
Can  you trust Paul Graham with your password? - MaysonL
http://www.jgc.org/blog/2009/05/can-you-trust-paul-graham-with-your.html
======
anigbrowl
Well I have my 'who cares' password, my 'like this site' password and my
'involves money' password(s). Strangely, my HN password isn't the same one I
use for my bank account.

~~~
joecode
Exactly my strategy, too. Anyone else do this?

~~~
swombat
No. I simply have a different password for every site. I use a tool called
1passwd to generate and remember all those passwords for me.

That tool backs up its (encrypted) password db to my Dropbox folder. It also
backs up to an iPhone app. So I think the chances of losing all my passwords
are pretty slim. And, now, I don't care whether one site loses my password,
since all my passwords are unique.

~~~
ashot
what's your Dropbox password?

~~~
swombat
That's stored in my iPhone backup.

Also, my dropbox is set up on my mac mini too.

In order to lose my passwords, I need to lose, at the same time:

1) my mac mini

2) my macbook pro

3) my iphone

Even then I would be able to recover things somehow, because my email goes
through a third-party gateway, and I know the guy who runs it, so if I really
do lose everything, I can contact him and ask him to reset my password on that
gateway, and then log in to my email via that gateway.

I think the chances of losing my passwords are fairly slim.

------
commiebob
Seriously, enough with these threads already. The passwords aren't encrypted,
he cries about it, they are encrypted, he cries about it. It's a news site,
we're not controlling access to nuclear weapons here.

~~~
sid
I think the main concern is not that someone can use your account here at HN
but the fact that they can get the password file and use your password to
access your personal emails and whatever else (assuming that your using the
same password, which some people do)

~~~
enneff
"assuming that your using the same password, which some people do"

This is the key. You're an idiot if your Hacker News password is the same as
that of your email.

~~~
sid
Agreed, thats why mines different :)

------
jrockway
This is what's nice about using languages with libraries. If I want to do an
unsalted SHA-1, like news.yc, I would write:

    
    
        use Authen::Passphrase;
        my $pw = Authen::Passphrase::SaltedDigest->new(
            algorithm  => "SHA-1", 
            passphrase => "passphrase",
        );
    

If I instead wanted to be secure, and use bcrypt (which I always do, even for
the most trivial sites), I would just write:

    
    
        my $pw = Authen::Passphrase::BlowfishCrypt->new(
            cost        => 8, 
            salt_random => 1,
            passphrase  => "passphrase",
        );
    

Notice how I get better security without any extra effort? That is the joy of
not being the only user of your programming language, and that's how you
ensure that people do the Right Thing with your data -- make it easy for them.

(I'll also mention that it gets better; with Moose type coercions, I can
basically treat the password as cleartext -- the type coercion converts a Str
into a Passphrase. To set it, I supply the cleartext password as an initarg
when instantiating a user; when changing it, the writer accessor handles the
coerciion; when checking it, I delegate to the passphrase's check_passphrase
method. A great API with great security, involving almost no effort on my
part. <3.)

~~~
dchest
Don't you think _(system (+ "openssl dgst -sha1 <" fname))_ can be as easy
replaced with _(system (+ "bcrypt whatever_parameters <" fname))_?

Notice how I get better security without any extra effort? That is the joy of
using an operating system.

~~~
dchest
Apologies for the wording of my comment. What I mean is that you don't have to
worry about libraries for languages a lot if you can use the power of your OS
ecosystem (especially, *nix one) in your application (considering performance
and other limitations).

~~~
jrockway
If it was just as easy, why wasn't it done?

------
sanswork
I'm predicting a long line of "Can you trust X with your password" link bait
posts.

As was mentioned last time if someone is downloading your passwords you have
bigger problems to worry about than the way you store your passwords.

~~~
jfarmer
I think this was meant as a poke at the previous article, not a serious
critique of HN's security.

~~~
jgrahamc
It was meant as a way of pointing out how you should do password security. I
picked on pg just to enrage people on this site. Password security isn't hard
but even the gods get it wrong sometimes.

Pity no one has pointed out that HN logins are not encrypted.

------
jonno99
You should not _trust_ anyone with your password.

~~~
param
I think you mean "You should not trust _anyone_ with your password".

~~~
tjogin
Maybe he meant "You should not trust anyone _with_ your password."

~~~
KWD
Shortened version is simply "Trust No One".

~~~
TweedHeads
Thrust!

[Welcome to reddit puns]

------
jodrellblank
The flavour of the 37Signals comments was very harshly against 37S, these are
mildly to strongly in favour of HN.

Yet, here we have a recent, real example of a moderator account on a popular
site cracked because a different site wasn't salting:

<http://news.ycombinator.com/item?id=595655>

------
burke
If you honestly understand how the internet works, _and_ are concerned about
password security, how can you NOT be using a different password on every
site? (or at least a throwaway password for accounts you don't care about)

EDIT: I guess the biggest reason would be that you likely haven't discovered
the awesomeness that is 1Password yet.
<http://agilewebsolutions.com/products/1Password> . There are probably free
alternatives. (EDIT Again: Mac only. There are Windows alternatives too :) )

~~~
tlrobinson
I bought 1Password as part of one of those Mac software bundles, but still
haven't figured out how it's any better than Safari + Keychain's built in
password manager. Can someone please explain it to me?

~~~
mdemare
It generates secure passwords. It syncs passwords for all browsers. It creates
backups. Autofill for credit-card data. Multiple logins per site.

~~~
tlrobinson
Actually, Safari + Keychain does most of that:

1\. The password generator is a little difficult to get at, but can be
accessed in the Keychain Access application.

2\. I don't think it works across multiple browsers. This seems to be the main
advantage of 1Passwd.

3\. Syncs with MobileMe, or you can just backup your keychains.

4\. Safari can autofill nearly any form.

5\. Multiple logins are stored. If you start typing the first few letters of
the username it will autofill the correct data.

------
falsestprophet
Security on Hacker News is good enough. But, it would be kind of nice to have
salted hashes and an absurdly expensive hashing algorithm. We are meant to be
hackers after all.

A standard, or even a rationally conservative, approach seems more fit for
Innocuous News.

~~~
TheAmazingIdiot
Oh come on now. We're hackers. That means some SHA1 with a little bit of salt
does nothing for "Real Security".

"Real Security" would require personal acquaintance with an operator or
someone they have trusted. To go down that trust chain, they would sign your
GPG key. After that, posting by signing would be only done. And as per due
course, you would be expected to have a HN_only GPG key for 'security
reasons'.

But security for securitys sake is just wasting resources when it's just a
news site, unless you're a crypto-fiend.

~~~
eru
I'd prefer Off-The-Record encryption over GPG. I want plausible deniability.

------
Manfred
Hashing passwords doesn't add any real security when the server is
compromised, the attacker can just take the entire database.

For a news site accounts are used for identification and not for protection of
goods or information so it doesn't matter that much anyway. If the admin of
the site finds out that the system is compromised, it's pretty easy to just
reset all passwords.

------
illumen
Let's see how long it takes the hacker news team to fix!

(Or even some lisp hackers to beat pg with their own patch!)

Three main issues: 1) improper use of hashing. No salt used. 2) sha1 is not
the best hash to be using. 3) passwords are not encrypted in the browser. So
are sent clear text.

Fixes for issues one and two, are covered in the article...

For issue 3), you can do the hash+salt client side (with js) if SSL isn't
feasible.

cu.

~~~
rythie
If you do hash+salt client side, then the final hash is your password
essentially, which will be sent in the clear. Anyone sniff the already hashed
password to login to your HN account without knowing your actual password.

What you didn't say but might have implied is: If you have the server
challenge the client with a different salt each time it would fix the problem.

Of course SSL also tells you the you are talking to the real server, challenge
response doesn't really help that, nor does it stop some stealing your session
id and posting as you.

------
oomkiller
Salts are near worthless since someone who has access to a web app or the
source will probably be able to read the salt. The bcrypt recommendation is
somewhat good though, but you can never be perfect. Currently in my web apps
we use sha1, but we run it through about 10 times, so it slows an attacker
down a bit.

~~~
jpf
Being able to read the salt doesn't make it worthless, because salts are meant
to complicate dictionary attacks.

------
umbrae
So what's the best way to migrate a site that's using sha1 without salts to
one that does use salts?

I expect it involves checking users' passwords two different ways (with salt,
without) for the foreseeable future.

------
dfield
As long as HackerNews hashes my password with a semi-modern algorithm, I'm
fine. Storing in plaintext / something that can be decrypted is not cool, but
sha1 is alright by me.

~~~
silentOpen
But an unsalted hash is only better than plaintext if the attacker doesn't
know enough/care enough to use a rainbow table. At that point, why do you care
if it was hashed or not?

~~~
greendestiny
But that isn't nothing. For instance in the case of the reddit lost laptop
incident, the information isn't immediately available to anyone who knows how
to read a database dump. It has to decrypted which isn't a widely available
skill and isn't instanteous even though its tractable.

~~~
tlrobinson
Rainbow tables require script-kiddie levels of expertise.

i.e. basically none.

~~~
greendestiny
That's still a smaller subset than the skills required to steal a laptop.
Apparently thats controversial though, judging by the downvotes. I'm not
suggesting this is how security should be designed, just pointing out that its
not totally useless.

------
rythie
I'm thinking that a salt could be retro fitted by changing the check from:
sha1($password); to sha1(sha1($password) . $salt);

and you could update the database for that easily.

~~~
umbrae
Isn't there some evidence that hashing a hash is cryptographically weaker?

~~~
rythie
Yes it is probably slightly weaker. It would be weaker if there are collisions
in the 1-16 character password space for sha1 (assuming a 16 character limit
on the password).

My point was that if you already have a lot hashed passwords then you need a
way to transition to salted ones and this was a method to do that.

------
jseifer
I'm relatively confident that the potential uncovering of some news site
password doesn't matter for this demographic. This is hacker news, after all
:)

------
AndrewHampton
This article also completely ignores the fact that you can use OpenID to log
into HN which bypasses this issue altogether.

------
alexk
Ok, now go visit all open source web apps and post here, you can even write a
script for that.

------
quellhorst
My password is a hash created by 1Password. Plus this is a low value account.

------
ajkirwin
I gotta admit, that does seem a bit lacking.

I salt MY hashes.

~~~
falsestprophet
Django salts my hashes. It is one of the many virtues of working with a mature
framework.

~~~
e4m
Still allows for brute-force. Distributed.net is bruting (I know that is not a
word) approximately 150 billion a second. No one knows what Uncle Sam and
other Nation States can do in this regard. So, salt is good, but you still
need _big_ passwords (min 72 bits) to keep the big boys out. 6.5 bit-entropy
per ASCII char... that means you need _at least_ 11 chars in your password,
OK?

~~~
ajkirwin
I usually use a minimum of 16 for anything that isn't throwaway.

------
TheAmazingIdiot
Simple answer: No.

Complex Answer: It depends. If it's compromised, what do I lose? If the answer
is an email account, then it's an 'Aww shucks'. That's why I have backups of
my address books.

However, if it's "Bank Account Numbers", it's a bit more critical. I do shield
myself from that eventuality by using 'more public accounts' with limited
funds. PayPal has its own bank, and a whole 5$ more than my balance needs for
them. I simply and deliver the money I want them to have.

And sometimes, I could care less if somebody "hacked my account". I'm thinking
about news sites and other sites that demand logins to read or post or
download files (phpbb).

~~~
whatusername
Primary email account is a loss though...

Think password resets for pretty much every other account of yours. Whether
that is HN, Your Registrar, amazon or your bank. I never used to care about my
web based email account - but now it's a big deal.

