Tripcodes are NOT passwords

myndzi · September 02, 2013, 03:20:59 PM

Whenever I see someone referring to a tripcode as a password, I try to put forth this little disclaimer, but I figured it wouldn't hurt to have a post to better explain what I mean and for people to refer to. This mostly applies to people who want to identify themselves on Nullpomino netplay, but applies to the concept of tripcodes in general, including on image boards.

A password authenticates you to some system. It is a secret that only you should know, and therefore only you can provide. Commonly, services that require authentication will not store your password in a readable form, this is bad security practice and you should not trust any website or service that can "tell you" your password with an important password. The reason most sites have a mechanism to set a new password instead of tell you your old one is that they simply cannot tell you your old one in the first place.

The way this is accomplished is with something called a cryptographic hash. It's basically a one-way scramble of your password into a fingerprint that is sufficiently unique to be used for authentication. For example, the password "password" might be turned into something like this: "$2a$04$oz1NcysZk2CzLQs4BTLA5uPIIx.gNJN09IxuVJo8iGoXYP3KsctR." I am skipping a number of important security principles here because they don't matter for the purposes of this post, but know that there's more to it than just this.

The important part of this is that you can't go the other way. That is, you can't take "$2a$04$oz1NcysZk2CzLQs4BTLA5uPIIx.gNJN09IxuVJo8iGoXYP3KsctR." and directly turn it into "password". You can, however, guess repeatedly until you get it right, if you know what you are guessing against. For this reason, even though obtaining a hash of your password shouldn't (if the site is doing their security right) grant an attacker access to your account, there's a chance that they can eventually manage anyway, depending on how much they want it (and how strong or weak your password is).

There are many hashes, and fewer cryptographically secure hashes, and unfortunately it is common practice for ignorant or lazy programmers to use inappropriate hashes to protect passwords. For example, if a site stores your password as an unsalted MD5 hash, it's quite possible that your password can be recovered in a matter of milliseconds. This is also why it is good practice not to reuse passwords, or at least not to reuse them between important sites and untrustworthy or casual sites. The more sites that have your password, the more of a chance there is that one of them stores it poorly, and it is widely known that people tend to reuse passwords and usernames. So, if your harddrop account has the same password as your bank account, and someone manages to hack harddrop and retrieve the password database, they can potentially access your bank account if they can recover your password.

This leads us to tripcodes. Tripcodes are NOT cryptographically secure hashes. State of the art password cracking gives somewhere on the order of 63 MILLION tripcodes guessed per second (assuming descrypt) on a modern end-user level computer with a single video card. In comparison, bcrypt, which is arguably the gold standard for password hashing, gets about 3 THOUSAND passwords per second.

In addition to that, the hash generated by a tripcode is readily accessible to anyone. It is not stored safely away on a secure server, but presented to the whole world to see.

So, the combination of a weak hash and the fact that said hash is readily accessible means that it is extremely easy to recover the text you entered to create your tripcode. It is about a million times easier if you don't use secure password practices, which is probable.

On top of that, even, these tripcodes are used in a competitive gaming setting, exactly the kind of scenario that begets targeted attacks; for example, you talk shit or beat somebody soundly at Tetris and they get mad. They happen to know how to download and run a program. They drop your tripcode into the program, get your weak password almost instantly, and now they can try to use it to log into your harddrop account, Facebook, e-mail, or whatever.

So! Please do not refer to tripcodes as passwords. That will give uninformed users the impression that they are entering a secure secret, and it should be well understood by all users that this is a poor security practice a level of magnitude greater than the typical weak/shared password problem.

Do not use a password that protects any account you care about for a tripcode.

Thanks for reading

P.S. after all this, you might be wondering "what's the point of tripcodes then?" -- it's simple, really. It's a weak security measure, but it's still a hassle to circumvent. It's enough that for casual use, such as posting on an anonymous message board, it will filter out all but the particularly dedicated trolls. There is no stored password, no 'account', it is simply a visual fingerprint for other users to compare as a way of helping to identify when a user is the same in multiple posts/instances.

Antifate · September 02, 2013, 06:08:48 PM

Quote from: myndzi

This leads us to tripcodes. Tripcodes are NOT cryptographically secure hashes. State of the art password cracking gives somewhere on the order of 63 MILLION tripcodes guessed per second (assuming descrypt) on a modern end-user level computer with a single video card. In comparison, bcrypt, which is arguably the gold standard for password hashing, gets about 3 THOUSAND passwords per second.

Can you please explain this point a little bit more? Why is there such a big discrepancy between the backwards/forwards direction of hashing for tripcodes? Am I understanding this all wrong?

myndzi · September 02, 2013, 06:23:42 PM

If you take the ingredients to a recipe and mix them all in a bowl, it's hard to figure out the precise quantities of everything that went into it, right? Hashing relies on similar behavior. You can take an input and produce an output, but the nature of the 'scrambling' algorithm makes sure you can't do the reverse.

Edit: unless you're talking about 63 million vs 3 thousand -- that's not backwards/forwards, that's a non-cryptographic hash vs a cryptographic hash. The latter is intentionally slow so as to make brute forcing difficult. The former isn't meant for security purposes and is therefore much faster, but gets used that way incorrectly sometimes anyway.

jkwon23 · September 07, 2013, 11:49:03 PM

I don't really understand all the technical stuff, but thank you, myndzi! I'll be more careful with my password in games and non-trusty sites!

DarthDuck · September 08, 2013, 03:11:33 AM

I gather from the gist of the post that it would be inappropriate to make a quick walkthrough on how to crack hash code, but more can be said to explain what a hash code is.

If you go to this link: http://www.md5hashgenerator.com/index.php

You can type in any phrase and it will give you a hash code (cryptographic hash as myndzi puts it). The word you type in is the key. For example, if i type in the key "harddrop" I get:

2939a7dd48522f31a04470483f8332df

Anyone typing in that same key into that or any other MD5 generator will get the same result (MD5 is just an example of a type of hash code and there are more secure ones).

So the way that script kiddie brute-forcing programs work (I will leave them unnamed here) is by throwing millions of keys a second at a generator and seeing if there are any matches. The first thing it will do is a dictionary check, which only takes a fraction of a second. So if your key was "turtle" then you just got hacked in under a 10th of a second.

Why do you need to know this? Because once a key becomes over 7 characters long and is not in the dictionary, it can suddenly take days instead of minutes to crack. Add in capital letters, numbers, and special characters, and now we are talking about weeks. Go 10 characters or higher, and it becomes almost impossible to crack with brute force unless you are using some Prism-grade nanoprocessor. Then again, rainbow tables will help to crack that still (I won't explain that here).

So the reason why hash code are one way streets is that it only takes one action from a generator to go from a key to a code, but it can take millions (or billions) of guesses before the key is correctly guessed and therefore a hash code match is found.

Myndzi used the word salt?: A salt is an extra key (unknown to you as the user) which becomes combined with your key before entering an MD5 generator; it is basically customizes the encryption process.

Long story short, here are the key points you need to know:

ALL hash codes (tripcodes) are crackable, this is just a matter of time.
On the nullpomino server, you need to use a password that you will remember that you don't use elsewhere.
In general passwords should be long and have caps, special characters, and numbers.
If you are just using something for nullpomino and nullpomino only, then being crack-able isn't a big deal.

For those of you who don't know what we are even talking about and wondering what tripcodes are, you just type in a # after your name before you log onto a nullpomino server, and whatever you use after the # will be your password. This will generate a hash code that only you can generate.

Kitaru · September 08, 2013, 01:09:07 PM

Hash, not hashtags.

Hashtags on Twitter etc. are named that because one of the names for the character # is "the hash."

DarthDuck · September 08, 2013, 02:24:44 PM

Quote from: Kitaru
Hash, not hashtags.

EDIT: I see your point that "tag" seems to lack the crypotgraphic process, such as being used for brand recognition and promotion.

"any combination of characters led by a hash symbol is a hashtag"

source: http://en.wikipedia.org/wiki/Hashtag

I normally use the world "hash code" but was adapting the word 'tag' from certain nullpomino guides here. "Hash" by itself seems a little misleading since there are so many uses for hash tables but, I will go ahead and change all of my uses of 'hash tag' to 'hash code' since you don't like my phrasing.

myndzi · September 08, 2013, 03:06:35 PM

Hash tables are hash tables
Hash tags are hash tags
Hashes are hashes

A hash table uses a <hash> to index entries in a <table>
A hash tag uses a <#> ('hash sign') to <tag> a thing

A hash is not the same thing necessarily as a 'cryptographic hash' -- the latter implies that it is designed with security concerns in mind; other hashes are designed for other purposes, such as equal distribution (to make a <hash table> work well, or to serve as error detection)

Note that MD5 is most definitely NOT a cryptographically strong hash, just for the record.

Also, your advice regarding choosing a strong password is historically accurate, but modern password cracking has become much more advanced. For example, capital letters are good -- but most people use them either as all caps, or initial caps. Symbols are good -- but most people put a couple at the end of their password. Assumptions like these vastly reduce the amount of time it takes to crack passwords that, combinatorially speaking, would otherwise take a long time.

Unfortunately, the only *really* secure password is a long, random one. There are "cloud-based" password management tools these days that make it fairly easy to use extremely strong passwords, unique to each website. I recently began using LastPass, and while it's not perfect, it serves its purpose quite well. My passwords now look like:

e*HcyJeBJA8rCA&P@*Tz^x

... but all I have to do is remember a single master password. I made that password a good one, so it follows all the same rules, but I only have to memorize one of them.

If you're interested, here's a good article that goes into detail about some of the most recent password cracking techniques:

http://www.wired.co.uk/news/archive/2013-0...racking/viewall

DarthDuck · September 08, 2013, 03:10:58 PM

But what about using an MD5 or SHA as your actual password. In that case does it even matter how strong the key is?

I might be tempted to do that for my Gmail because if someone hacks my Google Drive I'm ****ed.

Paradox · September 08, 2013, 03:11:26 PM

I think the most important thing to take from this is the part about "don't use your regular passwords for your tripcode on nullpo"

myndzi · September 08, 2013, 03:46:30 PM

Quote from: DarthDuck
But what about using an MD5 or SHA as your actual password. In that case does it even matter how strong the key is?

I might be tempted to do that for my Gmail because if someone hacks my Google Drive I'm ****ed.

That would 1) be hard to implement and 2) be easier to crack than proper random characters. All-numeric passwords can be brute forced to much longer lengths than alphanumeric ones because there are only 10 potential characters in use. Hex has 16. On top of that, hashes are a fixed length. So, even though an MD5 hash is 32 characters long, that's 16^32 possible passwords:
340282366920938463463374607431768211456

With the full range of alphanumeric characters (62), 22 characters gets you a stronger password:
63^22 =
3850278001389542025943356831719778839169

So, it wouldn't be as strong as it looks, but it would probably be strong enough.

Unless somebody did a double-md5 dictionary attack! :O

If you hash 'lol' to get your password (9cdfb439c7876e703e307864c9167a15), it looks pretty strong, right? Well, it'd take about 17576 guesses to find if someone knew or guessed your scheme.

In the end, it's better to rely on actual strength rather than obfuscation.