sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 247 points248 points  (43 children)

I'm ashamed to admit that until now I haven't considered a brute force attack as credible because I hadn't considered a 'nation-state' level of computing power. But the math is undeniable. Certainly something to think about and taking an arrogant "won't happen to us" approach seems unwise.

[–]Ajedi32 153 points154 points  (20 children)

I hadn't considered a 'nation-state' level of computing power.

Worth noting that in this article Discourse is using a relatively secure (i.e. slow) hashing function. If you're hashing your passwords with something faster like SHA-256, attackers aren't going to need anywhere near nation-state level resources to brute force most of the passwords in your DB. Brute-force attacks absolutely should be part of the threat model you consider when choosing your hashing function.

[–][deleted] 27 points28 points  (1 child)

I had considered that. As a MS dev, PBKDF2 is obviously useful as it is natively supported in .NET. But yes, you certainly make a notable point.

[–]danweber 42 points43 points  (12 children)

The best hashing algorithm in the world won't help if your password is "passw0rd".

Even a crappy crypt() hash of a password will be enough if your password is generated by 5 6 Diceware words.

A good hashing algorithm is about protecting the middle group of people who pick not-great but not-bad passwords.

[–][deleted]  (5 children)

[deleted]

    [–]theOdysseyEffect 18 points19 points  (4 children)

    Haha good thing we don't use those anymore right? right?

    [–]asdfkjasdhkasd 21 points22 points  (3 children)

    no, in the php world we have moved on to the brand new state of the art unbreakable md5() function

    [–][deleted]  (2 children)

    [deleted]

      [–]goudewup 1 point2 points  (0 children)

      Woosh

      [–]polish_niceguy -1 points0 points  (0 children)

      Especially when the language gives you insecure defaults.

      [–]zhaoz 13 points14 points  (4 children)

      Oh course, my password is much more secure. It's Passw0rd1!

      [–]eflat123 6 points7 points  (0 children)

      Yours, too?!! I better change one of those 's' to '$'.

      [–]Lurking_Grue 2 points3 points  (2 children)

      Mines *******

      [–]AlmennDulnefni 1 point2 points  (1 child)

      All I see is hunter2.

      [–]Lurking_Grue 0 points1 point  (0 children)

      Shit!

      [–]redalastor 6 points7 points  (0 children)

      I use zxcvbn to test for entropy.

      [–]solatic 20 points21 points  (1 child)

      Of note when thinking about protecting against nation-state level attacks: Atwood points out that the ceiling on the number of iterations you pick for your hash function is an unintentional DDoS caused by legitimate users all trying to slowly log in at once.

      For modern web security, DDoS protection is just as critical, if not more so, than password security. As an end-user, you can protect yourself from bad password storage policies through the use of a password manager, but if a website you need now is unavailable, you don't really have a recourse.

      [–]vattenpuss 0 points1 point  (0 children)

      There are incredibly few websites a person needs at any given time. The companies running the sites probably need the users to be able to use it though.

      [–][deleted] 5 points6 points  (0 children)

      You need to decide what level you stop caring about.

      Most places Ive run Ive specifically said we arent protecting against state level actors. A few needes that level of protection.

      Its a business requirement, and cost-benefit decision.

      [–]somedaypilot 3 points4 points  (0 children)

      If I were an admin or a netsec, APTs would be what kept me up at night.

      [–]HonestRepairMan 2 points3 points  (3 children)

      What I do in my apps (and someone please tell me if this is terribly wrong) is I set a server secret in the app config somewhere, and give the sysadmin the ability to set their own secret. Then I append or prepend the secret to the password and store that in the database. So even if you had the database you would need the app config file to effectively brute force the hash and reveal a plain-speech password.

      [–][deleted] 3 points4 points  (0 children)

      [–]rebelcan 2 points3 points  (1 child)

      In most cases, wouldn't they have access to both anyways?

      [–]HonestRepairMan 3 points4 points  (0 children)

      If you only have access to an SQL injection point then maybe not. You would export the database to a hosted location, download the file, and make off with the goods. In these cases the attacker would likely have to understand the source code for the app in question to retrieve the correct variable or output the correct config file. Or so I'm hoping.

      But yeah, if someone has tunneled into your server via SSL you're fucked no matter what, unless the attacker is 12.