Pages:
Author

Topic: Coinchat doesn't salt or use a strong hash algo (Read 32221 times)

legendary
Activity: 1498
Merit: 1000
Instead he attacked me then actually just disproving me.

You made it impossible for him to do so - if you (and him) could let your egos go for a second you'd realise that this helps Bitcoin not at all.

I don't really care for the silly argument but would hope you guys both remember that Bitcoin is more important than any of us. Smiley


I don't see what this has to do with bitcoin at all. This is why it is in service discussion. Also I agree bitcoin is bigger than anyone on this forum. I think some people think this forum is real life and it isn't.
legendary
Activity: 1498
Merit: 1000
Fine I have updated the thread to reflect more of what the community is thinking. I still don't agree but I guess facts are facts.
legendary
Activity: 1498
Merit: 1000
Obviously you think the way you think and I think the way I think. If my proof that he has bad security, the certainly his actions are not that of a innocent man.

If you can prove he has bad security (on any other website than the one he admitted to) then why not just do so?


*Facepalm* you are really just talking in circles now. What I am saying is that, if you know you have a bad security practice on one site, the chances you have it on others is very high. He should prove that he didn't, now if you think that I should hack his site, and prove it myself, well that isn't happening. Also his actions show that of a guilty person. This will be my answer as you just keep asking me to prove it. I did prove, it is his turn to disprove it, and he has yet to do it. Instead he attacked me then actually just disproving me.
legendary
Activity: 1498
Merit: 1000
If it is a completely different thing then your posting about insecure passwords is just as much a "completely different thing".

Where is your proof that the same code is being used on all the websites?

He has no proof. He's been asking for TF to provide him with proof it is not the case, by letting him check the CoinLender database.
And since then, they're just trying to see who's the most stubborn. This is really becoming stupid.

TF was using static salt on CoinLender, he admitted it, and also admitted this was bad practise.
He then claimed it was fixed, and a "per user" random salt was use to rehash all the passwords.
I doubt this could be a lie.

CoinChat does not use any salt, so is very vulnerable to rainbow attack.

So the conclusion of all this is:
- Don't use CoinChat
- If you do, make SURE you don't use your CoinChat password ANYWHERE else.

/thread

I have proof, I posted proof. Also how can you even put me in the same category of TF, he has extorted, threaten to hack sites I don't even own anymore, and called me untrustworthy which has no baring. I think for someone that has been called out, he is acting as a guilty party.



As I stated before 99.9% of programmers use the same template for hashing and salt handling things across all sites. I think the question you should be asking, is why he doesn't prove that this isn't true, I have already shown proof that this could be an issue. Also if it wasn't an issue why is he extorting my ratings to have it removed? Makes you wonder.

A statistic that you (once again) pulled out of your arse (or ass if you're an American).

He does not need to prove your "accusations" any more than you would need to prove his - whatever he does you will not believe him (and I am pretty sure the same would apply in reverse).

You have only proof of one website so you should change the topic to show that.


Obviously you think the way you think and I think the way I think. If my proof that he has bad security, then certainly his actions are not that of an innocent man.
legendary
Activity: 1498
Merit: 1000
That is a completely different thing. That is after DeathAndTaxes brought up the password salt issue, which he claims to fix on one site.

If it is a completely different thing then your posting about insecure passwords is just as much a "completely different thing".

Where is your proof that the same code is being used on all the websites?


As I stated before 99.9% of programmers use the same template for hashing and salt handling things across all sites. I think the question you should be asking, is why he doesn't prove that this isn't true, I have already shown proof that this could be an issue. Also if it wasn't an issue why is he extorting my ratings to have it removed? Makes you wonder.
legendary
Activity: 1498
Merit: 1000
So another site that is 2 different bad security practices spread to two different sites.

I can't really be bothered to go through all the previous posts but you did post this (above).

Clearly it is not the *same* problem from the same website so your OP does have a problem when it says as much.


That is a completely different thing. That is after DeathAndTaxes brought up the password salt issue, which he claims to fix on one site.
legendary
Activity: 1498
Merit: 1000
Also I have worked in the industry for long enough that when one problem is found, it is found in every project after it.

Really that does not make sense as you even admitted that he has "improved through learning" his security management in his projects.



Can you link me to that, I don't recall making that statement. Plus he has yet to prove that he has improved his security thru his projects.
legendary
Activity: 1498
Merit: 1000
How is this FUD? So it isn't FUD when he claims that he can hack my site, extorts me to remove bad post, or when he claims I am untrustworthy when I never even did a trade with him? Yet I point out that if one site and alert users has a huge security flaw, which is true from his own words by the screenshot, that is FUD. Cause that makes so much sense.

Hmm... can you calm down? I do not dispute that you found a problem with one of his websites - and hacking claims were nothing to do with what I mentioned.

The problem (as I see it) is that you have said that *all his websites* have the same flaw and you have not proven that (I am pretty sure that he has admitted the problems with the one site).

I am calm, also by my writing wouldn't say that I was ever not calm. I am just trying to get the real definition of FUD since my definition and the definition from wikipedia is not correct so please enlighten me. Also he didn't admit that had a problem until multiple people were agreeing with me. Also I have worked in the industry for long enough that when one problem is found, it is found in every project after it.
legendary
Activity: 1498
Merit: 1000

So where is my false information? He has yet to proven me to be false, when that happens as I said I gladly remove it. Instead he has threaten to hack me, he has extorted me, and basically done everything beside prove me wrong. That points to someone that is hiding something.
legendary
Activity: 1498
Merit: 1000
I think that if gweedo only has *proof* of the one site not having secure passwords then the title of this topic should be changed (otherwise it really is FUD). To say you "suspect all other sites" run by the same person have the same problem is really a bit of a stretch if you have no proof.

Apart from that guys I think that this topic is doing *nothing* for the benefit of the Bitcoin community (although I am sure many are enjoying the *drama* of it all).

How is this FUD? So it isn't FUD when he claims that he can hack my site, extorts me to remove bad post, or when he claims I am untrustworthy when I never even did a trade with him? Yet I point out that if one site and alert users has a huge security flaw, which is true from his own words by the screenshot, that is FUD. Cause that makes so much sense.
hero member
Activity: 658
Merit: 502
Doesn't use these forums that often.
This thread.... *sigh* Tongue

In my opinion:
gweedo isn't actually listening to what TF is saying.

(Side note: what CoinChat does need to do is unban me from it Cheesy)
donator
Activity: 1218
Merit: 1079
Gerald Davis
Even unimportant sites should use a reasonably strong password-hashing scheme IMO. People often use the same password for many sites, so a security breach on even an unimportant site can hurt a lot of people.

This.  Sadly password reuse is a problem and sites shouldn't pretend it isn't.  Also humans generally have a problem coming up with high entropy passwords.  If someone used a particular password even once the odds are someone else on the planet also used it.  Without salt precomputation against known/compromised passwords becomes trivially easy.  

At a minimum:
a) modern cryptographically secure hashing algorithm with no known preimage attacks (second generation RIPEMD, SHA-2, SHA-3, bcrypt*, Scrypt, Whirlpool, etc)*.  
b) 64 bit or greater salt.**
c) hash length of at least 128 bits
d) enforce minimum 8 digit password length ***

An even stronger solution is:
a) use a key derivative function designs to slow down brute force attacks (key stretching). Examples include bcrypt, scrypt, and PBKDF2 ****
b) enforce minimum password length 8 digits is acceptable for higher security applications adding even a single digit (9 digits) can provide significant security ***
c) check users password against lists of known compromised passwords and reject.

For example using bcrypt, requiring a min of 9 characters and ensuring the password isn't on any compromised password dictionary list makes the probability of brute forcing the password negligible even using botnets, cloud computing, or dedicated (non-existent) ASICs.  It is also likely to remain negigible even considering the advancements in computing power over the next couple decades.  For a more exotic solution which provides the site plausible deniability and puts all the security requirements on the user one could use public key signing (Bitcoin address or PGP) as a method of authenticating (logging on) users.

For those who want an appeal to authority this is what NIST recommends as a minimum:  
a) Key Derivative Function: PBKDF2 key using SHA-2 (SHA-3 maybe? but not at the time of this doc)
b) Min salt length: 128 bits
c) Min digest (hash) size: 112 bit
d) Min number of iterations: 1,000 for time sensitive applications (for high security situations that are not time sensitive a much higher iteration count based on available computing power should be used potentially up to 1,000,000 iterations)
e) Min password length: 10 digits for passwords which should consist of mixed symbols, numbers, upper case, lower case (i.e. "D&Twtf?123")
f) Min passphrase length: 30 digits which can be case insensitive alphabetical only (i.e. "my name is death and taxes and death and taxes is my name")

Understand NIST is a US government agency so their exclusion of an algorithm doesn't mean the algorithm is insecure it just means that governments like everything in nice neat packages.  Still there is nothing wrong with following NIST requirements, they just are a little restrictive.

Reference NIST publication 800-132 (Dec 2010)
http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf


Another potential source for "how to do it right" is the Bitcoin wallet source code.  The Bitcoin wallet doesn't store passwords but it does derive the encryption key from the user supplied password.  
It uses PBKDF2 using SHA-2, 256 bit key, tens of thousands of iterations (exact # depends on computing power of wallet).






Notes:
* The entire MD series of cryptographic hashes and SHA-0 are horrible insecure at this point and no new system should even consider them.  Legacy systems should have implemented hashing algorithm upgrades roughly a decade ago.  SHA-1 is cryptographically weakened but faster than brute force preimage attacks against the hash are likely more expensive than brute forcing the passphrase in all but the strongest passwords.  Still given the number of secure alternatives no new project should deploy SHA-1 at this point.

**  NIST recommends 128 bit although that likely is future proofing.  As long as salt is reasonably random and used on a per user basis even 32 bit salt will prevent the attacker from performing any precomputation or parallel attacks.

*** One problem with SHA-2 and similar algorithms is that they are designed to be very fast.  A single high end GPU can perform a billion hashes a second (remember in Bitcoin "1 GH/s" is 2 billion SHA-256 hashes).  This is useful in some applications like HMAC where you need to sign every packet individually as this may mean millions (or potentially hundreds of millions) of packets a second.  On the other hand this speed works against password security.  Unless your website needs to login millions of users per second, every second until the end of time that high speed offers no advantage but it does offer the attacker to attempt a massive number of potential passwords each second.  Strong key derivative functions provide a mechanism for increasing the amount of computing resources necessary to complete a single hash.  If you make a hash take 1000x as long it has a negigible impact on a webserver but it cuts the throughput of an attacker by 1000x.  Imagine an attacker with a given set of resources could break a particular passphrase in 9 hours, 1000x is one year.
sr. member
Activity: 336
Merit: 250
Cuddling, censored, unicorn-shaped troll.
My bad, it SHA-256, which isn't that weak... Will edit and make amend.  Grin
legendary
Activity: 1134
Merit: 1118
Fine I have updated the thread to reflect more of what the community is thinking. I still don't agree but I guess facts are facts.

Thanks for that. Now I back your thread title 100%, since MD5 isn't the strongest hash, indeed.

Lmao, MD5.
donator
Activity: 1218
Merit: 1079
Gerald Davis
Fine I have updated the thread to reflect more of what the community is thinking. I still don't agree but I guess facts are facts.

Thanks for that. Now I back your thread title 100%, since MD5 isn't the strongest hash, indeed.

Wait who is using MD5 in 2013?  

Error by quoted user.  Site reportedly uses SHA-2.
administrator
Activity: 5222
Merit: 13032
(Keep in mind that this forum does not use a user specific salt.)

Yes, it does.

Even unimportant sites should use a reasonably strong password-hashing scheme IMO. People often use the same password for many sites, so a security breach on even an unimportant site can hurt a lot of people.
sr. member
Activity: 336
Merit: 250
Cuddling, censored, unicorn-shaped troll.
Fine I have updated the thread to reflect more of what the community is thinking. I still don't agree but I guess facts are facts.

Thanks for that. Now I back your thread title 100%, since MD5 isn't the strongest hash, indeed.

EDIT : Thanks for that. Now I back your thread title 70%, since SHA-256 is pretty secure.

I didn't double check my google search on the scotaloo password hash and got carried on by the title matching the MD5 hash, sorry TF.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
Instead he attacked me then actually just disproving me.

You made it impossible for him to do so - if you (and him) could let your egos go for a second you'd realise that this helps Bitcoin not at all.

I don't really care for the silly argument but would hope you guys both remember that Bitcoin is more important than any of us. Smiley
sr. member
Activity: 336
Merit: 250
Cuddling, censored, unicorn-shaped troll.
I have proof, I posted proof. Also how can you even put me in the same category of TF, he has extorted, threaten to hack sites I don't even own anymore, and called me untrustworthy which has no baring. I think for someone that has been called out, he is acting as a guilty party.

Yes, you posted proof that CoinChat passwords were hashed without salting.
Which was clearly admitted by TF.
(Thank you for poiting out this breach, really.)

Then discussing further, he admitted the CoinLender passwords were hashed with static salting.
Which is apparently fixed.

Input passwords are hashed using a user-specific salt.

So my conclusion still stands.
Just keep away from CoinChat.

TF should undo the neg-rep he painted you with, which was a really childish move (I sometimes wonder if TF isn't actually Inaba), and you should keep on warning people not to use CoinChat.

legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
Obviously you think the way you think and I think the way I think. If my proof that he has bad security, the certainly his actions are not that of a innocent man.

If you can prove he has bad security (on any other website than the one he admitted to) then why not just do so?
Pages:
Jump to: