Last May, Ars Technica published a chilling article on password cracking that I’ve been meaning to write about for a while. I urge you to take a look at it even if you’re just a user but especially if you design and implement security systems for Web sites.
The article is about what happens when 3 password cracking experts were asked to recover 16,449 passwords that were hashed (unsalted) with MD5. That, of course, is a fairly low bar but, sadly, all too many Web sites do exactly that. The results:
- The most successful cracker recovered 14,734 passwords (89.6%) in 20 hours using a commodity PC with a single GPU.
- The second most successful cracker recovered 13,486 passwords (82%) in a bit over an hour using 2 GPUs.
- The least successful cracker recovered 62% in approximately an hour.
For the Web site implementer the lesson is clear: you must use salted passwords and keystretch them with bcrypt
, scrypt
, PBKDF2
, or something similar. If you don’t, even modest effort will recover almost all of your users’ passwords.
For users, the lesson is even more urgent. You must use secure passwords. The problem is what that means. It took just two minutes and 32 seconds to brute force all passwords (upper and lower case alphanumerics, numbers, and symbols) of length 8 or less. Even if passwords are salted and keystretched, passwords less than 8 characters are going to fall pretty quickly.
But it gets worse. According to Ars, the following passwords were recovered
":LOL1313le" "Coneyisland9/," "momof3g8kids," "1368555av," "n3xtb1gth1ng," "qeadzcwrsfxv1331," "m27bufford," "J21.redskin," "Garrett1993*," and "Oscar+emmy2"
They are hardly obvious and seem to be secure but they were still recovered. That’s because the crackers and the tools they use understand how users choose their passwords and can quickly try the probable combinations. Go read the article to find out how the crackers really work to understand why these passwords fell to their efforts.
As I’ve said many times, your best bet is to use a password manager such as 1Password or KeePass and have them generate long, random passwords that differ for each site. The “long” will protect from brute-force attacks and the “random” will protect from rule-based combining of common base words. Again, read the article to see why that last point is important.
One last lesson that’s implicit in the above but should be stated explicitly: don’t reuse your passwords. All it takes is one lazy implementer on some unimportant site for your (reused) password to be recovered. If you reuse it for, say, your bank account you’re going to be sorry.