7

A long time ago when Microsoft changed my e-Mail from Hotmail to Outlook the password-interface said that I should only put in the first 16 chars of my password. But my password was longer before. So how could they find out the first 16 chars of my password? Was the password always truncated to 16 chars and then hashed and saved or has anyone another possible explanation for this?

See image below.

Outlook authentification form

dan
  • 3,043
  • 14
  • 35
Elias Rüedi
  • 73
  • 1
  • 5
  • Not explicitly mentioned is that outlook.com enforces a maximum length of 16 characters to its passwords. – Ángel Oct 01 '14 at 12:42
  • 1
    Here is a basic test to check if your password is truncated: if your password is `1••••••••0123456xxx`, just try `1••••••••0123456yyy`. The success or failure will permit you to tell the truth. – dan Oct 01 '14 at 15:32
  • 1
    @danielAzuelos no matter what password you type in it will always show the message like in my post (as long as it is longer than 16 chars) so you can't do any checks – Elias Rüedi Oct 02 '14 at 05:40
  • 2
    The limit has been removed. I had no problems today in creating an outlook account with a 500-bytes password. While some months ago, it still forced that maximum limit of 16 characters. – Ángel Oct 01 '15 at 01:07

2 Answers2

6

Well, we will probably never be completely sure as we don't have the code. But we can discuss some possibilities. But first,

Why the change, actually?

What could be a reason for this change anyway? A possibility is that intelligence agencies had something to do with this, like is assumed to have happened with an older version of A5/1, Comp128v2, where the first ten bits of a 'random' key were always set to 0. Like this they can, if they get the hash from MS, just brute-force faster.
In case you don't like complot theories, another option is of course that MS doesn't want you to forget your password.

But let's look at the possibilities.

Passwords stored in plaintext

It is possible that MS stored plaintext passwords, but it would be a huge failure and I suppose (and truly hope) this is not the case.

Normally passwords are hashed and salted in an irreversible way so that even MS can't get to know your password from the value in the database. So how did they do this?

Two versions of a hash function stored parallel

What would be a possibility is that they already planned for longer time to have a maximum length on the password. Then, they could wait for you to login and, parallel to checking if you're actually typing in the correct password and logging you in, cutting off your input and salting and hashing that and store it somewhere else. At the moment they changed to the new system, they just copied the new hashes.

The passwords were always 16-chars truncated

As pointed out by Ajedi32 in the comments, it's also a possibility the passwords were always truncated after 16 characters already. (The reason for this, again, could be interference by intelligence.) The only difference is that MS now doesn't allow you to enter more, because they've become too lazy to truncate it themselves.

This doesn't seem likely to me, because if this were true, then why would they now tell the users to not enter more than 16 characters? Yes, it could be that things like this (i.e. UI texts are changed without an actual change of the function) just happen in a huge organization. However, as Ajedi32 explains:

Maybe they finally realized that not telling users about such an important security limitation was a bad idea, and decided to start explicitly enforcing the 16-character limit? Or perhaps they're preparing to lift the limitation in the future, and they need to start preparing users for that now? (Because lifting the limitation would mean that "1234567890123456" would no longer be the same password as "1234567890123456789")

The actual answer

As it turns out, Ajedi32 was right and passwords were always truncated, as pointed out in this MS article (credits go to PwdRsch, see the comments). The other possibilities remain here for theory's sake.

  • Or perhaps there was always a limit, but they just silently truncated your password without telling you up 'til now? – Ajedi32 Oct 01 '14 at 13:51
  • @Ajedi32 yes, in the train back home I was thinking of another possibility and when I got home I had forgotten it, but this was it. Thank you! Although I must say that this doesn't seem very likely to me, because if this was the case, why now tell the users? –  Oct 01 '14 at 13:53
  • 2
    Maybe they finally realized that not telling users about such an important security limitation was a bad idea, and decided to start explicitly enforcing the 16-character limit? Or perhaps they're preparing to lift the limitation in the future, and they need to start preparing users for that now? (Because lifting the limitation would mean that "1234567890123456" would no longer be the same password as "1234567890123456789") – Ajedi32 Oct 01 '14 at 13:56
  • @Ajedi32 yes, you're right, thank you. I added this to my answer (I hope you're okay with the quote like this?) –  Oct 01 '14 at 14:19
  • 2
    Yes @Ajedi32 is correct, Microsoft (and Hotmail before them) always truncated passwords behind the scenes. Here's [a Microsoft article](http://windows.microsoft.com/en-us/windows-live/microsoft-account-password-16-characters) that mentions the practice with regards to Live ID, which is also used by Outlook.com. – PwdRsch Oct 01 '14 at 14:43
  • @PwdRsch you should make that into an answer, this is the real answer to the question. –  Oct 01 '14 at 14:44
  • 1
    @CamilStaps You're welcome to edit yours if you wish since you already cover that possibility. – PwdRsch Oct 01 '14 at 14:45
  • @PwdRsch thank you, if it's no problem for you :) I updated the answer. –  Oct 01 '14 at 14:48
  • Thanks to all :) even if it is strange to only allow 16 chars for a password – Elias Rüedi Oct 02 '14 at 06:19
0

Maybe they are using an HSM for password storage. Password are (maybe) encrypted and stored in a specific unit in the server farm so they can actually decrypt them and "read" the plaintext. The difference is that with hash+salt you can't decrypt a password (hashing functions are one way functions). With an encryption algorithm you can actually decrypt the ciphertext and read the plaintext.

marcomanzoni
  • 383
  • 3
  • 7
  • But wouldn't this be a risc factor when there exists a key to decrypt all the passwords? – Elias Rüedi Oct 01 '14 at 11:15
  • Yes, but HSMs are build for security purposes: they are used for storing certificates, keys, etc. HSMs can also execute hash algorithms, encryption and decryption algorithms, certificate validation and stuff like that. They are pretty secure. – marcomanzoni Oct 01 '14 at 11:30
  • I belive that they are secure but I just don't like the fact that a passwort is encrypted and not hashed. Because when the HSM can decrypt the passwords for the change from Hotmail to Outlook then someone can give it the command to decrypt the passwords for his own purposes. – Elias Rüedi Oct 01 '14 at 11:39
  • Yes, in fact passwords are usually stored in hash form using hashing functions like bcrypt. The algorithm takes the password and a salt code and output an hash (This hash can now be encrypted with a block cipher). The salt is used in order to prevent rainbow table attacks and an hash function like bcrypt is used in order to prevent "brute force" attacks. – marcomanzoni Oct 01 '14 at 12:24