The Dirty Truth About Web Passwords

<i>Gawker used encryption incorrectly. The odd choice of archaic DES encryption meant that the passwords they saved were all truncated to 8 characters. No matter how long your password actually was, you only had to enter the first 8 characters for it to work. So much for choosing a secure pass phrase.</i><p>This analysis is roughly 165 degrees misguided. Yes, the archaic password hash Gawker used prevented Gawker users from taking advantage of long passphrases on Gawker properties. But Gawker's properties were completely compromised anyways, so even an uncrackable passphrase wouldn't have helped you.<p>Meanwhile, that same archaic hash mitigated the compromise of all their password hashes, such that if you actually <i>used</i> a passphrase, it can't definitively be cracked from those hashes (there are obviously infinitely many passphrases that could hash to a given crypt(3) hash, only one of which would be your phrase).

<i>Gawker saved passwords. You should never, ever store user passwords. If you do, you're storing passwords incorrectly. Always store the salted hash of the password -- never the password itself!</i><p>What? No... Gawker stored hashes.<p>EDIT<p>It really galls me that Jeff can make an entire post around such an easily verified and debunked lie. Was he too lazy to check? Does he know what DES3 crypt is/does? Or did he think it would simply look good as the first of his three points in order to make a sensational story?<p>Gawker <i>really</i> doesn't deserve the trash talk they're getting, their db architecture was far more sound than a <i>lot</i> of others out there... and, as Thomas points out, their use of "archaic" hashing techniques is in some ways a blessing. Their db designers definitely get a "PASS" even if they didn't use something like bcrypt which would have given them an A++ on this assignment.

<i>Does the need to post a comment on Gizmodo really justify polluting the world with yet another username and password?</i><p>Let me see if I understand this logic correctly: password reuse is a critical internet problem because it puts all of your sensitive stuff into one key, your re-used password.<p>And the way to address this problem is to put all of your sensitive stuff into one third party whom we trust more, for purposes of our conversation we can just call them "the monopolist".<p>I don't think so. How about a distributed password system where I personally own the code and it kicks off a unique key for me for every web site I sign up to? After all, I've gotten pretty good about carrying around important things in my life. I use something called a wallet. The concept has been working fine for thousands of years. Whereas the idea of having somebody else keep secrets for folks really doesn't have that great of a sterling track record, as the Gawker situation shows.<p>This was a great article in that it's starting to show people how screwed up things are. But the conclusions (to me) seem all out of whack.

While I do agree with the sentiment of the article, as a developer I see it as a risk to hand over user authentication to a third party. Once I do that, I'm subject to their terms of service (which usually say 'we can do anything we feel like, any time we want'), their outages, and their bad business decision (What happens to all the Facebook connect accounts when Facebook goes bankrupt?).<p>Would I even trust Google to handle Authentication? Maybe, but remind me again how I contact Google Tech Support when my authentication mysteriously stops working?<p>On the other hand, I had left comments on Gizmodo using Facebook Connect, so from a user perspective it worked out well for me.

&#62; Let's say you have good old traditional username and passwords on 50 different websites. That's 50 different programmers who all have different ideas of how your password should be stored. I hope for your sake you used a different (and extremely secure) password on every single one of those websites. Because statistically speaking, you're screwed.<p>A great reason to use a password manager, like LastPass. I started using it ~1 year ago, and now each of my web logins has a different password. It's just one key combo to generate a new random password and insert it into the password field when signing up at a new site.

Personally I am going to use a super weak password on most sites from now on with the understanding that anybody may hack it. 90% of sites it doesnt matter anyway. Then I can focus on the rest,which actually matter to me.

poor man's password manager: select one strong password that you are able to keep in mind. Then for every site you use, set the password to what is the output of:<p><pre><code> echo "strong_pass:sitename:strong_pass" | sha1sum </code></pre> Note: if you are using mac os x use "shasum" instead of "sha1sum".<p>Make sure to don't expose your secure password of course. It's also a good idea to use a completely different strong password just for email.<p>p.s. it's worth to note that since there are tons fo SHA implementations for Javascript it's possible to build all this as a web application where all the business happens in the client.<p>The web app will just allow you to add a number of site names so that you don't have to type the site name by hand all the times.<p>Btw the world would be a better place with all the auth cookies set to expire on 2036...

I'd much rather depend on 50 strong passwords than 1 strong password to protect my online presence. Depend on Google, FB, etc. and when that 1 site or auth protocol is cracked ALL your logins are compromised. By spreading the risk around you are better protected from these kinds of issues.

Thanks, Jeff. Could you also please lecture us on properly backing up a site?

He's still calling it an "Internet driver's license"?<p><i>Gretchen: That is so fetch!</i><p><i>Regina: Gretchen, stop trying to make fetch happen! It's not going to happen!</i>

&#62; Gawker saved passwords. You should never, ever store user passwords. If you do, you're storing passwords incorrectly. Always store the salted hash of the password -- never the password itself!<p>Uh, no? They did save the hashed+salted version. The only problem is that they used crypt, from 20 years ago, instead of something like bcrypt.

I thought they had them hashed and salted, but the crackers are using rainbow tables and brute force to crack them?

Could this please be the warning shot fired across the Internet's bow to get Hacker News to fix the OpenID login?

What's sad is that he's proposing to stop password reuse and replace it with a more complicated password reuse, with the involvement of a third party.

Is there a space for some startup to just offer an internet driver license. That would be all they do, no ulterior motive, just identity service.<p>Rock Solid Security + Developer Friendly API = Win?<p>There are probably adoption issues and centralized authority fear. It seems though that other things have consolidated nicely (a ton of comments use Disqus now), maybe its time for someone to create a startup that solves this very real problem.

Has there been an explanation as to why they were using DES? Gawker started in 2003, a year after DES was superseded by AES, and there were plenty of more secure algorithms being used at the time.

"At that point, unless you picked a strong, unique password on every single site you've ever visited, the situation gets ugly."<p>PSA: PwdHash FTW. It solves exactly this problem.<p>Firefox: <a href="https://www.pwdhash.com/" rel="nofollow">https://www.pwdhash.com/</a> Chrome: <a href="https://chrome.google.com/extensions/search?itemlang=&#38;hl=en&#38;q=pwdhash" rel="nofollow">https://chrome.google.com/extensions/search?itemlang=&#38;hl...</a> iPhone has several apps that do this (I use Keygrinder).