How Do You Know If A Web Site Is Secure?

[Shamus Young]

How Do You Know If A Web Site Is Secure?

With all the hacking of web sites going on, just how safe is your information. Shamus offers some tips how how to determine just how secure a web site might be with your information.

Read Full Article

 

[MichaelGC]

I registered with the Escapist to see how it did! - it seems to have pretty much passed the test. Didn't blink at the 35-character password. Email verification for password reset. Etc. etc. However, it did generate a (one-time?) URL which included my username (although just the username - it didn't show my email address or anything) which may not be absolute best-of-show security practice.

 

[P-89 Scorpion]

Don't encourage sites to be even more of a pain just to be able to post on a damn forum!

 

[Lightknight]

Great article as usual, Shamus. An interesting point on password length over gibberish is breaking the 14 character password mark.

The difference in "crackability" of a 14 character password and a 15 character password is in years of processing time and that's only if they don't use the traditional algorithms and brute force measures.

This is because passwords that are 14 characters or smaller are all stored in a hash and broken up into two 7-character parts (easy to crack a 7 character password) but if it's 15 characters or larger then windows does not store the LanMan hash correctly so both segments will be incorrect or null passwords to any decryption utilities trying to crack the LM. That basically ruins brute force attacks.

You do want to have at least a little curve ball in the 15 characters, but just a little dab will do it.


http://www.symantec.com/connect/articles/ten-windows-password-myths (myth #3 is the one quoted below)

Interesting side fact, a network admin could always set the environment to not store LM passwords at all, effectively side stepping the problem altogether. I would not be surprised if this eventually becomes the default as backwards compatibility becomes less of a concern with software being older than a decade.

"With LM, password hashes were split into two separate 7-character hashes. This actually made passwords more vulnerable because a brute-force attack could be performed on each half of the password at the same time. So passwords that were 9 characters long were broken into one 7-character hash and one 2-character hash. Obviously, cracking a 2-character hash did not take long, and the 7-character portion could usually be cracked within hours. Often, the smaller portion could actually be used to assist in the cracking of the longer portion. Because of this, many security professionals determined that optimal password lengths were 7 or 14 characters, corresponding to the two 7-character hashes.

NTLM improved the situation some by using all 14 characters to store the password hash. While this did make things better, NT dialog boxes still limited passwords to a maximum of 14 characters; thus the determination that passwords of exactly 14 characters are the optimal length for the best security.

But things are different with newer versions of Windows. Windows 2000 and XP passwords can now be up to 127 characters in length and so 14 characters is no longer a limit. Furthermore, one little known fact discovered by Urity of SecurityFriday.com is that if a password is fifteen characters or longer, Windows does not even store the LanMan hash correctly. This actually protects you from brute-force attacks against the weak algorithm used in those hashes. If your password is 15 characters or longer, Windows stores the constant AAD3B435B51404EEAAD3B435B51404EE as your LM hash, which is equivalent to a null password. And since your password is obviously not null, attempts to crack that hash will fail."

 

[Subbies]

But aren't passwords written in real words like your second example easily crackable by using rainbow tables? Between a 15 character gibberish password and a 15 character password written with existing words, it's still safer to use the gibberish one.

 

[JustAnotherAardvark]

But aren't passwords written in real words like your second example easily crackable by using rainbow tables? Between a 15 character gibberish password and a 15 character password written with existing words, it's still safer to use the gibberish one.

I think his thrust is (and I could be wrong), a longer password consisting of semi-random words is something you can get users to generate more often than a gibberish password, so a single failure doesn't expose all of their accounts.

We're past the point that it's easier for machines to crack a password than it is for a user to remember it ... and so users re-use passwords across time and space, when they could be isolating their p-words in some fashion.

You're right, a purely random string of gibberish is always going to be stronger than words.

 

[Subbies]

But aren't passwords written in real words like your second example easily crackable by using rainbow tables? Between a 15 character gibberish password and a 15 character password written with existing words, it's still safer to use the gibberish one.

I think his thrust is (and I could be wrong), a longer password consisting of semi-random words is something you can get users to generate more often than a gibberish password, so a single failure doesn't expose all of their accounts.

We're past the point that it's easier for machines to crack a password than it is for a user to remember it ... and so users re-use passwords across time and space, when they could be isolating their p-words in some fashion.

You're right, a purely random string of gibberish is always going to be stronger than semi or non-random words.

This is true in the case of entropy of the password. However more recent ways of attacking passwords (such as the aforementioned rainbow tables) are helped by the fact that the user is using real words in his password. This would make gibberish passwords more powerful than real word one. However I'm unsure of how long a password would have to be to actualy benefit from being gibberish rather than existing words.

 

[Subbies]

In any case the best solution is to use a password manager that would generates random passwords of very high entropy rather than creating your own.

 

[Zombie_Fish]

snip

LM hash has been turned off by default since Vista's release. There may be some legacy systems that still use it, but for most services the difference between 14 and 15 characters is no longer as significant.

Also, not that all of the advice in that link is no longer relevant, but it was last updated in 2002. Password security has certainly gotten more issues since then.

 

[Ken Sapp]

snip

LM hash has been turned off by default since Vista's release. There may be some legacy systems that still use it, but for most services the difference between 14 and 15 characters is no longer as significant.

Also, not that all of the advice in that link is no longer relevant, but it was last updated in 2002. Password security has certainly gotten more issues since then.

Saved me some Google Fu. As a CompTIA A+/Net+ and Microsoft Certified IT professional I read that comment and was actually scratching my head trying to remember when LM was last actually in use. I almost want to say it hasn't been seriously been used since the Win 9x days.

On to the reason I came to the thread, on the point of security questions (mandatory or otherwise) one of the best tips I have ever found was to provide answers which could not be researched on facebook since most of the companies using them don't seem to "get" how weak those questions make their security measures when answered honestly. So when they ask your mother's maiden name you say something like purple instead of Smith, and so on....

 

[Zombie_Fish]

Saved me some Google Fu. As a CompTIA A+/Net+ and Microsoft Certified IT professional I read that comment and was actually scratching my head trying to remember when LM was last actually in use. I almost want to say it hasn't been seriously been used since the Win 9x days.

95/98 definitely had alternative storage methods available, as (potentially) did NT. This is a combination of what I can remember from my Systems Security course last semester and Wikipedia's article on the LM hash.

On to the reason I came to the thread, on the point of security questions (mandatory or otherwise) one of the best tips I have ever found was to provide answers which could not be researched on facebook since most of the companies using them don't seem to "get" how weak those questions make their security measures when answered honestly. So when they ask your mother's maiden name you say something like purple instead of Smith, and so on....

One of my favourite news stories ever was when Sarah Palin's email address was hacked, because all of the security answers were on Wikipedia.

 

[weirdee]

A note: consider security questions to be additional passwords. Do not use them like normal people (with actual answers), salt the earth and put ridiculous shit in them that only you would consider to be the answer to such a question, or if this is a security question recovery that doesn't involve embarrassing yourself by talking to somebody on the phone, even things that cannot be pronounced by human tongues. Just make sure you have some reasonably secure way of remembering them.

 

[ForumSafari]

The problem is that these factors don't actually determine how secure a website is, they determine how secure the website thinks it is. The most important vulnerability in account driven websites is how the data at rest is stored and secured. Admittedly this isn't stuff you can/should test yourself but it's far more important than how secure your password is.

For example; your password being fully CORRECT HORSE BATTERY STAPLE'd up is of absolutely no use to you if they don't properly encrypt the passwords at rest since an attacker that gets hold of the database can just read them out. In addition if the hashing algorithm is found or derived then it's child's play to reverse the hashing, strip the salt and get the password that way.

That's before we even get into badly validated input or cross-site trickery. None of that encryption means jack if an attacker can overwrite the email field for a record, request a reset and just reset it themselves.

 

[Kahani]

But aren't passwords written in real words like your second example easily crackable by using rainbow tables?

No. To start with, salting eliminates any possible use of rainbow tables (see here [http://en.wikipedia.org/wiki/Rainbow_table#Defense_against_rainbow_tables]). Rainbow tables also only work well for relatively short passwords, or those of known length. It's not feasible to produce tables covering passwords of unknown arbitrary length.

Between a 15 character gibberish password and a 15 character password written with existing words, it's still safer to use the gibberish one.

Why use a 15 character password? The entire reason for having short passwords is that long strings of gibberish are essentially impossible for people to remember (or that websites don't allocate enough space to password storage, but there's really no excuse for that these days). But we're really good at remembering long strings of meaningful words; just think how many songs you can remember the words to, for example. A 15 word password can be easy to remember, while being just as difficult to break by a dictionary attack as a 15 character one is by a normal brute force attack, and of course far more resistant to said brute force attack.

That said, even a 15 character password made from existing words is not necessarily any less secure. The important thing about all shortcuts to password breaking is that they rely on assumptions about what form a password will take. If an attacker doesn't expect to see passwords made up of combinations of random words, they're not going to bother with an attack that would be better at breaking that kind of password but that doesn't help at all for more common passwords. Given what the most common passwords [http://www.theregister.co.uk/2014/01/20/password_no_longer_the_worst_password_still_a_terrible_password/] actually are, no attacker is going to worry about elaborate methods of breaking long passwords when they can get at the majority by just typing "password" and "123456" by hand.

A good password is ultimately one about which an attacker has no prior knowledge on which to base their attacks. If they know your password is 8 characters long and contains at least one upper case letter and one number, they can tailor their attack to that specific type of password. But if all they know is that your password is somewhere between 1 and 127 characters, where exactly do they start? Passwords of 15 characters made up of words is only a tiny portion of all the possibilities. The attacker also needs to check if it's actually 14 characters, or 16, or 120, and they need to check if it's made of real words, contains various substitutions, is made up of gibberish, is just "password" repeated over and over again, and so on. A 15 character password made up of words is only less secure than one made up of random gibberish if an attacker can reliably know which of the two they are dealing with.

In any case the best solution is to use a password manager that would generates random passwords of very high entropy rather than creating your own.

Not necessarily. A high entropy password of random gibberish generated by a password manager is no better than a high entropy one generated by a person stringing words together. Password managers are a great solution to the problem of needing to remember multiple passwords, but the method by which you generate the passwords for it to store is entirely irrelevant.


Of course, there's also a good argument to be made that password strength is irrelevant [http://www.theregister.co.uk/2014/09/04/scared_of_password_brute_force_microsoft_says_just_give_up/]. Good security practice on the part of a website makes actual password choice a factor in only a tiny proportion of attacks. Depending on the level of security and how an attack plays out, the actual password can be either easily available in plaintext or impossible to break at all; it's only rare attacks where the strength of a password actually becomes factor. From that article:

"Demanding passwords that will withstand offline attack is a defense-in-depth approach necessary only when a site has failed both to protect the password file, and to detect the leak and respond suitably"

In other words, strong passwords are only necessary if the sites you're using them on are incompetent.

 

[Lightknight]

snip

LM hash has been turned off by default since Vista's release. There may be some legacy systems that still use it, but for most services the difference between 14 and 15 characters is no longer as significant.

Hmm, I admit that the person who taught me network security has been around in the industry for several decades so his information could be old but his information has been golden for me in most areas. He seemed to think the difference was years of decryption time. Is it possible that the additional values start to reach a critical mass at that point where the permutations hit exponential highs there?

On the other hand, I do clearly remember the professor drawing two squares on the whiteboard for the two hash values so I'm not exactly hopeful that he was up to date now. Do you happen to have a link to this claim? I would appreciate being able to read it.

Also, not that all of the advice in that link is no longer relevant, but it was last updated in 2002. Password security has certainly gotten more issues since then.

It was last updated on November 3rd 2010.

 

[Zombie_Fish]

Hmm, I admit that the person who taught me network security has been around in the industry for several decades so his information could be old but his information has been golden for me in most areas. He seemed to think the difference was years of decryption time. Is it possible that the additional values start to reach a critical mass at that point where the permutations hit exponential highs there?

On the other hand, I do clearly remember the professor drawing two squares on the whiteboard for the two hash values so I'm not exactly hopeful that he was up to date now. Do you happen to have a link to this claim? I would appreciate being able to read it.

The point about it being disabled is just on Wikipedia: https://en.wikipedia.org/wiki/LM_hash

The claim about the difference being no longer as significant is based on the fact that the hash function now used is based on MD4. Current attacks on MD4 are not dependent on the length of the password, and the best pre-image attack runs in 2[sup]102[/sup] operations.[footnote]http://www.di.ens.fr/~leurent/files/MD4_FSE08.pdf[/footnote]

It is worth noting however that the fact that it uses MD4 is not a good thing. The hash function was rendered obsolete four years ago.[footnote]https://tools.ietf.org/html/rfc6150[/footnote]

It was last updated on November 3rd 2010.

Yeah, I'm not sure about that. The post itself says that it was last updated on 7th March 2002.

EDIT: And even then, 4-5 years is a long time in the security world. In that time Heartbleed was both introduced into OpenSSL and patched after the amount of furore it caused following its discovery. One of my favourite video creators did a video on password storage, where he preceded it with 'By the time you watch this video the advice will have changed.'[footnote]https://www.youtube.com/watch?v=8ZtInClXe1Q[/footnote]

 

[devotedsniper]

Speaking as a web developer/forensic graduate a longer password does not necessarily mean a more secure password in any way. Symbols will improve a passwords strength massively, especially things such as a pound sign as a lot cracking software won't even consider to try it. Variety is key which is why a lot of sites force 1 Upper, 1 Lower and 1 number as minimum now a days.

Also no one with database access should ever be able to retrieve a users password that's what password reset tools are for, any sort of login information or password should always be encrypted with one way encryption (Salted).

As for forgotten password tools, an email with a link which goes to a reset page is far better than a secret question especially if the link is set to only be valid for 30mins or so.

 

[medv4380]

If a site limits you to 8 or 12 characters, then it might mean they're not doing this.

Wouldn't matter if they used hashes or not at that point. Chances are all 8 to 12 viable character passwords are already in rainbow tables. It's a simple reverse lookup at that point.

Sad to see a list of things that should flag a site as unsecure, but not any of the few things that flag it as secure.

First assume all sites are already compromised by your worst enemy. If you hate North Korea assume they already have your password, and a list of the sites it goes to. Keep intel on sites that only use a password down to a minimum.

Second, any site that doesn't use two factor authentication is already rooted, and just pooring your information to organized crime.

Third, have your backup two factor authentication passwords locked in a vault and ready to use. The moment your phone goes missing be prepared to buy a new phone, remote wipe the old one, and link a new two factor key to your accounts that allow it.

Finally, let all the other suckers keep their poor security measures. As long as their is a target rich environment of easy prey you're safer, but not safe. Wolves cull the weakest first, and Penguins push the weakest into the sea lion infested waters to see if there is any danger.

 

[veloper]

I don't mind mandatory use of some numbers and shift characters, but in combination with a limit on passlength that's a pain in the ass and you're forced to type gibberish to get anything resembling a decent password.

Worse still is I encounter sites that are not case sensitive even today! With tight limits on length (like 16 fe) and with minimum and maximum character counts.

 

[K-lusive]

Internet security vs hacking is a constant arms-race.

As soon as a website is reachable through the internet it becomes a target, a risk. You never know whether you're safe, or some hacker's been riddling your site with secret backdoors for months.

As soon as it's on the internet, I consider it open and public regardless of all the privacy options I've set, regardless of a million capitals, digits and punctuation in my password, regardless of how many certificates the site uses.
All it takes is one human error somewhere and everything is at risk (The heartbleed bug, anyone?)

Ofcourse I do use online banking and dropbox and all that stuff. I just don't expect it to be private or secure.