Ah, Ashley Madison. Even as one tries to move away from it to other issues, new problems surface like toxic malaise at a swamp: fraudulent $19 data scrubbings, men being conned by bots, some of the weakest passwords known to mankind securing their servers, an ex-CTO who supposedly hacked the competition… Michael Corleone, I get you now:
Remember how, at the beginning, despite everything that happened, Ashley Madison was given something of a tentative kudos for using bcrypt to secure their clients’ passwords? The hashing algorithm that hinders brute-force hacking, and thus the unauthorized recovery, of passwords?
Congratulations Released Prematurely
Well, according to Ars Technica, a team of crypto-cracking enthusiasts has found that the Ashley Madison passwords – released into the internet on August 18, along with internal emails and other data – were not strongly secured when you really get down to it. Yes, bcrypt was used. Yes, bcrypt is one of the better ways to secure passwords against brute-forcing. But it became a moot point (from arstechnica.com):
CynoSure Prime…an astounding discovery: included in the same database of formidable bcrypt hashes was a subset of 15.26 million passwords obscured using MD5, a hashing algorithm that was designed for speed and efficiency rather than slowing down crackers.
Digging into emails, the hobbyist hackers discovered that prior to June 14 of 2012, MD5 was used to secure passwords. It was only after this date that bcrypt was used.
Furthermore, it turns out that Ashley Madison’s engineers only used the lowercase of the alphabet when creating and storing MD5 hashes, which could indicate that Ashley Madison’s customers may not have been as irresponsible when creating their passwords. For what it’s worth, pasSworD is nominally more secure than password, but there’s no way for us to know now if potential philanderers were cognizant of this detail.
Incidentally, this is not the first time that I’ve run across a company transforming customers’ passwords into less secure versions of themselves. Amazon, for example, supposedly was truncating and capitalizing passwords in the past.
What are the ramifications when passwords are transmogrified in this manner? Again, from arstechnica.com:
If the setting was a nearly impenetrable vault preventing the wholesale leak of passwords, the programming errors—which both involve an MD5-generated variable the programmers called $loginkey—were the equivalent of stashing the key in a padlock-secured box in plain sight of that vault
In other words, because the MD5 passwords correspond to a subset of the bcrypt passwords, the former were attacked, since it was much easier to do, to gain the latter. It should be noted that this means only a subset of the passwords were easily compromised (if you can call 15 million out of 36 million a subset; it certainly is, but so is 36 million out of 36 million). As a client, if you signed up after June 2012, the assumption is that your password is still safe, assuming you didn’t pick a weak one.
What Happened in 2012?
“[Ashley Madison’s] parent company Avid Life Media was at risk of a security breach,” predicted the company’s CTO in 2012. This was a comment, according to businessinsider.com, on the Grindr hack of January 2012. He also wrote (from vice.com):
“With what we inherited with Ashley [Madison], security was an obvious afterthought and I didn’t focus on it either,” the company’s founding CTO Raja Bhatia wrote at the beginning of 2012. “I am pretty sure we stored passwords without any cryptography so a database leak would expose all account credentials.
Could this have been the impetus behind the switch to bcrypt from MD5 – a bungled one, obviously? If so, perhaps the criticism that they weren’t interested in security at all should be curtailed a bit.
Naturally, all other criticisms are still valid.
Related Articles and Sites: