Expert calls LinkedIn's new salted hashes useless

Salted SHA-1 is fine for data on the fly; data in place needs password hashes

Plenty of people – victims and security experts alike – criticized LinkedIn last week for not salting the hashes in which it concealed users' passwords.

Salting passwords – extending the length of the hidden text by adding fake letter or numbers to make the password look longer – doesn't protect passwords much more than simple hashing does according to an interview Krebs on Security posted with Thomas H. Ptacek, a security researcher with Matasano Security.

Unix passwords have been salted routinely since the 1970s, and asre still cracked, Ptacek said.

LinkedIn's real weakness was not that it failed to hash password files; the weakness was in the algorithm it used to encrypt them.

Modern (freeware) password crackers like John the Ripper understand the encryption mechanism used by the SHA-1 encryption process so well it wouldn't have mattered if the encryption used an algorithm with 512 digits instead of one, Ptacek said.

SHA-1 and its ilk are cryptographic hashes, which are designed to encrypt and decrypt data so fast they won't cause delays in making connections for impatient humans who don't really understand the encryption, he said.

On-the-fly encryption requires the protocol to move so fast it can decrypt every packed in a stream with no discernible latency added.

Password hashes, on the other hand, can decrypt as slowly as a human can type without anyone getting angry about it.

Password hashes are designed in the opposite way – to do as much work and take as much time with the lock/unlock process so it will be even more difficult to decrypt them if they're stolen, Ptacek said.

Using a tool like Bcrypt, an algorithm released by Bruce Schneider in 1993, which will encrypt data meant to stay in place, create a new file to house it and destroy the other by copying gobbledegook into it over and over.

The mistake LinkedIn and many other sites make is to go for speed – important when encrypting data to be transmitted in bulk across the wire – rather than taking the extra few hundred milliseconds per login it would take to use a password-hashing algorithm that would be harder to break than SHA-1, Ptacek said.

"We just recently put in place, enhanced security … which includes hashing and salting of our current password databases," said a blog posted yesterday by LinkedIn Director Vicente Silveira, promising to improve login security, improve communication with customers and, apparently, mollify customers and observers by promising to hash and salt passwords all they like, but not Bcrypt them to keep them safe even if they're stolen.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies