The Facebook discussion about my previous blog post went off-topic and resulted in an interesting challenge. One of the commenters (Stilgar) was not convinced that passwords hashed with MD5 (or SHA) are so easy to crack if there is salt. So he posted a challenge:
“I’ll post the hash of a “password” which is going to be a dictionary word with or without mixed case letters and up to 3 digits. There will be salt – 8 random symbols before the password. Whoever posts the right password first gets 100 euro (via PayPal). I accept that I may be wrong, but I would risk 100 euro. In the real world, most sites would sell out a user for 100 euro. If I lose, I’ll admit I’m not right [..]
Code to generate it: https://dotnetfiddle.net/st0RfL
Bonus for 50 EUR more (another password, same salt)
We must note that the salt is really small, which distorts the experiment a bit, but anyway, here’s what happened:
The original challenge was posted at 00:20
At 5:20 Rumen posted:
The password is: DeveloP9
my code: http://pastebin.com/enzgq1iz
So, here’s my PayPal: ….
At 6:15 Petar posted:
And the times reported for cracking the challenge on a desktop computer was 1-3 minutes.
So, Stilgar lost 150 euro (around 180 USD). But hopefully that’s a valuable story – that using the output of hashing algorithms for storing passwords is wrong. Because if anyone gets hold of the hash, he has the password. And that may be worth way more than 150 euro, especially due to the tendency of users to reuse passwords. If your sites stores password incorrectly, an attack may get the accounts of the same users on many other sites.
For precisely that reason last year I wrote this simple project to verify your site’s password storage mechanism and emphasized on the fact that bcrypt is the bare minimum for your website security.