Be aware that this is an small amount of work, it is only imagining three digits. And we cracked it quickly! See the password there? We got it.
To mitigate this danger, restrictions tightened in various ways:
There is A brute force try-every-single-letter-and-number assault not looking so hot for us with a high end GPU, even at this point. However, what if we split the amount by eight… by putting eight movie cards in one machine? That’s well within the reach of a small company budget or even a wealthy individual. Regrettably, dividing 38 weeks by 8 is a dramatic decline in the time to attack. Rather, let’s discuss nation state attacks where they have the funds to throw tens of thousands of those GPUs in the problem (1.1 times ), maybe even thousands (2.7 hours), then… yes. You are in trouble at the point, even allowing for 10 character password minimums.
Mon Jul 17 23:26:06 2017 (46 days, 0 hours)? D?d?d?d?d?d?d?d?d?d?d?d 
Tue Jul 31 23:58:30 2018 (1 year, 60 days)
The only protection you can provide your customers is how immune to attack your password hashes that are saved are. There are just two factors that go into password hash potency:
Backup download tokens are emailed to the address of the administrator and only use, to confirm that user has complete control over the address.
The hashing algorithm. Just as slow as possible, and ideally designed to be especially slow on GPUs for reasons that will become painfully obvious about 5 paragraphs from now.
Let us assume for the sake of argument that this is a site that is public and nobody has been posting anything sensitive . Because they were all public posts anyway, so we are not worried, at least now, about trade secrets or other privileged information being disclosed. That, if we were.
Let us hashcat up it and see if it functions:
If we multiply this effort by 8, and twice the amount of time allowed, it’s possible that a very motivated investor, or one using a complex set of wordlists and masks, could eventually regain 39 × 16 = 624 passwords, or about five percent of their overall users. That’s reasonable, but higher than I’d like. We absolutely plan to put in a hash type table in future versions of Discourse, therefore we can switch to a much more secure (read: considerably slower) password hashing strategy within the next year or two.
This is a security researcher that commonly runs these types of audits, therefore each one the attacks used wordlists, along with known effective patterns and masks derived from the researcher’s previous password cracking experience, rather than raw brute force. That regained the next passwords (and one replicate ):
If we want Discourse to be country state attack resistant we’ll need to do. Hashcat has a handy benchmark manner, and here is a sorted list of the strongest (slowest) hashes which Hashcat knows about benchmarked on a rig with 8 Nvidia GTX 1080 GPUs.
However, all of the digit passwords are simple mode, for babies! How about a few actual passwords which use at least lowercase letters, or lowercase + uppercase + Records?
My hashcat results gave me some confidence that we weren’t doing anything wrong with the Discourse hashes. But I wished to become completely sure, so that I hired somebody with a background in security and penetration testing to, under a signed NDA, try breaking up the password hashes of 2 live and very popular Discourse sites we now host.
Using common password masks and lists, I cracked 39 of those 11,997 hashes in roughly 3 weeks, 25 in the ████████ community and 14 from the ████████ community.
Now we know that it works, let’s get down to business. But we’ll start simple. How long does it take to brute force attack the simplest potential Discourse password, 8 numbers — that’s”just” 108 mixes, a bit over one hundred million.
Time.Estimated…: Mon Sep 04 10:06:00 2017 (94 days, 10 hours)
Guess.Mask…: ? 1? 1? 1? 1? 1? 1? 1? 1  (-1 = ?
- All users should have a minimum password length of 10 characters.
- Users cannot use any password matching a blacklist of those 10,000 most commonly used passwords.
- Users can opt to create a username and password or use various third party authentication mechanisms (Google, Facebook, Twitter, etc). If this choice is selected, there is a random 32 character password autogenerated. It’s impossible to know whether any given password is individual autogenerated, or input.
Through the years, we have learned that information and security can be complicated. You bet your sweet ASCII a full database download is exactly what hackers start working toward the moment they gain any kind of foothold in your system. It’s the greatest prize.
You can easily back up and restore your website database from the admin panel, directly on your internet browser. Automated backups are put up from the box for you , too. I am not the world’s foremost expert on copies for nothing, man!
I was supplied two sets of hashes from two Discourse communities, containing 6,088 and 5,909 hashes respectively. The PBKDF2-HMAC-SHA256 algorithm was utilized by both . Employing hashcat, my Nvidia GTX 1080 Ti GPU generated these hashes .
Now the attacker gets your database, they could crack your password hashes with large scale offline strikes , using the full resources of almost any cloud that they could manage. And once they have cracked a specific password hash, they can log in as that user... forever. Or at least until their password changes.
Following this exercise, I have a deeper understanding of our worst case safety scenario, a database undermine together with a professional offline password hashing assault. In creating Discourse secure for everybody, I will also more confidently recommend and stand behind our engineering work. So if, like me, you are not sure you're currently doing things it is time to place those assumptions. Do not wait around for hackers to attack you -- hacker, hack thyself!
Kind iter salt hash
However, we also value portability, the ability to get your information into and from Discourse at will. That is why Discourse, contrary to other forum applications, defaults into a Creative Commons license. As a basic user on any Discourse you can easily export and download of your articles.
Both backup creation and backup download administrator actions are logged.
⚠️ That's why, if you know (or even suspect!) Your database has been exposed is reset everyone's password.
These days, although users have reason to be concerned in their emails not many men and women treat their address as anything particularly precious.
All articles and subject content
We have read so many stories that are sad about communities which destroyed or were fatally compromised due to security exploits. We took this lesson to heart once we founded the Discourse project; we attempt to build open source software that is safe and secure for communities by default, even when there are tens of thousands, or even millions, of these out there.
Common to all discourse communities are password requirements:
Hashcat requires the following input format: one line per hash, with all the hash form, number of iterations, salt and hash (base64 encoded) separated by colons:
In spite of a top of the line GPU that's... OK, I guess. Bear in mind this is only 1 hash we are testing against, which means you'd need one hour per row (consumer ) in the table. And I have more bad news for you: Discourse has not allowed 8 character passwords for quite some time now. When we try longer numerical passwords how much time does it take?
The name of the security game is defense in depth, so these hardening steps help... however we still should assume that Internet Bad Guys will somehow receive a copy of your database. And then what? Well, what is in the database?
The work factor or amount of iterations. Place as large as possible, without opening your self up to a potential denial of service attack.
To begin with, a hello world test to see if items are working. I logged in to our presentation at try.discourse.org and created a new account with the password
0234567890; I checked the database, and this generated the following values from the hash and salt database columns for this new user:
We're gonna use the biggest, baddest single GPU out there at the moment, that the GTX 1080 Ti. Whereas the 1080 Ti achieves 1640 kH/s as a point of view, such as PBKDF2-HMAC-SHA256 1180 kH/s is achieved by the 1080. At a only video card generation the attack hash speed has increased nearly 40 percent. Ponder that.
I've seen guidance that said you need to set the overall work variable. It turns out Sam Saffron, one of my Discourse co-founders, made a fantastic phone back in 2013 when he picked the NIST recommendation of PBKDF2-HMAC-SHA256 and 64k iterations. We measured, and that indeed takes roughly 8ms using our existing Ruby login code on our present (fairly large finish, Skylake 4.0 Ghz) servers.
But that was 4 years ago. How secure are our password hashes from the database today? We are building open source applications for the long haul, and we will need to be sure we're currently making decisions that protect everybody. In the spirit of designing evil, it's time to put on our Darth Helmet and play with the bad guy -- let's crack our personal hashes!
Administrators have a minimum length of 15 characters.
[advertisement] At Stack Overflow, we put developers first. We help you find answers to your tough coding questions; today let us help you locate your next job.
But what should you don't know? In the event you reset everyone's password every 30 days, like the world bigco IT departments? That's downright hostile, and contributes to pathologies of its own. The truth is that you likely won't understand when your database has been exposed, at least until it is too late to do anything about it. So it is crucial to slow the attackers down, to give yourself time to deal with it and react.
What's left is the password hashes. And that is... a significant issue indeed.
Cookies are, obviously, the way the browser can tell who you're. Cookies are stored as hashes, in contrast to the cookie value, so having the hash does not allow you to impersonate the target user. Furthermore web frameworks cycle biscuits, so they are valid for a 10 to 15 minute window that is brief .