Ashley Madison part 2: Cryptanalysis

Lets look at these password hashes:

$2a$12$6YEtyM93L2EQkHzs/PSP6OKEiW6fS3dSZCozzDrMKhHqRmI6NjS1S
111111Iwillneverdoitagain
$2a$12$3V0bFXAv1b4DT1KHh3uqjumaRYysI.NNpgXlcFEfulNUoBYtBEtTG
111111Iwillneverdoitagain
$2a$12$8b5m318FP10GzXI.mtJyh.L.LFjK5iZMwen9gJ68OrkrSLJrKsq1e
111111Iwillneverdoitagain
$2a$12$XC2CQOA5agBimTPHdvcsKOVgKkDwfjXFPyZjNhCFxhxj0yZS/T9f.
111111Iwillneverdoitagain
$2a$12$4FOWYjeL4AtnSuWqP7.1NeeBejEvwBFI/K3Pjt2r0jg5RhnPF38ja
$2a$12$zK2RRlnbtzm/0X0ZSuMrJ.L8v4KSOGnOuXDtDcPkw.ic6qeV.cg4i

Now when looking at the passwords, I notice that they all start with the marker “$2a$12$”.

This is Linux /etc/shadow notation. Linux keep the passwords in the /etc/shadow file. This file is readable only to root accounts. It contains the password hashes of all users. We call “shadow” because it is a shadow file of the /etc/passwd file. /etc/passwd is world readable, so we obviously don’t want to store our password hashes in this file. When we shadow the password file, /etc/passwd will only store an “x” for the password.

$ sudo cat /etc/passwd
...
david:x:1000:1000:david,,,:/home/david:/bin/bash
...

This contains our username:password (shadowed)

Now if I look at the contents of our shadow file (I changed the salt and hash)

$ sudo cat /etc/shadow
...
david:$1$HSnwkd2ajf$Aadhj20idhjSd8djv9d:16663:0:99999:7:::
...

This contains our username:$algorithm$salt$hashed password, followed by information regarding password changes. In this case, the $1$ means the hash was MD5.

Some other prefixes I found:

$0$ – DES
$2$, $2a$ = Blowfish
$3$ = NT hash
$5$ = SHA-256
$6$ = SHA-512

Back to the marker “$2a$12$” in the database. I know that the passwords were hashed with the Blowfish algorithm. The bcrypt algorithm implements Blowfish, so I’m that was the algorithm the website used to hash password. The $12$ means a cost factor of 12, or 12 rounds of bcrypt.

bcrypt, along with scrypt and PBKDF2 are a family of algorithms for hashing passwords. They are all considered “slow” for a computer to perform in relation to other algorithms like MD5 or SHA, so that if a database is compromised and the hashes revealed to an outsider, any brute force or dictionary attacks will be handicapped.

bcrypt has the advantage of being hard for a GPU to do. GPUs are many times faster at performing hashes then the CPU, so crackers often utilize one or more GPUs in parallel to crack passwords. According to https://security.stackexchange.com/questions/4781/do-any-security-experts-recommend-bcrypt-for-password-storage/6415#6415

“Bcrypt happens to heavily rely on accesses to a table which is constantly altered throughout the algorithm execution. This is very fast on a PC, much less so on a GPU, where memory is shared and all cores compete for control of the internal memory bus.”

With that being said, it is unlikely I will be able to crack any passwords from this database.

Another thing I noticed was the repeated password of “111111Iwillneverdoitagain”. I would assume that this is how the website disabled accounts, since it would be extremely difficult to find a string whose hash equals “111111Iwillneverdoitagain”.

Leave a Reply

Your email address will not be published. Required fields are marked *