Many of us rely on the use of salt in the belief it will make our passwords “secure” when hashed with a variant of the SHA algorithm. Unfortunately, processing power has progress to the point where even salted hashes are now near useless, particularly when using a GPU in an attempt to crack them.
This video shows how salted SHA1 hashes generated by the ASP.NET membership provider can easily be broken using hashcat and an AMD Radeon 7970 GPU. This video is part of a larger blog post by Troy Hunt which includes info on alternatives here: http://www.troyhunt.com/2012/06/our-password-hashing-has-no-clothes.html
Below is a short excerpt from this outstanding post.
Dictionary based password cracking
When we talk about “cracking” hashes, we’re really just talking about regenerating them en masse and there are several ways we can do this. The simple yet laborious way is to just work through a character set and range, for example lowercase letters only between 6 and 9 characters. This would actually cover 82% of the Sony passwords but would result in 104,459,430,739,968 possibilities (that’d be 104 trillion) so even at GPU speeds you’re looking at hours per password as each one needs to be attacked uniquely due to the salt. It would mean doing this:
SHA1(salt + “aaaaaa”) SHA1(salt + “aaaaab”) SHA1(salt + “aaaaac”) …
All the way up to 9 chars and all the way through the lowercase alphabet. But this isn’t how people create passwords – it’s way too random. Of course random is how people should create passwords – but they don’t. The reality is that most people conform to far more predictable password patterns; in fact they’re so predictable that we have password “dictionaries”.
The cracking process is very simple; you have two inputs which are the list of salts with hashes and then there’s the password dictionary. These are passed into the hashcat command with a parameter to indicate the type of hashes we’re dealing with which is the EPiServer format (“-m 141”). Here’s how the command looks:
oclHashcat-plus64.exe -m 141 MembershipAccounts.hash hashkiller.com.dic
I want to try and give a sense of how fast this process executes so I compiled the beginning and end into a short narrated video (see above). Impressive? Quite, but also a bit scary. Let’s take a closer look at the summary after everything has run:
What we once considered “secure” – that is salted SHA hashes – has just been obliterated. In fact in the time it takes to watch a couple of episodes of the Family Guy, we cracked 24,710 hashes or 63% of the total sample size. The remaining 37% just simply weren’t in the password dictionary but a larger dictionary and perhaps sitting through the Lord of The Rings trilogy and the rate of success would be a lot higher. The point is that this is a trivial amount of time to spend in breaking a significant proportion of the hashes.
So that’s the bad news – your salted SHA hashes are near useless against the bulk of passwords users typically create.
Read more how to fix this!