b0cc41c6e8ad84cbdbef4964b8334c22c4985c2387d53bc47e6c3d0940ac962f521a127d9f
3c9909afec25354d551dae21590bb26e38d53f2173b8d3dc3eee4c047e7ab1c1eb8b85103e3be7ba613b31bb5c9c36214dc9f14a42fd7a2fdb84856bca5c44c2
d404559f602eab6fd602ac7680dacbfaadd13630335e951f097af3900e9de176b6db28512f2e000b9d04fba5133e8b1c6e8df59db3a8ab9d60be4b97cc9e81db
3627909a29c31381a071ec27f7c9ca97726182aed29a7ddd2e54353322cfb30abb9e3a6df2ac2c20fe23436311d678564d0c8d305930575f60e2d3d048184d79
ba3253876aed6bc22d4a6ff53d8406c6ad864195ed144ab5c87621b6c233b548baeae6956df346ec8c17f5ea10f35ee3cbc514797ed7ddd3145464e2a0bab413
ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f
c70b5dd9ebfb6f51d09d4132b7170c9d20750a7852f00680f65658f0310e810056e6763c34c9a00b0e940076f54495c169fc2302cceb312039271c43469507dc
0dd3e512642c97ca3f747f9a76e374fbda73f9292823c0313be9d78add7cdd8f72235af0c553dd26797e78e1854edee0ae002f8aba074b066dfce1af114e32f8
401b09eab3c013d4ca54922bb802bec8fd5318192b0a75f201d8b3727429080fb337591abd3e44453b954555b7a0812e1081c39b740293f765eae731f5a65ed1
9719a6439375c9115e01dceda86e210e5f2d78a6cf3f4872997746832c4c0f58c5ae0923fabe5acfb923dfc94a117a7d444e453622912dfa193fc6636581f159

In case you're wondering, those are the SHA-512 hashes for password, password1, letmein, 123, 1234, 12345, 123456, abc, abc123, qwerty, asdf and swordfish respectively. You can easily find more likely candidates, if you want.

Then have your friend read about precomputed dictionary attacks and rainbow tables.

3
votes

Show him, how many values can be calculated with common hardware. Nowadays it is about 180 Mega SHA-512 per second.

So you can build a rainbowtable...

  • containing all words from an English dictionary (≈150'000)
  • all names from a telephone book (≈5'000'000)
  • and all combinations of characters up to 6 places (20'158'268'676)

...in about 2 minutes!

Then i would tell him that the length of the resulting hash-value has absolutely nothing to do with the time needed to crack a password.

Even a salted SHA-512 is not enough to make the passwords safe, because this algorithm is ways too fast. That's why one should use a slow algorithm like BCrypt of PBKDF2 with a cost factor.

At last i would just google for some of his hashes, because unsalted rainbowtables already exists in the internet. So the chance is good, that you find one of the weaker passwords.

I collected all this information in a tutorial about safely storing passwords. It shouldn't take more than 10 minutes to go through.

0
votes

Besides rainbowtables, one can also bruteforce a simple hash, see http://hashcat.net/oclhashcat/ . Just ask him how long he estimates his users' passwords will resist if you can attack with 2 billion guesses per second.

Modern algorithms, like scrypt, bcrypt, pbkdf2, sha512_crypt (the latter uses sha512, but many rounds) are way slower and thus a brute-force attack would take much much longer.

So what you want is not just to convince him to add a salt to his sha512 hash, but to use a modern "slow" algorithm made for password hashing.