Under starter’s orders … it’s the hash race

Under starter’s orders … it’s the hash race

A hash signature is used to create a digital fingerprint for data. If it’s one bit of data or a whole network of data, we can produce a digital finger print for it. If we change one bit in the data, we should create a completely different hash signature. And don’t expect there do be some fancy mathematics to reverse it — as it’s a one way function.

Unfortunately they can be cracked using a dictionary attack (trying words from a dictionary and hashing the values), a brute force attack (this is normally achieved with rule which optimises the attack), or a rainbow table (where we have pre-computing hashes that we can compare against). The usage of salt now means that the rainbow table method is not often used, but GPU and ASIC crackers mean that dictionary and brute force attacks are still a weapon against hashed passwords.

But not all the hash methods are the same. Some are extremely fast (Murmur), some are very fast (SHA-1, SHA-3, MD5) and others are extremely slow (Bcrypt, PBKDF2, and APR1).

To determine, for a base system, the speed of the hashing, we can run a Python script [here] for “The quick brown fox jumps over the lazy dog”:

Method:   Hashes per second
SHA-1:   121540
SHA-256:  95907
SHA-512:  70596
MD5:   116357
SHA-3 (224-bit): 68557
DES:   108
Bcrypt:   146
APR1:   133
PBKDF2 (SHA1):  1271
PBKDF2 (SHA-256): 2846
LM Hash:  468
NT Hash:  7938
MS DCC:   9627
LDAP (MD5):  4099
LDAP (SHA1):  13467
MS SQL 2000:  4217
MySQL:   7554
Oracle 10:  87
Postgres (MD5):  21250
Cisco PIX:  12041
Cisco Type 7:  10436
Murmur:   1436091

Each test is done for 40 hashes, and here Bcrypt and PBKDF2 have five rounds. We can determine the equivalent hashes for give salt values and rounds:

Hashes
SHA-1 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12
SHA-256 d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592
SHA-512 07e547d9586f6a73f73fbac0435ed76951218fb7d0c8d788a309d785436bbb642e93a252a954f23912547d1e8a3b5ed6e1bfd7097821233fa0538f3db854fee6
MD-5:   9e107d9d372bb6826bd81d3542a419d6
DES:   ZDeS94Lcq/6zg
Bcrypt:   $2a$05$hG6mpu4rn76ijaMrKsGjKecT6aN7mpQw1LXdvfYNqm8U4gTBw6SZm
APR1:   $apr1$ZDzPE45C$3PvRanPycmNc6c2G9wT9b/
PBKDF2 (SHA1):  $pbkdf2$5$WkR6UEU0NUM$0RB2bimWrMY.EPYibpaBT2q3HFg
PBKDF2 (SHA-256): $pbkdf2-sha256$5$WkR6UEU0NUM$yrJz2oJix7uBJZwZ/50vWUgdEI/i0ffqeU4obqC0pk4
LM Hash:  a7b07f9948d8cc7f97c4b0b30cae500f
NT Hash:  4e6a076ae1b04a815fa6332f69e2e231
MS DCC:   efa9778bbc94a7360f664eb7d7144725
LDAP (MD5):  {MD5}9e107d9d372bb6826bd81d3542a419d6
LDAP (SHA1):  {SHA}2fd4e1c67a2d28fced849ee1bb76e7391b93eb12
MS SQL 2000:  0x01007C8F716EA340D4F1073EB2E227E83D047DEA9AA71A0FAD4BA049A39242CD46D4A61A8D5A35A2F536884157B9
MySQL:   *A4E4D26FD0C6455E23E2187C3AABE844332AA1B3
Oracle 10:  4CDA2299FCAD0499
Postgres (MD5):  md5d44c15daa11770f25c5350f7e5408dd1
Cisco PIX:  kGyKN5CqdFQ1qJUs
Cisco Type 7:  063207240C5F1C10061C52091E0B3D25642E3C2D6219121B131216564E56464E171013195456494B1550045C

If a hash method is fast it can be broken easier than a slower one, but one that is fast can be used to quickly hash values. For a sample run, we can now rank in classifications:

Ulta fast:
Murmur:	        545,716 hashes per second

Fast: 
SHA-1:          134,412
SHA-256:        126,323
MD5:            125,741
SHA-512:         76,005
SHA-3 (224-bit): 72,089

Medium speed:
LDAP (SHA1):	13,718
MS DCC:	         9,582
NT Hash:         7,782
MySQL:	         7,724
Postgres (MD5):	 7,284

Slow:
PBKDF2 (SHA-256): 5,026
Cisco PIX:        4,402
MS SQL 2000:      4,225
LDAP (MD5):       4,180
Cisco Type 7:     3,775
PBKDF2 (SHA1):	  2,348

Ulta-slow:
LM Hash:          733
APR1:             234
Bcrypt:           103
DES:               88
Oracle 10:         48

We can see, for speed, that Murmur wipes the floor with the rest, with MD5, SHA-1 and SHA-256 all coming in at around the same speed. For the slowcoaches we include Bcrypt, Oracle 10 and ARP1. With Bcrypt and PBKDF2 we have only done five rounds, so in real-life these methods would be even slower. So if you want to slow down an intruder … use Bcrypt or PBKDF2.

In the code we compute the hash 40 times and measure the time. The outline of the code used is:

A common tool used to crack hashed passwords is Hashcat, and where is can target given lengths of passwords, and commonly used password changes:

Conclusions

Fast is good when you have to do lots of hashing, but slow is good is you want to stop the crackers. If your company has a data breach of passwords, hopefully you will be reporting on Bcrypt hashing rather than SHA-1.