====== 2010.08.25 - security and web applications ======

{{ :blog:2010:08:passwords_underware.jpg?200|passwords are like underware (taken from http://niebezpiecznik.pl/post/hasla-sa-jak-majtki/?similarpostY2862)}}
few days ago i found out that [[http://filmweb.pl|filmweb]], well-known Polish web site about the movies, [[http://niebezpiecznik.pl/post/filmweb-pl-hacked-wcieklo-700-tys-hasel-uzytkownikow/|has been hacked]] and about 700 thousands users' credentials have been stolen. about year ago other, well-known Polish site (namely [[http://wykop.pl|wykop.pl]]) got similar problem. it's described in more details along with good-practices set on [[http://blog.konieczny.be/2009/09/05/hasla-uzytkownikow-wykop-pl-wyciekly/|Piotr Konieczny's blog]]. what does connect both of them? well - interesting thing is that they both shown shame low security level: [[http://wykop.pl|wykop.pl]] had test infrastructure that could be easily accessed from anywhere, as long as you knew where it was (which turned out to be quite simple to find out), [[http://filmweb.pl|filmweb.pl]] on the other hand uses [[wp>MD5]] for passwords... without any [[wp>Salt_(cryptography)|salt]]! this makes them extremely vulnerable to [[wp>rainbow table]] attacks, and since you have so many of them -- it gets even simpler!

another interesting issue is MD5 itself. since it has high rate of collisions, only ~half of output set is ever used it is common, but weak algorithm to use nowadays. if you still use MD5 you should shift to SHA* ASAP! see the [[http://ipsec.pl/kryptografia/2009/aktualny-poziom-bezpieczenstwa-kryptograficznych-funkcji-skrotu.html|complexity comparison of SHA* algorithms]] for details (for non-Polish readers: see the table -- "kolizja" means "collision"). it shows that SHA1 is now below the bare minimum in commonly accepted cryptographical "security" definition (which is, according to the article, 80-bits).

there is one exception, however -- MD5 is very fast, thus it can be used for very short-term data signing, like sessions. it is in fact [[http://ipsec.pl/kryptografia/2009/ocena-rc4-md5-w-ssl-podczas-test-w-penetracyjnych.html|one of the options for SSL/TLS encryption]] and it is still secure, since it's temporary keys usage in [[wp>HMAC]] mode.