15

Does anyone know of a well-known application that still uses unsalted hashes for password storage? I'm looking for an example for an upcoming lecture on Rainbow Tables, and I think it would add weight to the discussion if I had a real-world example that the students had perhaps heard of.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Fixee
  • 1,545
  • 2
  • 15
  • 24

5 Answers5

17

Amazingly enough, MYSQL is a great current example. The recent hack of Oracle's mysql.com site (Irony: MySQL and Sun websites hacked using SQL injection - TNW Industry) exposed a bunch of unsalted hashes for important accounts, with high quality passwords like "qa" for three accounts (qa_r, qa_rw, and qa_adm), all of which hashed to "077f61a849269b62". They could be easily searched for on rainbow table sites like Passwords recovery - MD5, SHA1, MySQL.

Even the "new, improved" algorithm used since MYSQL 4.1.1 is simply an unsalted double application of the now-deprecated SHA-1 algorithm. See Simulating MySql's password() encryption using .NET or MS SQL - Stack Overflow. In the documentation for PASSWORD() they say you should not use it in your own applications. But the advice they give is terrible and they offer no excuse for why they don't simply migrate to a good algorithm with not only salts but also adaptive hashing like bcrypt or PBKDF2. Note that if you don't use an adaptive technique to iterate the hash, each salted hash is very vulnerable these days to fast cheap brute force attacks that can try billions of candidate passwords a second.

Update: A jaw-dropping example of a huge unsalted database for passwords (with hints!) is Adobe's set of 130 million, stored using reversible encryption (3DES), which was exposed in October 2013. And of course the fact that they encrypted rather than hashing is terrible also. See How an epic blunder by Adobe could strengthen hand of password crackers | Ars Technica. It's a database, presumably not an available application, which illustrates again why you shouldn't roll-your-own like this in the security world.

It was the subject of the XKCD comic "Encryptic": 1286: Encryptic - explain xkcd

Community
  • 1
nealmcb
  • 20,544
  • 6
  • 69
  • 116
7

It was revealed in June 2012 that Linked-In (NYSE:LNKD) was using unsalted SHA1 hashes for its users' passwords. About 6.5 million passwords were leaked and thus far more than 3.4 million have been cracked.

Hendrik Brummermann
  • 27,118
  • 6
  • 79
  • 121
Fixee
  • 1,545
  • 2
  • 15
  • 24
6

Wikipedia did not use a salt in the past. And even after they added the option to the software it took many month until it was enabled on wikipedia.org

Hendrik Brummermann
  • 27,118
  • 6
  • 79
  • 121
  • Is this true of the open-source MediaWiki project, as well? I wonder which versions did not include salts. – atdre Apr 10 '11 at 00:00
  • It was around the time that "phase3" was given the name MediaWiki. But it took months (might be even two years) until that option was enabled on Wikipedia itself. – Hendrik Brummermann Apr 10 '11 at 18:16
5

phpbb, pretty well known forum software uses unsalted MD5...

Simple Machine Forums (SMF) uses unsalted SHA1

Or at least they were last time I checked...

Bruno Rohée
  • 5,221
  • 28
  • 39
  • Last forum I administrated (sometime last year) was a phpbb and it definitely had salted hashes then. – XQYZ Jun 08 '12 at 14:16
1

Active Directory still uses unsalted NT hashes in its NTDS.DIT and if you have an old domain the LM hashes for accounts might be there, too.

schroeder
  • 123,438
  • 55
  • 284
  • 319
EnviableOne
  • 157
  • 8