
Can Snowden be targeted using the Adobe breach? - mafuyu
http://7habitsofhighlyeffectivehackers.blogspot.com/2013/11/can-someone-be-targeted-using-adobe.html
======
MattBearman
Mildly off topic but:

I've never been a fan of password hints, but I'll admit it had never occurred
to me that they could be used this way. This is yet _another_ reason to use an
algorithm like bcrypt that will generate different hashes for the same
password.

I'm also amazed people put such obvious password hints, and some even had
their _exact_ password as the hint.

~~~
corin_
A basic salted hash would prevent this sort of thing (not saying that
bcrypt/etc. aren't worth using).

As to people using obvious password hints, it depends how much you care about
the account - I don't use hints anywhere, but there's plenty of accounts I
have where I really wouldn't care if anyone logged into it, so if I was
someone who needed hints, then sure why not?

~~~
aw3c2
A basic salt could be just a fixed string being used. That would _not_ prevent
this. The salt would need to vary per hash.

~~~
judofyr
This is a common misconception, but a "global salt" isn't actually a salt. Not
sure what a "basic salt" is though.

> A new salt is randomly generated for each password. In a typical setting,
> the salt and the password are concatenated and processed with a
> cryptographic hash function, and the resulting output (but not the original
> password) is stored with the salt in a database.

[http://en.wikipedia.org/wiki/Salt_%28cryptography%29](http://en.wikipedia.org/wiki/Salt_%28cryptography%29)

~~~
aw3c2
Ah, I did not know that. And I wrote some password hashing with a global salt
myself. So I stand by my comment with "one laughing and one crying eye". I
thought salts were mostly against precomputed rainbow tables for specific hash
functions, but of course if my hashes are valuable enough, a global salt makes
cracking them easier than if I used a random/unique one per hash.

~~~
sillysaurus2
This is why programmers should stop trying to write their own password
systems.

~~~
amenod
To be exact, programmers should stop _using_ their own password systems
(unless - well, let's not go there :).

Writing them is actually an excellent exercise, and humbling one too.
Especially if you show your code to some skilled hacker / security expert.

------
ivanhoe
Hints are really bad idea. I used to add that feature, but after seeing what
people enter there I've removed it from all projects. Even without someone
dumping your DB, people are usually too descriptive or they use some data they
think is private, but that is actually easy to get with a little research and
social engineering. I remember one guy's hint was: "The best car ever", and
you could easily find that he posted a tones of pictures of his new BMW on
Facebook... of course, the password was bmwrulez, it took me like 10 minutes
to figure it out without any cracker app...

------
casca
This is an interesting attack that uses other people's password hints to match
a hashed password. However, it seems unlikely that the Edward Snowden would
use such a weak password to protect any resource that he considered sensitive.

Please use a randomly generated password that is as long and complex as the
site you're using will allow, stored in a password safe.

~~~
wereHamster
I don't trust third parties to securely store my passwords. The problem with
randomly generated passwords it that they are hard (impossible?) to memorize.
Password squares help there, because they allow you to visually memorize the
password by using a path inside a random character grid.

I recently created a website that generates a random 'password square'. It
should display nicely on latest browsers (which support flexbox). You can
optionally supply a seed if you want to reuse the same path but have it yield
a different password.

[https://caurea.org/passwd/](https://caurea.org/passwd/)
[https://caurea.org/passwd/#seed](https://caurea.org/passwd/#seed)

The website is intentially barebones, to allow you to print it out and store
offline.

~~~
dnr
If you're memorizing a lot of passwords, you're doing it wrong. Use a password
manager and memorize one, that no sites ever see. (In practice you'll probably
want to memorize another one or two for important accounts and a login
password.)

~~~
wereHamster
I tried to address that in the first sentence.

~~~
dnr
No decent password manager will expose your passwords to a third party. If
syncing is supported, only passwords encrypted with your master password are
sent over the network. AFAIK, that's how all the popular ones work.

FWIW, I use "pass", which is a short bash script that's a thin wrapper around
gpg. If you can't trust that, I'm not sure how you can use a computer.

[http://zx2c4.com/projects/password-
store/](http://zx2c4.com/projects/password-store/)

Btw, your password square generator isn't using a secure source of random
numbers, which makes me highly doubtful.

~~~
kbenson
> No decent password manager will expose your passwords to a third party.

Unless you are verifying the source and compiling yourself, your password
manager IS a third party.

> FWIW, I use "pass", which is a short bash script that's a thin wrapper
> around gpg. If you can't trust that, I'm not sure how you can use a
> computer.

Sure, I probably trust GPG and the devs behind it. But unless you are
downloading from them directly and verifying binaries, or building yourself
from their source (and comparing source), you aren't really just trusting
them, you're trusting the people that are distributing GPG to you. If the
provider is a well respected linux distro, I probably trust it, but it's quite
a bit less trust than the GPG devs themselves get. There's a lot more hands
involved there and many more places for someone to inject some nefarious code,
or just plain screw up[1].

I guess the real point is that "decent" in "decent password manager", or any
security product for that matter, has higher bar than in many other
industries, but this many not be common knowledge.

Edit: For that matter, I guess the only reason I trust GPG at all is that
enough decentralized volunteers will look at it that coercing them all into
keeping silent (or silencing them in another manner) about any backdoor they
find is probably impossible (or at least requires enough effort as to make it
unfeasible).

[1]:
[https://www.schneier.com/blog/archives/2008/05/random_number...](https://www.schneier.com/blog/archives/2008/05/random_number_b.html)

~~~
dnr
I agree with everything you said, but you're looking too closely at just the
last link in a long chain. Yes, it's important to trust your password manager.
I base that trust on my inspection of the short bash script and on the
reputation of GPG and the Ubuntu distribution system. But 95% of the passwords
stored in there are being pasted into chrome, which is a gigantically complex
piece of code with hundreds of developers. They're passing through the
selection buffer of Xorg, which is also quite a beast with many contributors
over time. And of course I have to trust the Linux kernel! Not to mention the
hardware it's all running on, which I'm sure has many critical parts
manufactured in a country that harbors and probably sponsors people hacking
into US companies and infrastructure.

Looking at the whole picture, using something like LastPass or 1Password in
place of bash+gpg is only marginally less secure, and since non-techies are
more likely to actually use them than some console-based thing, encouraging
their use is a net win for security. Saying "you shouldn't trust a password
manager that you haven't inspected line-by-line" is ultimately counter-
productive. The people that have the most to gain from password managers can't
even read code, and certainly couldn't spot a hidden side-channel.

------
dutchbrit
The question that the blog writer didn't ask himself is: How many people are
called Edward Snowden?

~~~
3rd3
He did, but didn’t write about it.

------
AJ007
Lessons:

a) Don't have an email address with your real name in it.

b) Have several different active email addresses.

c) Never reuse passwords.

d) Only Use passwords that are a random string of alphanumeric characters.

e) Never use a hint that actually means anything.

I find it hard to believe that the real Snowden would use a single dictionary
word as a password.

~~~
senorprogrammer
Regarding your last point, and as pure conjecture, it depends on how old the
password is. When I was a student signing up for trial software etc. I often
thought such things like "No one will ever guess 'offspring' as my password,
that band is so obscure!"

Young me was much less paranoid than old me.

~~~
berberous
It's also possible that he only used a simple password for sites that don't
matter - like Adobe - but used a stronger password for his e-mail, bank, etc.

------
alexkus
On the other front, these passwords are all encrypted (not hashed) using 3DES
in EBC mode.

Something encrypted with by (single) DES could be broken within 7 days about 2
years ago by some bespoke hardware.

If Adobe have been using the same key for each part of the triple DES key then
you can assume that bespoke hardware of several years ago could get the key
within 3 weeks (3DES being ~3 times the work of single DES). With advances in
technology this is probably down to less than a week.

Let's just hope that they used a full 168-bit key, rather than repeating the
single 56-bit key, and that it never gets leaked.

~~~
anonymouz
> ... could get the key within 3 weeks (3DES being ~3 times the work of single
> DES).

Absolutely not! Trippling the key length does not just triple the strength...
Against brute force every extra bit will force you to invest twice the time.
Though 3DES only provides an effective security equivalent to 112 bits even
with the strongest keying option due to an attack on it (instead of 168 bits).
It's still probably infeasible to brute force currently: The factor between
brute forcing DES and 3DES is about 2^56=7*10^16 (that's a big number!), not 3
as you seem to believe.

~~~
Buge
>If Adobe have been using the same key for each part of the triple DES key

------
user24
Very nice use of password hints.

Userwise salted hashes would defeat this attack though.

~~~
frank_boyd
> salted hashes would defeat this attack though.

Seriously.

A huge company like Adobe behaving like a beginner in programming?

WTF.

~~~
cheald
> A huge company like Adobe behaving like a beginner in programming? WTF.

You _are_ aware that Flash and Acrobat Reader are the attack vectors for
something like 50% of all Windows malware, yeah?

~~~
scarmig
I'm sure you're also aware that, for all Adobe's faults, there's a world of
difference between making mistakes writing novel software solutions versus not
salting or hashing your passwords.

One type of mistake is inevitable on some level, while the other just should
not happen.

~~~
oneeyedpigeon
"novel software solutions" \- you work in Adobe's marketing department, right?
;-)

------
herghost
So this is effectively "crowd-sourcing" a hack - other peoples' collectively
bad op-sec used against you...

------
GoldfishCRM
So Edvard has the same password as 206 other people and you can get there
email adresses. It should not be that hard to get the password.

------
CurtMonash
So this proves that at some sites you really shouldn't use a password that
it's likely a lot of other people will use as well.

Wasn't that already clear due to the threat of dictionary attacks?

------
pasbesoin
Password hints are simply multi-factor passwords with, when used as intended,
really crappy entropy and often crappy back-end handling/storage.

If you must suffer them, use random values that you note locally and store
safely (just like your password). (Or that you don't store at all, simply
foregoing ever being able to use the password hints mechanism.)

And, adjust your level of trust in and comfort with the site, accordingly.

------
founder4fun
So i was one of the millions affected by Adobe's hack.

Should I be worried, when I canceled my credit card immediately and used a
spam address to sign up?

The only details the hackers would have on me would be my name, canceled
credit card number, email address (spam email address) and answers to secret
questions. Is there anything else I should be concerned about?

~~~
kevjiang
You should probably assume that they have your password too. Since Adobe
encrypted the passwords instead of hashing them, all of these passwords will
be known once the encryption key is discovered. Someone could possibly use the
method in the article to guess your password as well.

So if you use the same password on any other websites, better change it.

------
badinker
Top 100 using this hack

[http://pastebin.com/iDTFARwq](http://pastebin.com/iDTFARwq)

------
mcv
So even if I don't use a password hint, other people who use hints will still
give away my password.

Of course this is just an Adobe account. I don't think there's anything of
value on there, is there?

~~~
oneeyedpigeon
Only if you use a password which can be obviously 'hinted at', and that's
unlikely to be a very good password in the first place. Except, maybe, if it's
a password phrase.

------
treetrouble
This is a perfectly interesting post, but why target Snowden? Guess it's eye
catching

~~~
yOutely
Linkbait scummery.

------
EGreg
If you insist on rolling your own password scheme, just have the following:

A unique salt per account (eg the username or some stringb you store alongside
the hash)

Key strengthening - run the has some number of times over 1000, preferably
prime

Any kind of cryptographic has, I think even md5 would be fine if the above are
followed

------
denzil_correa
What happened to the "No change in Title" rule of HN?

------
VMG
Ah yes, the beloved security question.

