
Cracking WordPress passwords with 20 lines of Go - frenxi
https://frenxi.com/cracking-wordpress-password-hash/
======
guessmyname
> _Cracking WordPress passwords with 20 lines of Go_

The original title is actually _“WordPress passwords, explained and cracked”_.

It seems Frenxi _—the author—_ added “… with 20 lines of Go” in the post
submission simply to appeal to the masses of Hacker News who often upvote
links based on keywords more than the content of the article. Per the Hacker
News Guidelines [1] → _“[…] please use the original title, unless it is
misleading or linkbait; don 't editorialize.”_

Go has nothing to do here except the author decided to write the brute force
password cracker in it. The program could have been written in any other
programming language without losing anything. Honestly, I am disappointed.
They didn’t even try to make an interesting cracking program, the program
doesn’t even have goroutines which one would expect from a tool that is trying
to brute force a solution.

[1]
[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

~~~
eyelidlessness
Maybe the interesting thing about it is that it doesn't require any
interesting techniques to crack WP passwords? That seems interesting (although
unsurprising having an early career background in PHP and WP) to me.

~~~
tialaramex
Given a password database, and the password check algorithm, this sort of
dictionary or brute force approach is just a loop, regardless of the algorithm
used because that's factored out.

Worse algorithms can offer the possibility of an exciting optimisation,
especially for bulk cracking (e.g. Microsoft's LanMan Hash) - but that's not
happening here.

In the case of this algorithm you could get a boost by vectorising to run on a
GPU, memory hard pessimisation defeats that and this password hash doesn't
offer it, again this Go program doesn't do that either.

For any human memorable password scheme, "Guess until you get lucky" is
potentially viable and that's all this does, so it's almost the least
interesting case.

------
shoo
I reckon this is a relatively simple explanation & demo of how simple it is to
crack passwords if you have access to both a database dump of salted
passwords, provided the password itself is relatively easily guessable
(present in some dictionary of candidate passwords).

In terms of performance --

> At the moment, it processes 100K attempts in about 2 minutes on a small VPS.

It is a bit hard to compare performance without knowing what the `hashloop`
parameter was set to for each attempt for that benchmark. Assuming that the
hashloop parameter is set to `8192` aka `(1 << strings.Index(itoa64, "B"))` as
in the blog post, then this approach is computing about 6.83 md5 mega-hashes
(MH) / sec.

For a 30,000x speedup for brute forcing md5: hashcat + 8x GPUs can hit
something like 200 GH / sec of md5:

[https://hashcat.net/hashcat/](https://hashcat.net/hashcat/)

[https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a27...](https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a270c40)

------
chx
When I read "Bcrypt is known to be a stronger hashing method compared to md5"
it is blatantly clear the author have missed the _entire point_ of the phpass
library. [https://www.openwall.com/phpass/](https://www.openwall.com/phpass/)
to quote

> The approach of using multiple iterations to purposefully increase the
> computational cost of testing a password

The author has shown that a hashing function can be attacked by using a
dictionary attack... well, yes, of course. But the library is not inherently
weak just because of that. Yes, you can write it in 20 lines of Go but --
you'd need to benchmark the attack against other hashes. Just because the
md5() primitive is used as _part_ of the algorithm doesn't make the whole
shebang weak.

The question always is how long it takes to find clear text which gets hashed
to a certain value.

~~~
fmajid
It’s 2020 and password-cracking is done on GPUs nowadays. The multiple rounds
of PHPass do nothing against the speed of modern GPUs. You need a password
hash that also requires a lot of RAM to compute to limit parallelism, like
argon2 or scrypt.

~~~
dogma1138
It’s 2020 use OpenID Connect or any other “federated/delegated authentication”
or anything else you may think off that doesn’t forces you to store passwords.

------
frenxi
Hey Folks, author here!

The post is just supposed to be a plain-text explanation of WordPress hashes,
and the script is an explanatory POC.

As I mentioned, of course, there are more solid solutions out there but that's
not the point.

Regarding the title, it was not supposed to be a clickbait. I just changed it
to a more appropriate one :)

Hope you can take something good out of it.

Cheers, everybody!

------
frequentnapper
>2020/05/30 12:44:15 Executed in 0.000221

oh wow, i guess that would've taken years to execute had i written it in c#.

------
tambourine_man
Why does WordPress use md5? I understand that salting improves things quite a
bit, but still.

Doesn’t password_hash() use bcrypt by default? Why not use it?

~~~
bretthopper
[https://github.com/roots/wp-password-bcrypt#the-
problem](https://github.com/roots/wp-password-bcrypt#the-problem)

~~~
tambourine_man
Nice, I’m glad such plug-in exists. My question is why hasn’t WP core adopted
bcrypt yet. MD5 has been insecure for ages.

------
klysm
Cracking isn’t usually something that takes a lot of code, just a lot of time

------
FreekNortier
Why not Rust?

------
SmallPeePeeMan
Realize that the attacker must first possess the user/password database for
this to work. This is because the author takes the salt from that information.
Without the salt, it will take much longer to brute force... even though it’s
md5 hashed.

~~~
weewee2018
How is he getting the salt from the database?

~~~
shoo
this corresponds to sad scenario where the database itself is leaked and the
attacker has access to it. the blog describes how the salt is stored as prefix
to each hash.

