Topic: Info about the recent attack - page 4. (Read 52527 times)

Salt offers no protection at all from bruteforcing. It is only used to prevent attackers from using rainbow tables.

Finally someone with an intelligent answer to salts.
This makes perfect sense.

I do however don't think that using the username as a salt helps scince the attacker would already know that the forum is salted with usernames..so wouldn't they just point their brutforcing problem to query for the username first before the bruteforce attempt?

Not that good idea. This all lies on the assumption that the attacker would not be able to access the filesystem which is not necessarily the case. Depending on configuration, the user might be able to read arbitrary files using e.g mysql's LOAD_FILE(). The forum software might have other attack vectors like LFI that would allow reading the file. The salt file should be outside the document root but that would break some (already inefficient) security mechanisms like open_basedir. Short enough salts would fall victim to simple attacks (like registering an user with a single-character password then bruteforcing to obtain the salt). But what's worst - you'd have a single salt for all the passwords that way. This is enough to thwart rainbow table attacks if salt is long enough (even 10 bytes of salt is enough to render readily available tables useless). But there is also another huge advantage of using salts which you are losing by using a single common salt. You turn the complexity of a hash crack attack from (nearly) O(1) to O(N) where N is the number of passwords. That's because if all passwords have the same salt, you do:

1) hash = H(salt,password)
2) compare hash to all the hashes in the list.

overall that's one compute-intensive operation per candidate


if you have many salts, you need to do the following:

for each hash K in the list do:
  1) hash = H(salt, password)
  2) compare hash to K

overall that's N compute-intensive operations per candidate where N=number of users.


So yes, it might be a good idea if you can guarantee that the attacker would never get the salt. Once it gets it though, you lose a great deal of the time that password hashing buys you prior to your hacker obtains your password. For a forum of 1000 users, cracking the passwords using a single common salt would be up to 1000 times faster than cracking 1000 passwords with different salts.

@Xenland: He just thinks that you probably have no idea about salts, which appears to be true. This isn't about terminology.

@defxor: You shouldn't wonder about the lack of knowledge. There are a lot of people who join the forum Bitcoin, because it sounds like easy money. What really worries me is that some people could actually share information in PMs that they shouldn't. This also isn't good for the operators of the forum. I am not sure whether this is true for the US, but in many parts of Europe the operators could receive a lot of legal threats making it very vulnerable to a take down.

I think you assume too much. I'm dont find the need to prove my self of how valid my programming skills are based on how well i use accurate teminology especially over the internetz! Lol!

You cannot protect a password hash from brute forcing and still allowing an authentication system to work. Some seem to mistake salt for a secret nonce (which it isn't) which would just make the database of secret nonces into another password database. There's no reason to suspect two databases to be more secure than one.

Salt's only purpose is to make rainbow table lookups ineffective/useless. The salt used on this forum succeeded in doing that. I'm worried about the lack of basic crypto terminology and usage in some posts here.

My theory was that if someone were to set a static salt in a file and the attacker only downloaded the database it would render useless(this only works if the salt length is of a long length such as 64characters long mininum).

Thats just my thoery, any great ideas on protecting your self bruteforcing for this particular situatiom?

Anyone who understands what salt is and why it is used? Using the nickname as salt instead of a random value doesn't change the fact that it makes rainbow table lookups useless. Salt is never a secret and doesn't protect against brute forcing anyway.

http://en.wikipedia.org/wiki/Salt_(cryptography)

Yep you are correct, however , i'm not going the mile to checking the validity of my post for every single word. This forum isn't really that worth the integrity.

You mean exec and it's cat not vi. Vi would open the file to edit, cat shows its content.

What's retarded about using a forum?! Supposedly there's no financial data here, nothing but baloney and chit-chat. So nothing to worry about, let the "hacker" be happy.

WHAT PROGRAMMER IN THEIR RIGHT MIND SALTS WITH THAT KIND OF DATA!?!?!

A good programmer would salt the data that is in a file, but then again, I guess I'm looking like an ass whole becuase the attacker could have just ran exe('vi /www/salt_location/saltfail.txt'); or something of the like.... lol Different forum software I guess right? wtf why do people use these forums even after an attack? sounds retarded.

anyways you guys have fun... this forum is funner then watching Jersey Shore....

What you evidently fail to realise is that nothing is set in stone, why don't you have a calm and constructive discussion with the owners of the site and organise something like you're suggesting?

Focus on the future, make a change and become the positive next step in the sites future history.

I'd rather read about how you were the savior instead of the armchair critic who instead simply points out everything that went wrong and tries to get everyone to go to his forum instead.

That "this" was what made PHP insecure. After that "java-like piece of crap" came along magic_quotes_gpc defaults to off and "deprecated", as many don't seek this settings in php.ini their sites become vulnerable to SQLi.
PDO is the typical piece of "paranoia-security", deem all unsafe because a paranoiac found something else more "safe"...

Btw, do you guys got an ETA when SMF is gonna have the fix for the zeroday officially released so you can talk about it openlly?

PHP has this...now. The old insecure way is "deprecated" which means because so many billions of lines of deployed code depend on it, it'll be forever before it gets removed.

No problem. It's this damn paranoia lately. Who knows? Some browser exploit, whatever...

I happy I made you laugh, though. Much needed in these forums nowaday

You forget that everybody and their dog can just go and check out the forum PHP code themselves, and examine the password hashing algorithm in detail.

This mess. ultimately, is the PHP language authors' fault. They seem to argue that securing your scripts (and not just from SQL injections) is the programmer's problem.
A properly designed SQL interface (with prepared statements and placeholders) makes writing code that's prone to injections more difficult to write than code which isn't.
In PHP, it's the other way round, and the language authors don't think that's a problem.

Well, I happen to disagree, rather vehemently in fact, which is why I try to encourage people to program their web sites in some other language (Python for instance), and why every single PHP-using website on my server runs in a FastCGI sandbox and has (almost) no access to the rest of the system.

lmao. Sorry 'baut that. No, for that very reason - that browsers store passwords in a common file - is exactly why browsers are so paranoid about preventing web scripts from interacting with the local file system. They're run in little sandboxes, and it while it's not entirely impossible to hack around those safeguards, it would take an *entirely* different set of hacks to do so, not just a "display random funny Cosbycoin/uplaoding walletdat" image randomizer to do so

Allright, thanks for clearing that up, man. Cause you had my hard stop for a second there.

EXACTLY MY POINT. They didn't steal wallet.dats because they couldn't. And even if they could, they'd probably rather go after something more useful than the Bitcoins they hate so much. That's my point: if they COULD steal wallet.dat, they probably wouldn't've bothered with something so trivial. Browsers have paranoid amounts of security regarding file-upload abilities (remember when the "file path" field disappeared from HTML file controls?), so it's just not possible for a stupid little Javascript playtime script to go stealing wallet.dats. That's the point I was making.