2010.08.25 - security and web applications

few days ago i found out that filmweb, well-known Polish web site about the movies, has been hacked and about 700 thousands users' credentials have been stolen. about year ago other, well-known Polish site (namely wykop.pl) got similar problem. it's described in more details along with good-practices set on Piotr Konieczny's blog. what does connect both of them? well - interesting thing is that they both shown shame low security level: wykop.pl had test infrastructure that could be easily accessed from anywhere, as long as you knew where it was (which turned out to be quite simple to find out), filmweb.pl on the other hand uses MD5 for passwords… without any salt! this makes them extremely vulnerable to rainbow table attacks, and since you have so many of them – it gets even simpler!

another interesting issue is MD5 itself. since it has high rate of collisions, only ~half of output set is ever used it is common, but weak algorithm to use nowadays. if you still use MD5 you should shift to SHA* ASAP! see the complexity comparison of SHA* algorithms for details (for non-Polish readers: see the table – “kolizja” means “collision”). it shows that SHA1 is now below the bare minimum in commonly accepted cryptographical “security” definition (which is, according to the article, 80-bits).

there is one exception, however – MD5 is very fast, thus it can be used for very short-term data signing, like sessions. it is in fact one of the options for SSL/TLS encryption and it is still secure, since it's temporary keys usage in HMAC mode.