There has been a lot in the news recently about websites being 'hacked' and login details being stolen. The most recent high profile case was linkedin where over 6 million passwords were obtained. With these large scale security breaches becoming increasingly common it may be worth spending a few minutes to learn about how websites store passwords and what you can do to protect yourself from having your passwords stolen.
Most websites store login details in a large database located on a database server. Database servers are normally well protected, however as seen recently they cannot be assumed to be completely secure. Once a database is breached the method in which the login data was stored becomes very important, and determines how easy it is for the hackers to gain access to people's passwords.
Probably the best way to explain how websites store passwords is through a series of examples.
Case 1 - Storing the password in plain text
In this first case the password is simply stored in the database in plain text.
I.e if your password is: testpassword then it will be stored in the database as: testpassword.
If a hacker was to gain access to the database they would immediately have access to everyone's user names and passwords. This would not be a major problem, however unfortunately many people use the same user name and password combination for many different websites. A hacker could gain access to a low-profile website which has minimal security, and then use the user names and passwords to try and login to people's email accounts.
This is an extremely insecure method of storing passwords and very very few websites will use this technique.
Case 2 - Storing the password as a hash
What is a hash?
A hash takes any string of characters, of any length, and converts it to a fixed length string. When hashing passwords a special type of hash is used; this is known as a Cryptographic hash. To put it simply with an ideal cryptographic hash it is easy to create a hash from a password, but practically impossible to obtain the password from the hash. Also a very small change in the password will result in a completely different hash.
The are many different hashing algorithms available including MD5, SHA-1 and SHA-2. Some vulnerabilities have been found with MD5 and SHA-1, however at time of writing SHA-2 is still a good option.
How does it work?
If a hacker gains access to the database they now have a big list of user names with the associated hashed passwords. As mentioned previously, it is very difficult to get from a hash back to the plain text password. Unfortunately hackers can easily generate the hashes for nearly every possible password combination and store them in massive lookup tables.
To cover every possible combination these look up tables have to be very large. The number of possible combinations = NUMBER OF CHARACTERS ^ PASSWORD LENGTH. So if you are just using lower case letters and the password is 10 or less characters then there are 26^10 = 1.4*10^14 combinations. If you use capital letters as well that number rises to 52^10 = 1.4*10^17 and using all standard ASCII characters the are 128^10 = 1.18*10^21 possible combinations.
These numbers may seem high but with the power of modern computers these tables can be generated relatively quickly and in many cases are available to download precomputed from the internet.
The hackers then compare the hashes stored in the lookup table with the hashes in the compromised database. If any match the plain text password can be read from the lookup table.
Unfortunately this is the method linkedin were using to store passwords. As a result most of the hashes have already cracked and the plain text passwords revealed.
Case 3 - Using a salt
What is a salt?
A salt is some random data added to a password before it is hashed. The main purpose of a salt is to stop hackers using pre computed lookup tables to crack large databases full of passwords. Salts can be any length, but longer salts help to increase the security.
How does it work?
How does this help protect the password?
If a hacker gains access to the database they will have a list of all the user names, salts and the hash of the combination of the password and salt. The salts are long enough that a hacker can not feasibly generate a lookup table the covers every possible combination of password and salt. If all the passwords use the same salt the hacker can just regenerate the lookup tables so that they include the salt. However if the salts are long and random then using a lookup table is no longer an option for the hacker.
The passwords are still vulnerable to a brute-force attach, however this is very time consuming.
Case 4 - Key stretching
Key stretching is a technique used to slow down a brute force attack. Key stretching basically involves repeatedly hashing the output of the hash of the password and salt. When an attacker is attempting to gain the password through a brute force attack, each password they try will need to be hashed the same number of times as the hashes in the compromised database. If several 1000 iterations were used then it will take roughly 1000 times more CPU time to guess the password through a brute force attack. As computers get faster the number of iterations can be increased.
What can you do to protect yourself?