Gee, the interesting things you find when browsing the wikipedia codebase.
Don't you people know what salt is? I'll give you a clue. Here's how an
attacker with access to Wikipedia's hashed passwords would currently
inverse-MD5 the passwords:
sort user table by hashed password;
foreach (possible password) {
x = md5(password_guess);
binary search table for match;
}
And here's how it would work with salt:
for (userNum=0; userNum < numUsers; userNum++) {
foreach(possible password) {
x = md5("wikipedia" + userNum + password_guess);
check for match
}
}
Some numbers: my password is 9 essentially random lower case letters. By
brute force, it would take a hacker about a week to inverse MD5 it, with one
computer. With the current scheme, if all 10000 users of Wikipedia used the
same kind of password, the hacker would successfully inverse MD5 one roughly
once every 10 minutes. He could then check those username/password
combinations against other sites -- say, Internet banking, unix accounts on
various servers, email, etc.
Don't worry, I fixed it. What do I do with the rectified code (once I've
read over it a couple more times)?
-- Tim Starling.
_________________________________________________________________
MSN Instant Messenger now available on Australian mobile phones. Go to
http://ninemsn.com.au/mobilecentral/hotmail_messenger.asp
Don't you people know what salt is? I'll give you a clue. Here's how an
attacker with access to Wikipedia's hashed passwords would currently
inverse-MD5 the passwords:
sort user table by hashed password;
foreach (possible password) {
x = md5(password_guess);
binary search table for match;
}
And here's how it would work with salt:
for (userNum=0; userNum < numUsers; userNum++) {
foreach(possible password) {
x = md5("wikipedia" + userNum + password_guess);
check for match
}
}
Some numbers: my password is 9 essentially random lower case letters. By
brute force, it would take a hacker about a week to inverse MD5 it, with one
computer. With the current scheme, if all 10000 users of Wikipedia used the
same kind of password, the hacker would successfully inverse MD5 one roughly
once every 10 minutes. He could then check those username/password
combinations against other sites -- say, Internet banking, unix accounts on
various servers, email, etc.
Don't worry, I fixed it. What do I do with the rectified code (once I've
read over it a couple more times)?
-- Tim Starling.
_________________________________________________________________
MSN Instant Messenger now available on Australian mobile phones. Go to
http://ninemsn.com.au/mobilecentral/hotmail_messenger.asp