Fast Hashes Kill Cryptographic Security
Fash Hashing algorithms such as MD5, SHA or SHA1 are not meant for security – to protect critical information, especially passwords, hashing algorithms must be intentionally slowed down to counter brute-force attacks. Troy Hunt, a Microsoft MVP, demonstrates how the password hashes provided by SqlMembershipProvider are vulnerable to brute-force attacks.
SqlMembershipProvider is the default membership provider that comes with the ASP.NET web application template in VS 2010. In his article Our password hashing has no clothes, Troy demonstrates how the salted SHA1 hash based password security used in the SqlMembershipProvider can be cracked by using a GPU, a dictionary called hashkiller and a brute force algorithm. In a sample size of 40,000, real life passwords (taken from an earlier breach), the algorithm cracked 24,710, or 67% of the passwords, in 45 minutes. And these include passwords that would pass as being strong -
How about “volleyball6” – 11 chars of two different types. Further up the list was “zaq1@WSX” – 8 chars of upper, lower numeric and symbol, surely enough to pass most security policies yet even when stored as a “secure” salted hash, utterly useless.
The problem is the speed with which new hashes can be created once you have a dictionary of potential passwords, with hardware getting faster and faster.
So what’s the solution? Key stretching, by iterating the hashing several times can offer a way to slow down hashing algorithms enough to make brute-force attack more difficult. Bcrypt and PBKDF2 are two such algorithms - these are called adaptive algorithms since they can be made slower over time (as hardware gets faster) by increasing the number of iterations. Bcrypt.NET implements the former and the DefaultMembershipProvider implements the latter. DefaultMembershipProvider uses 1000 iterations of SHA1 and is the default provider that is present in the ASP.NET MVC 4 template in VS 2012. Troy’s article Stronger password hashing in .NET.. explains how to use some of these alternatives, and also how to migrate your application to stronger hashes without breaking your authentication.
Uwe Zdun, Rafael Capilla, Huy Tran, Olaf Zimmermann Mar 09, 2014