40

I am curious about password cracking methods like dictionary and brute force attacks. Nowadays passwords are stored as hashes and not plaintext on the server. Then how can the plaintext passwords in the dictionary be compared with the hashes in the leaked database? Since the hashes can be of different types like bcrypt, SHA-512 and so on, how can the cracking tools know how to create the hashes and compare it?

For example, take a look at the dictionary attack below. The leaked passwords are just hashes and the dictionary has simple English words. Then how can they be compared? How does the attacker or the cracking tools know what hash algorithm it should use? Even the salt is there, but how does the attacker know what the salt is?

Brute force attack with dictionary words. Database dump with hashes and salts.

Anders
  • 64,406
  • 24
  • 178
  • 215
andjava
  • 578
  • 1
  • 5
  • 7
  • 13
    Did you try to research this yourself? Salts are not secret and, if you have the hash database, you have the salt. Just append (or prepend) the salt to the dictionary word and hash it, then compare the generated hash with the one in the database. If it matches, you have your word. – forest Feb 26 '18 at 12:05
  • 18
    A salt is not supposed to be a secret, it is only used to protect against rainbow tables and to make it harder to crack: https://stackoverflow.com/questions/420843/how-does-password-salt-help-against-a-rainbow-table-attack – everyone Feb 26 '18 at 16:42
  • 3
    In addition a per-user salt ensures that you can't crosscheck the current dictionary word against all entries in the database, forcing you to attack each of them individually. – vidarlo Feb 26 '18 at 18:40
  • 3
    I don't know about you, but I'd prefer to have my secrets encrypted such that the attacker can know all about my salts, my exact algorithm for checking a plaintext against a hash, and anything else he might need and he still can't break it. The minute I start saying something like "Ah ha! All I have to do is keep the number if iterations a secret and they'll never be able to crack my data!" I've already lost. – corsiKa Feb 26 '18 at 22:00
  • 3
    "Nowadays passwords are stored as hashes and not plaintext on the server." Ha Ha. Yes, ideally, but in practice, there are tons of websites and non-web companies that still do this very wrong (especially banks for some ungodly reason)! – NH. Feb 26 '18 at 22:11
  • @NH. How do you know banks do that? I would have thought that definitely by 2018 all banks would be using hashes. – David Klempfner Feb 22 '22 at 10:29

1 Answers1

74

How are plaintext and hashes compared?

During the brute force attack, words from the dictionary are hashed with the correct hash algorithm and salt, and then compared to the hash in the database dump. So the attacker needs to know not only the hash value itself, but the algorithm and the salt.

How does the attacker know the salt?

The salt is generally stored in the database right next to the hash. In fact, it needs to be. How else could the web server hash the incoming passwords when checking them? So if you have a database dump, you have the salts.

How does the attacker know what algorithm to use?

This can be done in a number of ways:

  • You can often tell by the format or the length of the hash. For instance, a bcrypt hash usually begins with the marker $2b$.
  • Try a few very common passwords using the most common algorithms, and sooner or later you will get a match. Since usually only one algorithm is used for all hashes, you only need to find one match and then you can go on cracking the other passwords with that algorithm.
  • Even simpler, if you know just one password (maybe you created your own account before the breach) you can try different algorithms on that one. (Thanks, Goose.)
  • If you have access to the code, you'll find the answer there. (Thanks, marcelm.)
  • Or if you know what software is being used, you might find it in the documentation. (Thanks, eckes.)
Community
  • 1
Anders
  • 64,406
  • 24
  • 178
  • 215
  • 2
    _"If you can't tell by looking at the hash, you will have to guess."_ - Or just look at the code. If an attacker managed to obtain a DB dump, it's fairly likely he can also access the code. – marcelm Feb 26 '18 at 16:07
  • 54
    Also, if the attacker made an account before getting the database, he could run his known password through algorithms until he gets a match to the password hash in the database for his account. – Goose Feb 26 '18 at 16:58
  • 5
    I wish I could find a source... Recently there was a specific username showing up in new databases across a variety of services and communities. The theory was that someone was registering a 'canary' username and password so that they can track what databases had been leaked, in the future. It's a similar concept to what's being discussed by Goose. – Monica Apologists Get Out Feb 26 '18 at 20:41
  • @Adonalsium except it would be used by a paranoid tinfoil hat web user instead of a hacker? – corsiKa Feb 26 '18 at 21:58
  • 2
    @Adonalsium I have heard folks in computer security groups discussing variations of exactly that. Except they would be randomly generated so each target so as to make detection difficult, as what you really want to know is when someone uses the information to actually try to log in somewhere. – alex.forencich Feb 27 '18 at 02:26
  • Good software products also document what password Hashes are used (and where they are configured) – eckes Feb 27 '18 at 12:08