Monday, June 20, 2011

Your account has been compromised. Will you finally stop reusing the passwords ?

Logging into gmail in the morning, I've got a prompt to change my password, which mentioned suspicious activity with my account. When logging in, I saw the possible reason why.

The MtGox bitcoin "exchange", where I created account to see what it is all look like, has been hacked, and the database has been leaked. Bummer. I even found my email and the user id on pastebin.com, alongside with the hash of my password. This can't be good, can it ?

Well, except since some while I started to be more pedantic about having separate passwords for different sites, no exceptions. My online passwords are 40-characters random hex strings, different for each site. This meant a sigh of relief - the data that the miscreants obtained is of minimal impact to other sites that I use.

So, the unique passwords saved my bacon today. If you reuse your passwords on more than one site, you should think a second time what would happen with your accounts in the occurence like this. If you are a windows user, you could get the Password Safe program by Bruce Schneier - it's open source and free. In this day and age, you should avoid reusing the passwords, period.

I would also use this chance to describe how my "separate password" strategy looks like.

There are two components of it:


  1. A program called "sha1sum" - which exists on most of the *nix versions, and essentially just calculates a cryptographic one-time hash function.


  2. A text file with the editor which stores the material for my passwords, in plain text.Each line of the text file contains two strings: the site name and a random string. I choose the random string to be sufficiently long to be difficult to guess / brute force (some 30 characters or so).


When I need to get the password for a website, I open up the file and find the line that is corresponding to that website.

Then I start up the "sha1sum" program, it starts to await for my input. I copypaste the site name and a memorable "master password" - that I do not write down anywhere. This is the thing that allows me to not worry extremely much about the safety of the file with the key material (alone it would not give out an easy target. Even though of course I do not put it out in plain view)

After I entered both strings on one line, I press enter and then Ctrl-D - this signals an end of input for the sha1sum program, and it spits out a 40-character hex number at me.

Great, now it is time to launch the sha1sum again - this time I copy-paste the hex number from the previous run, and then the "random text string" from the file.
After that I press Enter and then Ctrl-D - getting another long hex string as a result.

This is my password that I now copy-paste into the web site that I need to login to.
Here's how it looks like:


ayourtch@ayourtch-lnx:~$ grep gmail p-material
gmail 1243pyupqwe,jl23hl23khjkh23khpw'@
ayourtch@ayourtch-lnx:~$ sha1sum
gmail this is my secret phrase
f3c446b01b24022c136bde50d32a1f9d4e9cd7fb -
ayourtch@ayourtch-lnx:~$ sha1sum
f3c446b01b24022c136bde50d32a1f9d4e9cd7fb 1243pyupqwe,jl23hl23khjkh23khpw'@
8e485f361bfe1834d281209121eb5d4a8b52bcb9 -
ayourtch@ayourtch-lnx:~$


The bold string is the password to copy-paste into the login screen. (NB: of course the data in the example above is not real, it's my mockup just to illustrate the principle ;-)

While this scheme is certainly not pixel-perfect cryptography, it gives certain advantages:

  • Even if the service is dumb enough to store the passwords in plain text - the attacker does not gain much when they hack it. They will just get the password to a particular site - but they would not learn much how did you derive this essentially random string.

  • Even if the attacker gets the file where the strings are written down - they do not gain much, as they would need to know the "master password" in order to create correct passwords for any of the web sites.

  • It is simple, light, and independent from the vendor (browser, etc.) - practically anywhere there is a sha1sum - so I only need a (tiny) file with site names/strings to carry around. The smaller the data to secure, the easier it is to secure it.


Of course, this also has a couple of disadvantages:

  • entering the passwords is a bit annoying. You need to do some manual operation.

  • entering the passwords is a bit annoying. This is the iPad version.



However, I value my peaceful sleep much more than the annoyance of the process.

Do you value your sleep ? If you do - stop reusing the passwords before you lose it.

3 comments:

3mmanuel said...

I was lazy enough not to do that. One day, I got the full nine yards hacked: GMail, Hotmail, Facebook, etc... They were all using the same password. The attack came from a Chinese website (thanks GMail, who gave me the IP address).

I've never gotten my Hotmail account back. It sucked anyway, and I live better without it.

Since then, I'm generating random password for each new site. That's extremely annoying when you need them in a rush at Mom's place on on your mobile phone, but that's minimal impact compared to loosing your GMail data.

Because I'm super lazy, I'm personally using GPG for some password, and FireFox Sync for most. Yep, that's not ideal, but that's the best compromise I could find.

Andrew Yourtchenko said...

Ugh, that's a pretty sad story, even if illustrative... Glad you have recovered.

And yes, unique (and long) passwords are a pain.

Les Chatschats said...

I love what Tyco from Penny Arcade uses for his password-generation needs. To quote,

"... I think the endgame here is better security at the places we trust with our data. It’s been an education for me, to be sure: custom passwords everywhere, now, 2-step where available, and when I need a new password I let my daughter go fucking crazy nuts on the keyboard. And then I say who’s my little hash function? Who is it? She knows who."

(@ http://www.penny-arcade.com/2011/6/20/)