Topic: Coinchat doesn't salt or use a strong hash algo (Read 32169 times)

I don't see what this has to do with bitcoin at all. This is why it is in service discussion. Also I agree bitcoin is bigger than anyone on this forum. I think some people think this forum is real life and it isn't.

Fine I have updated the thread to reflect more of what the community is thinking. I still don't agree but I guess facts are facts.

*Facepalm* you are really just talking in circles now. What I am saying is that, if you know you have a bad security practice on one site, the chances you have it on others is very high. He should prove that he didn't, now if you think that I should hack his site, and prove it myself, well that isn't happening. Also his actions show that of a guilty person. This will be my answer as you just keep asking me to prove it. I did prove, it is his turn to disprove it, and he has yet to do it. Instead he attacked me then actually just disproving me.

I have proof, I posted proof. Also how can you even put me in the same category of TF, he has extorted, threaten to hack sites I don't even own anymore, and called me untrustworthy which has no baring. I think for someone that has been called out, he is acting as a guilty party.




Obviously you think the way you think and I think the way I think. If my proof that he has bad security, then certainly his actions are not that of an innocent man.

As I stated before 99.9% of programmers use the same template for hashing and salt handling things across all sites. I think the question you should be asking, is why he doesn't prove that this isn't true, I have already shown proof that this could be an issue. Also if it wasn't an issue why is he extorting my ratings to have it removed? Makes you wonder.

That is a completely different thing. That is after DeathAndTaxes brought up the password salt issue, which he claims to fix on one site.

Can you link me to that, I don't recall making that statement. Plus he has yet to prove that he has improved his security thru his projects.

I am calm, also by my writing wouldn't say that I was ever not calm. I am just trying to get the real definition of FUD since my definition and the definition from wikipedia is not correct so please enlighten me. Also he didn't admit that had a problem until multiple people were agreeing with me. Also I have worked in the industry for long enough that when one problem is found, it is found in every project after it.

So where is my false information? He has yet to proven me to be false, when that happens as I said I gladly remove it. Instead he has threaten to hack me, he has extorted me, and basically done everything beside prove me wrong. That points to someone that is hiding something.

How is this FUD? So it isn't FUD when he claims that he can hack my site, extorts me to remove bad post, or when he claims I am untrustworthy when I never even did a trade with him? Yet I point out that if one site and alert users has a huge security flaw, which is true from his own words by the screenshot, that is FUD. Cause that makes so much sense.

This thread.... *sigh*

In my opinion:
gweedo isn't actually listening to what TF is saying.

(Side note: what CoinChat does need to do is unban me from it )

This.  Sadly password reuse is a problem and sites shouldn't pretend it isn't.  Also humans generally have a problem coming up with high entropy passwords.  If someone used a particular password even once the odds are someone else on the planet also used it.  Without salt precomputation against known/compromised passwords becomes trivially easy.  

At a minimum:
a) modern cryptographically secure hashing algorithm with no known preimage attacks (second generation RIPEMD, SHA-2, SHA-3, bcrypt*, Scrypt, Whirlpool, etc)*.  
b) 64 bit or greater salt.**
c) hash length of at least 128 bits
d) enforce minimum 8 digit password length ***

An even stronger solution is:
a) use a key derivative function designs to slow down brute force attacks (key stretching). Examples include bcrypt, scrypt, and PBKDF2 ****
b) enforce minimum password length 8 digits is acceptable for higher security applications adding even a single digit (9 digits) can provide significant security ***
c) check users password against lists of known compromised passwords and reject.

For example using bcrypt, requiring a min of 9 characters and ensuring the password isn't on any compromised password dictionary list makes the probability of brute forcing the password negligible even using botnets, cloud computing, or dedicated (non-existent) ASICs.  It is also likely to remain negigible even considering the advancements in computing power over the next couple decades.  For a more exotic solution which provides the site plausible deniability and puts all the security requirements on the user one could use public key signing (Bitcoin address or PGP) as a method of authenticating (logging on) users.

For those who want an appeal to authority this is what NIST recommends as a minimum:  
a) Key Derivative Function: PBKDF2 key using SHA-2 (SHA-3 maybe? but not at the time of this doc)
b) Min salt length: 128 bits
c) Min digest (hash) size: 112 bit
d) Min number of iterations: 1,000 for time sensitive applications (for high security situations that are not time sensitive a much higher iteration count based on available computing power should be used potentially up to 1,000,000 iterations)
e) Min password length: 10 digits for passwords which should consist of mixed symbols, numbers, upper case, lower case (i.e. "D&Twtf?123")
f) Min passphrase length: 30 digits which can be case insensitive alphabetical only (i.e. "my name is death and taxes and death and taxes is my name")

Understand NIST is a US government agency so their exclusion of an algorithm doesn't mean the algorithm is insecure it just means that governments like everything in nice neat packages.  Still there is nothing wrong with following NIST requirements, they just are a little restrictive.

Reference NIST publication 800-132 (Dec 2010)
http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf


Another potential source for "how to do it right" is the Bitcoin wallet source code.  The Bitcoin wallet doesn't store passwords but it does derive the encryption key from the user supplied password.  
It uses PBKDF2 using SHA-2, 256 bit key, tens of thousands of iterations (exact # depends on computing power of wallet).






Notes:
* The entire MD series of cryptographic hashes and SHA-0 are horrible insecure at this point and no new system should even consider them.  Legacy systems should have implemented hashing algorithm upgrades roughly a decade ago.  SHA-1 is cryptographically weakened but faster than brute force preimage attacks against the hash are likely more expensive than brute forcing the passphrase in all but the strongest passwords.  Still given the number of secure alternatives no new project should deploy SHA-1 at this point.

**  NIST recommends 128 bit although that likely is future proofing.  As long as salt is reasonably random and used on a per user basis even 32 bit salt will prevent the attacker from performing any precomputation or parallel attacks.

*** One problem with SHA-2 and similar algorithms is that they are designed to be very fast.  A single high end GPU can perform a billion hashes a second (remember in Bitcoin "1 GH/s" is 2 billion SHA-256 hashes).  This is useful in some applications like HMAC where you need to sign every packet individually as this may mean millions (or potentially hundreds of millions) of packets a second.  On the other hand this speed works against password security.  Unless your website needs to login millions of users per second, every second until the end of time that high speed offers no advantage but it does offer the attacker to attempt a massive number of potential passwords each second.  Strong key derivative functions provide a mechanism for increasing the amount of computing resources necessary to complete a single hash.  If you make a hash take 1000x as long it has a negigible impact on a webserver but it cuts the throughput of an attacker by 1000x.  Imagine an attacker with a given set of resources could break a particular passphrase in 9 hours, 1000x is one year.

My bad, it SHA-256, which isn't that weak... Will edit and make amend. 

Lmao, MD5.

Wait who is using MD5 in 2013?  

Error by quoted user.  Site reportedly uses SHA-2.

Yes, it does.

Even unimportant sites should use a reasonably strong password-hashing scheme IMO. People often use the same password for many sites, so a security breach on even an unimportant site can hurt a lot of people.

Thanks for that. Now I back your thread title 100%, since MD5 isn't the strongest hash, indeed.

EDIT : Thanks for that. Now I back your thread title 70%, since SHA-256 is pretty secure.

I didn't double check my google search on the scotaloo password hash and got carried on by the title matching the MD5 hash, sorry TF.

You made it impossible for him to do so - if you (and him) could let your egos go for a second you'd realise that this helps Bitcoin not at all.

I don't really care for the silly argument but would hope you guys both remember that Bitcoin is more important than any of us.

Yes, you posted proof that CoinChat passwords were hashed without salting.
Which was clearly admitted by TF.
(Thank you for poiting out this breach, really.)

Then discussing further, he admitted the CoinLender passwords were hashed with static salting.
Which is apparently fixed.

Input passwords are hashed using a user-specific salt.

So my conclusion still stands.
Just keep away from CoinChat.

TF should undo the neg-rep he painted you with, which was a really childish move (I sometimes wonder if TF isn't actually Inaba), and you should keep on warning people not to use CoinChat.

If you can prove he has bad security (on any other website than the one he admitted to) then why not just do so?