Tuesday, May 05, 2009

Can you trust Paul Graham with your password?

The other day I asked Can you trust 37signals with your password? and the good folks at Hacker News responded on their forum and here on my blog. Driving back home the other day I suddenly wondered how good a job Hacker News was doing of keeping my password safe.

The answer is... only marginally better than 37signals. Since the source code of the web site is available it's possible to dig in and find out how Paul Graham handles password authentication.

The good news is that he doesn't store passwords in plain text. And even better he uses a one-way hash function (SHA-1) to verify passwords. When you enter your password it is hashed using SHA-1 (he uses OpenSSL's implementation of SHA-1 to do the hashing) and then stored in a file called arc/hpw. When it comes time to verify a password the hash from the password file is read and compared with a hash of the password you typed in.

(def good-login (user pw ip)
(let record (list (seconds) ip user)
(if (and user pw (aand (shash pw) (is it (hpasswords* user))))
(do (unless (user->cookie* user) (cook-user user))
(enq-limit record good-logins*)
user)
(do (enq-limit record bad-logins*)
nil))))

(def shash (str)
(let fname (+ "/tmp/shash" (rand-string 10))
(w/outfile f fname (disp str f))
(let res (tostring (system (+ "openssl dgst -sha1 <" fname)))
(do1 (cut res 0 (- (len res) 1))
(rmfile fname)))))

The good news is that this means that if arc/hpw were stolen a hacker wouldn't be able to read the password from the file directly. The bad news is that the file is readily attackable using a rainbow table. If you got access to his password file, the passwords within it (unless they were really, really good passwords) would be broken in seconds or minutes.

That's a pity since he could easily have implemented a salted hash and he would have had a first line of defense against a rainbow table. The current implementation is little better than a plain text password file.

Even better he could have swapped SHA-1 for a slow algorithm like bcrypt. With salted bcrypt rainbow tables are out of the window, as are password crackers that rely on running a dictionary plus salt through the hash algorithm.

Labels: ,

If you enjoyed this blog post, you might enjoy my travel book for people interested in science and technology: The Geek Atlas. Signed copies of The Geek Atlas are available.

<$BlogCommentBody$>

<$BlogCommentDateTime$> <$BlogCommentDeleteIcon$>

Post a Comment

Links to this post:

<$BlogBacklinkControl$> <$BlogBacklinkTitle$> <$BlogBacklinkDeleteIcon$>
<$BlogBacklinkSnippet$>
Create a Link

<< Home