2

Like many users it's very difficult for me to use a different password for every website I have an account with. It does not matter how complex my password is if ONE naive website stored it in clear text.

Is it a good idea to use the salted hash of my password instead of my password? The salt itself would be the url (or part of it) of the website I am visiting.

Ulkoma
  • 8,793
  • 16
  • 66
  • 95
  • 3
    Well it can't be worse than using the same password, at the very minimum it's a little bit more secure but someone who sees your password on example.com as example123 may guess that your next password is whatever the website+123... – Arlix Nov 03 '15 at 16:16
  • @Arlix that's true but I would like to know if it worth the hassle of doing that every time I login – Ulkoma Nov 03 '15 at 16:18
  • @Arlix he would not, he would see the hash – Ulkoma Nov 03 '15 at 16:20
  • ah yeah of course generally but you mentioned clear text in your question so I wrongly assumed that it would be clear text if it was compromised – Arlix Nov 03 '15 at 16:21
  • 4
    Duplicate of many questions before http://security.stackexchange.com/questions/104093/password-generation-based-on-hash-of-master-password-suffix/104096#104096 http://security.stackexchange.com/questions/55592/password-managers-encrypted-database-vs-hashing-strategy – Gudradain Nov 03 '15 at 16:44
  • @Gudradain thanks for the links, they improved my idea, both questions assume the hashing will be done on the same machine and I won't be using the same one, if I do the hashing on an offline machine I can even write down the hash of on a piece of paper with being afraid of losing it – Ulkoma Nov 03 '15 at 16:55

4 Answers4

2

It's better than using a single password, but not much. If you have one site store the new password in clear, and if your hashing algorithm isn't strong, someone could notice that hash sitting in a list of otherwise clear text passwords and try breaking it. Assuming they know where they got the original list, if they find "passwordexample.com", they are going to be pretty confident that other passwords you have will be "passwordexample.org" and "passwordexample.net", hashed with whatever hash function you chose.

If you can remember a single strong password, which I'm assuming you can from the question, use a password manager. You can either use an offline one, such as Password Safe or Keepass, or a cloud based one. Either way, you can generate unique passwords for each site, and only have to remember one password yourself.

There are attacks against password manager apps, but they generally require either access to the machine which the app is currently running on, so assuming you don't leave your app open, are very unlikely in practice. Similarly, cloud based ones have been hacked before, but attackers don't appear to have been able to get access to the passwords stored in them.

Matthew
  • 27,263
  • 7
  • 89
  • 101
  • I'll use a strong hash function, I use a complex password and a variable salt to make it difficult for rainbow tables, I can even use the third, sixth and ninth letter of the url as a salt to make it difficult to guess where I am getting my salt from. I don't like putting my fate in the hand of a password manager, I prefer to have faith in my own brain. – Ulkoma Nov 03 '15 at 16:36
  • But your also having faith in the security of every website that has a password for you and the incompetence or disinterest of attackers. – Neil Smithline Nov 03 '15 at 18:05
  • @Ulkoma I don't know a single security professional at this point who *doesn't* use a password manager. Have a glance at [what amateurs can learn from security pros](http://arstechnica.com/security/2015/07/what-amateurs-can-learn-from-security-pros-about-staying-safe-online/). Numbers 2, 3, and 5 can all pretty much be squashed into one: just use a password manager. – Stephen Touset Nov 03 '15 at 19:20
  • @StephenTouset a password manager is a single point of failure, I am trying to avoid that not shifting it to an other piece of software – Ulkoma Nov 03 '15 at 19:23
  • What, exactly, do you expect to "fail"? – Stephen Touset Nov 03 '15 at 19:23
  • The password manager can be attacked and probably hacked, just like anything else in this world! – Ulkoma Nov 03 '15 at 19:26
  • If they're on your machine to hack it, you've already lost. If you're worried about someone hacking a copy uploaded to a cloud provider like Dropbox, iCloud, or Box, these file formats are published ([example](https://support.1password.com/opvault-design/)) and generally well-regarded by the cryptographic community. If someone finds a way to crack an arbitrary AES-256-CBC-encrypted, HMAC-SHA256-authenticated file at will, the world is going to have bigger problems than some passwords getting leaked. If you're that paranoid, keep it on your local machine and back up to local network storage. – Stephen Touset Nov 03 '15 at 19:32
  • @SourLolita It would make no difference to me, like I said before using a password manager reduces the risk because it's only one single point of failure but it's still just moving the problem from the website to my machine. I would like to be the point of failure ie my memory. – Ulkoma Nov 03 '15 at 23:30
  • @Ulkoma Steven's point is that moving the problem to your machine is not an issue, because your machine *is already* a single point of failure in this equation. – Iszi Nov 04 '15 at 18:20
2

The scheme you describe gets independently re-invented frequently. Sadly I didn't save a link to previous times answering the question. But briefly here is a list of some of the problems with that scheme.

  1. A single captured password (say from a site that stores them in plaintext) is enough for an attacker to launch a cracking attempt against your main secret and so be able to determine all of your passwords
  2. You cannot change your password for a single site. You would need to change all or none.
  3. Your generated password may not conform to the specifications of individual sites and serves.

As others have recommended. Pick a good password manager and use it.

[Disclosure: I work for the makers of a password manager]

Jeffrey Goldberg
  • 6,420
  • 17
  • 21
  • No. 2 is a very good point – Ulkoma Nov 04 '15 at 09:21
  • #3 is also a very good point (omitted in my answer). One password generation scheme won't work for all applications. So, then you have to remember the password, and either remember or store the salts and generation mechanisms for each site, and have handy the tools available to accommodate each custom solution on-demand. – Iszi Nov 04 '15 at 18:26
1

The problem with using one password across multiple sites is that all of your accounts can be compromised if even one site leaks your passwords.

Your solution, as stated in the question, attempts to resolve this by using a unique hash on each site as your password. This has some benefits, as it does not require you to actually maintain a password manager (you just need a tool to re-generate the hashes as needed) and you get to keep the simplicity of only having to remember one password for all sites.

However, if we assume that the same attackers who get access to one of your "passwords" can also break that hash, your scheme effectively fails for the same reason a regular shared password would: You're still using the same basic password for each site. Since the attacker, at this point, would also know the salt for the cracked hash, they can easily derive your salt generation process (in your question, it's simply the URL or some component of it). This effectively makes each site's salt "known" to the attacker, and therefore negates their value.

So, how do we patch this bug? Make the salt random, and long. Whether or not you also include the URL as a component is up to you, but here's the problem we run into now: Any salt with a random component that's long enough to add security value will not be human-memorable. (At least, not for non-savants.) Great for protection from attackers. Horrible for usability.

So, what do we do to compensate for that? Maintain a spreadsheet or database with a list of the sites and their associated salts.

Wait... aren't we just back to having a password manager? The only difference here is that you're not actually storing your passwords - you're storing just part of the information needed to re-generate the passwords. Arguably, this is better in the sense that obtaining this data alone isn't enough to re-generate your passwords. But is it really that much worthwhile?

Iszi
  • 27,027
  • 18
  • 99
  • 163
-1

I think it's a bit extreme to use a different password for EVERY website you register with. Do you really care if someone steals access to a website such as adobe.com, which at one time required an account just to download Flash? I don't, and I use the same very bad password for all these sites I don't care about.

For anything you do care about (bank, social media, email), use a different password for each site, or use a password manager.

Security is always about what you're protecting from whom. If you're only protecting a throwaway account that someone forced you to create for a trivial task that contains none of your personal information, why should you care about the security of it?

As far as your scheme goes, It's not a terribly good usability/security tradeoff. You can't really remember a hash value for a website. That means either writing down the password and keeping it secure somewhere, or only logging into a site when you have access to a hashing algorithm. It seems a rather large inconvenience with little gain in security, just so you can re-use passwords.

Steve Sether
  • 21,530
  • 8
  • 50
  • 76
  • 1
    I think that problems occur when websites change function, or you change how you interact with them. For example, if you bought software from adobe.com, you might care more, but would you remember to change the password from your "low security" one? By defaulting to secure passwords, it doesn't matter. If you default to low security, it only takes one slip. – Matthew Nov 03 '15 at 19:13
  • @Matthew It occurs to me you're trying to create a perfect system, and account for all possibilities. That's simply not possible. A better approach is to estimate the likelihood of certain events happening and the impact, and only accounting for the ones with a resulting expected value. I'm very, very unlikely to ever buy anything from Adobe. Even if I did, do I care that someone logged into my Adobe account? Security is never perfect, and it's always about trade-offs. I advise people to think about those trade-offs rather than try to create their own limited version of "perfection". – Steve Sether Nov 03 '15 at 19:26
  • 2
    Basically, I'm lazy. I want to use one method for all passwords, so I use a password manager, and ignore whether it is a high risk site or a low risk site. I am sufficiently confident in the password manager that I use that I consider it failing as lower risk than any of the sites I use being breached (this assessment may be biased because I'm a pen tester - I see a lot of breached sites). I have lots of data thanks to poor password storage, but hardly any from password managers, hence my preferences. It is a preference though, not a rule. – Matthew Nov 03 '15 at 19:37
  • @Matthew Sure, that's certainly valid. Password managers are great. I'd just rather not be bothered with them for sites I don't care about. – Steve Sether Nov 03 '15 at 19:52
  • 1
    Seems weird to me, @SteveSether. It's actually *less* effort to use a password manager, because you only have to hit a single hotkey to login. Not to mention, you have to remember whether or not it was a site that you used your "insecure" password for. – Stephen Touset Nov 03 '15 at 20:47
  • @StephenTouset I've yet to re-login to Adobe.com, or NYTimes.com, or other websites I don't care about that force my to create yet-another-useless login. Password managers are also effective, I just don't prefer them. It's sort of like arguing over the merits of chocolate over vanilla. – Steve Sether Nov 03 '15 at 20:59