What could an attacker do if they gained access to PBKDF2 hashes?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;







up vote
7
down vote

favorite
1












This is regarding a web application where a user has to login with their personal email as the ID, and a password they have chosen personally.



If an attacker somehow gained access to a credential store with a list of all the PBKDF2 hashes with the email addresses, to what extent could this be used maliciously?






passwords cryptography hash pbkdf2







share|improve this question























  • When you say “a list of all the PBKDF2 hashes”, do you mean to imply that the list would also include the email address corresponding to each hash, which is the most likely scenario, or do you mean just the hashes?
    – Mike Scott
    2 days ago










  • They would also include the email addresses.
    – deltzy
    2 days ago










  • Is this web application using Peppers and Salts?
    – Matthieu M.
    2 days ago










  • This is a well-known scenario, and I'm pretty sure there's a duplicate of this question somewhere - aren't you basically asking "what's the consequences of a database breach with correctly hashed passwords" ?
    – Riking
    yesterday
















up vote
7
down vote

favorite
1












This is regarding a web application where a user has to login with their personal email as the ID, and a password they have chosen personally.



If an attacker somehow gained access to a credential store with a list of all the PBKDF2 hashes with the email addresses, to what extent could this be used maliciously?






passwords cryptography hash pbkdf2







share|improve this question























  • When you say “a list of all the PBKDF2 hashes”, do you mean to imply that the list would also include the email address corresponding to each hash, which is the most likely scenario, or do you mean just the hashes?
    – Mike Scott
    2 days ago










  • They would also include the email addresses.
    – deltzy
    2 days ago










  • Is this web application using Peppers and Salts?
    – Matthieu M.
    2 days ago










  • This is a well-known scenario, and I'm pretty sure there's a duplicate of this question somewhere - aren't you basically asking "what's the consequences of a database breach with correctly hashed passwords" ?
    – Riking
    yesterday












up vote
7
down vote

favorite
1









up vote
7
down vote

favorite
1






1





This is regarding a web application where a user has to login with their personal email as the ID, and a password they have chosen personally.



If an attacker somehow gained access to a credential store with a list of all the PBKDF2 hashes with the email addresses, to what extent could this be used maliciously?






passwords cryptography hash pbkdf2







share|improve this question















This is regarding a web application where a user has to login with their personal email as the ID, and a password they have chosen personally.



If an attacker somehow gained access to a credential store with a list of all the PBKDF2 hashes with the email addresses, to what extent could this be used maliciously?






passwords cryptography hash pbkdf2




passwords cryptography hash pbkdf2






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 2 days ago

























asked 2 days ago









deltzy

525




525











  • When you say “a list of all the PBKDF2 hashes”, do you mean to imply that the list would also include the email address corresponding to each hash, which is the most likely scenario, or do you mean just the hashes?
    – Mike Scott
    2 days ago










  • They would also include the email addresses.
    – deltzy
    2 days ago










  • Is this web application using Peppers and Salts?
    – Matthieu M.
    2 days ago










  • This is a well-known scenario, and I'm pretty sure there's a duplicate of this question somewhere - aren't you basically asking "what's the consequences of a database breach with correctly hashed passwords" ?
    – Riking
    yesterday
















  • When you say “a list of all the PBKDF2 hashes”, do you mean to imply that the list would also include the email address corresponding to each hash, which is the most likely scenario, or do you mean just the hashes?
    – Mike Scott
    2 days ago










  • They would also include the email addresses.
    – deltzy
    2 days ago










  • Is this web application using Peppers and Salts?
    – Matthieu M.
    2 days ago










  • This is a well-known scenario, and I'm pretty sure there's a duplicate of this question somewhere - aren't you basically asking "what's the consequences of a database breach with correctly hashed passwords" ?
    – Riking
    yesterday















When you say “a list of all the PBKDF2 hashes”, do you mean to imply that the list would also include the email address corresponding to each hash, which is the most likely scenario, or do you mean just the hashes?
– Mike Scott
2 days ago




When you say “a list of all the PBKDF2 hashes”, do you mean to imply that the list would also include the email address corresponding to each hash, which is the most likely scenario, or do you mean just the hashes?
– Mike Scott
2 days ago












They would also include the email addresses.
– deltzy
2 days ago




They would also include the email addresses.
– deltzy
2 days ago












Is this web application using Peppers and Salts?
– Matthieu M.
2 days ago




Is this web application using Peppers and Salts?
– Matthieu M.
2 days ago












This is a well-known scenario, and I'm pretty sure there's a duplicate of this question somewhere - aren't you basically asking "what's the consequences of a database breach with correctly hashed passwords" ?
– Riking
yesterday




This is a well-known scenario, and I'm pretty sure there's a duplicate of this question somewhere - aren't you basically asking "what's the consequences of a database breach with correctly hashed passwords" ?
– Riking
yesterday










2 Answers
2






active

oldest

votes

















up vote
9
down vote



accepted










The attacker would have to crack the hashes in order to obtain the original passwords. Since PBKDF2 does multiple iterations of the same hash function, the act of cracking them would be significantly slower. The end result is that even weaker passwords are less likely be revealed, leading to a significantly lower percentage of successfully cracked passwords in the credential list.






share|improve this answer
















  • 3




    Lists of hundreds of millions of previously-compromised passwords are freely available, and it’s perfectly feasible to run the whole of such a list against a few thousand leaked hashes. Experience shows that this will reveal 80% to 90% of all passwords. troyhunt.com/86-of-passwords-are-terrible-and-other-statistics
    – Mike Scott
    2 days ago






  • 3




    @MikeScott Quite a few are indeed terrible, but 80% or 90% is a lot more than it really is. Just compare a leaked MD5 hash list with a leaked bcrypt hash list. The former may have almost 50% cracked, whereas the latter may have under 10% cracked!
    – forest
    2 days ago

















up vote
4
down vote













Assuming the attacker got the salts as well as the hashes, they could run a list of known previously used passwords against the list of hashes and get the passwords of most of the users, since the majority of users use passwords whose plain text has already been compromised somewhere. They couldn’t recover long well-chosen passwords that have never been used before.






share|improve this answer






















  • While true, I'm not sure if this is especially applicable, as the attacker could just as easily take those leaked password lists and simply login to the website itself. The only thing they would really need to do that is the list of email addresses, so in this case the actual useful information from the leak would be the list of registered email addresses. The passwords themselves would actually be less valuable. It is true that offline cracking would be easier to setup and faster than attempting logins on the live site, but I don't think it would be a dramatic difference.
    – Conor Mancone
    2 days ago






  • 10




    There is indeed a dramatic difference between online and offline attack. Offline, you can quickly guess triillions (fast hashes) or hundreds of thousands / millions (slow hashes) of candidate passwords against a single account, discover original plaintext, and use it to immediately log into the site without triggering any alarms. Online, if targeting a single user, your IP address(es) and/or the target user's account is likely to get locked out after relatively small number of guesses. Password spraying can help in an online attack, but it's still massively less stealthy than offline attack.
    – Royce Williams
    2 days ago











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f193366%2fwhat-could-an-attacker-do-if-they-gained-access-to-pbkdf2-hashes%23new-answer', 'question_page');

);

Post as a guest

















2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
9
down vote



accepted










The attacker would have to crack the hashes in order to obtain the original passwords. Since PBKDF2 does multiple iterations of the same hash function, the act of cracking them would be significantly slower. The end result is that even weaker passwords are less likely be revealed, leading to a significantly lower percentage of successfully cracked passwords in the credential list.






share|improve this answer
















  • 3




    Lists of hundreds of millions of previously-compromised passwords are freely available, and it’s perfectly feasible to run the whole of such a list against a few thousand leaked hashes. Experience shows that this will reveal 80% to 90% of all passwords. troyhunt.com/86-of-passwords-are-terrible-and-other-statistics
    – Mike Scott
    2 days ago






  • 3




    @MikeScott Quite a few are indeed terrible, but 80% or 90% is a lot more than it really is. Just compare a leaked MD5 hash list with a leaked bcrypt hash list. The former may have almost 50% cracked, whereas the latter may have under 10% cracked!
    – forest
    2 days ago














up vote
9
down vote



accepted










The attacker would have to crack the hashes in order to obtain the original passwords. Since PBKDF2 does multiple iterations of the same hash function, the act of cracking them would be significantly slower. The end result is that even weaker passwords are less likely be revealed, leading to a significantly lower percentage of successfully cracked passwords in the credential list.






share|improve this answer
















  • 3




    Lists of hundreds of millions of previously-compromised passwords are freely available, and it’s perfectly feasible to run the whole of such a list against a few thousand leaked hashes. Experience shows that this will reveal 80% to 90% of all passwords. troyhunt.com/86-of-passwords-are-terrible-and-other-statistics
    – Mike Scott
    2 days ago






  • 3




    @MikeScott Quite a few are indeed terrible, but 80% or 90% is a lot more than it really is. Just compare a leaked MD5 hash list with a leaked bcrypt hash list. The former may have almost 50% cracked, whereas the latter may have under 10% cracked!
    – forest
    2 days ago












up vote
9
down vote



accepted







up vote
9
down vote



accepted






The attacker would have to crack the hashes in order to obtain the original passwords. Since PBKDF2 does multiple iterations of the same hash function, the act of cracking them would be significantly slower. The end result is that even weaker passwords are less likely be revealed, leading to a significantly lower percentage of successfully cracked passwords in the credential list.






share|improve this answer












The attacker would have to crack the hashes in order to obtain the original passwords. Since PBKDF2 does multiple iterations of the same hash function, the act of cracking them would be significantly slower. The end result is that even weaker passwords are less likely be revealed, leading to a significantly lower percentage of successfully cracked passwords in the credential list.







share|improve this answer












share|improve this answer



share|improve this answer










answered 2 days ago









forest

22k116886




22k116886







  • 3




    Lists of hundreds of millions of previously-compromised passwords are freely available, and it’s perfectly feasible to run the whole of such a list against a few thousand leaked hashes. Experience shows that this will reveal 80% to 90% of all passwords. troyhunt.com/86-of-passwords-are-terrible-and-other-statistics
    – Mike Scott
    2 days ago






  • 3




    @MikeScott Quite a few are indeed terrible, but 80% or 90% is a lot more than it really is. Just compare a leaked MD5 hash list with a leaked bcrypt hash list. The former may have almost 50% cracked, whereas the latter may have under 10% cracked!
    – forest
    2 days ago












  • 3




    Lists of hundreds of millions of previously-compromised passwords are freely available, and it’s perfectly feasible to run the whole of such a list against a few thousand leaked hashes. Experience shows that this will reveal 80% to 90% of all passwords. troyhunt.com/86-of-passwords-are-terrible-and-other-statistics
    – Mike Scott
    2 days ago






  • 3




    @MikeScott Quite a few are indeed terrible, but 80% or 90% is a lot more than it really is. Just compare a leaked MD5 hash list with a leaked bcrypt hash list. The former may have almost 50% cracked, whereas the latter may have under 10% cracked!
    – forest
    2 days ago







3




3




Lists of hundreds of millions of previously-compromised passwords are freely available, and it’s perfectly feasible to run the whole of such a list against a few thousand leaked hashes. Experience shows that this will reveal 80% to 90% of all passwords. troyhunt.com/86-of-passwords-are-terrible-and-other-statistics
– Mike Scott
2 days ago




Lists of hundreds of millions of previously-compromised passwords are freely available, and it’s perfectly feasible to run the whole of such a list against a few thousand leaked hashes. Experience shows that this will reveal 80% to 90% of all passwords. troyhunt.com/86-of-passwords-are-terrible-and-other-statistics
– Mike Scott
2 days ago




3




3




@MikeScott Quite a few are indeed terrible, but 80% or 90% is a lot more than it really is. Just compare a leaked MD5 hash list with a leaked bcrypt hash list. The former may have almost 50% cracked, whereas the latter may have under 10% cracked!
– forest
2 days ago




@MikeScott Quite a few are indeed terrible, but 80% or 90% is a lot more than it really is. Just compare a leaked MD5 hash list with a leaked bcrypt hash list. The former may have almost 50% cracked, whereas the latter may have under 10% cracked!
– forest
2 days ago












up vote
4
down vote













Assuming the attacker got the salts as well as the hashes, they could run a list of known previously used passwords against the list of hashes and get the passwords of most of the users, since the majority of users use passwords whose plain text has already been compromised somewhere. They couldn’t recover long well-chosen passwords that have never been used before.






share|improve this answer






















  • While true, I'm not sure if this is especially applicable, as the attacker could just as easily take those leaked password lists and simply login to the website itself. The only thing they would really need to do that is the list of email addresses, so in this case the actual useful information from the leak would be the list of registered email addresses. The passwords themselves would actually be less valuable. It is true that offline cracking would be easier to setup and faster than attempting logins on the live site, but I don't think it would be a dramatic difference.
    – Conor Mancone
    2 days ago






  • 10




    There is indeed a dramatic difference between online and offline attack. Offline, you can quickly guess triillions (fast hashes) or hundreds of thousands / millions (slow hashes) of candidate passwords against a single account, discover original plaintext, and use it to immediately log into the site without triggering any alarms. Online, if targeting a single user, your IP address(es) and/or the target user's account is likely to get locked out after relatively small number of guesses. Password spraying can help in an online attack, but it's still massively less stealthy than offline attack.
    – Royce Williams
    2 days ago















up vote
4
down vote













Assuming the attacker got the salts as well as the hashes, they could run a list of known previously used passwords against the list of hashes and get the passwords of most of the users, since the majority of users use passwords whose plain text has already been compromised somewhere. They couldn’t recover long well-chosen passwords that have never been used before.






share|improve this answer






















  • While true, I'm not sure if this is especially applicable, as the attacker could just as easily take those leaked password lists and simply login to the website itself. The only thing they would really need to do that is the list of email addresses, so in this case the actual useful information from the leak would be the list of registered email addresses. The passwords themselves would actually be less valuable. It is true that offline cracking would be easier to setup and faster than attempting logins on the live site, but I don't think it would be a dramatic difference.
    – Conor Mancone
    2 days ago






  • 10




    There is indeed a dramatic difference between online and offline attack. Offline, you can quickly guess triillions (fast hashes) or hundreds of thousands / millions (slow hashes) of candidate passwords against a single account, discover original plaintext, and use it to immediately log into the site without triggering any alarms. Online, if targeting a single user, your IP address(es) and/or the target user's account is likely to get locked out after relatively small number of guesses. Password spraying can help in an online attack, but it's still massively less stealthy than offline attack.
    – Royce Williams
    2 days ago













up vote
4
down vote










up vote
4
down vote









Assuming the attacker got the salts as well as the hashes, they could run a list of known previously used passwords against the list of hashes and get the passwords of most of the users, since the majority of users use passwords whose plain text has already been compromised somewhere. They couldn’t recover long well-chosen passwords that have never been used before.






share|improve this answer














Assuming the attacker got the salts as well as the hashes, they could run a list of known previously used passwords against the list of hashes and get the passwords of most of the users, since the majority of users use passwords whose plain text has already been compromised somewhere. They couldn’t recover long well-chosen passwords that have never been used before.







share|improve this answer














share|improve this answer



share|improve this answer








edited 2 days ago

























answered 2 days ago









Mike Scott

6,6481328




6,6481328











  • While true, I'm not sure if this is especially applicable, as the attacker could just as easily take those leaked password lists and simply login to the website itself. The only thing they would really need to do that is the list of email addresses, so in this case the actual useful information from the leak would be the list of registered email addresses. The passwords themselves would actually be less valuable. It is true that offline cracking would be easier to setup and faster than attempting logins on the live site, but I don't think it would be a dramatic difference.
    – Conor Mancone
    2 days ago






  • 10




    There is indeed a dramatic difference between online and offline attack. Offline, you can quickly guess triillions (fast hashes) or hundreds of thousands / millions (slow hashes) of candidate passwords against a single account, discover original plaintext, and use it to immediately log into the site without triggering any alarms. Online, if targeting a single user, your IP address(es) and/or the target user's account is likely to get locked out after relatively small number of guesses. Password spraying can help in an online attack, but it's still massively less stealthy than offline attack.
    – Royce Williams
    2 days ago

















  • While true, I'm not sure if this is especially applicable, as the attacker could just as easily take those leaked password lists and simply login to the website itself. The only thing they would really need to do that is the list of email addresses, so in this case the actual useful information from the leak would be the list of registered email addresses. The passwords themselves would actually be less valuable. It is true that offline cracking would be easier to setup and faster than attempting logins on the live site, but I don't think it would be a dramatic difference.
    – Conor Mancone
    2 days ago






  • 10




    There is indeed a dramatic difference between online and offline attack. Offline, you can quickly guess triillions (fast hashes) or hundreds of thousands / millions (slow hashes) of candidate passwords against a single account, discover original plaintext, and use it to immediately log into the site without triggering any alarms. Online, if targeting a single user, your IP address(es) and/or the target user's account is likely to get locked out after relatively small number of guesses. Password spraying can help in an online attack, but it's still massively less stealthy than offline attack.
    – Royce Williams
    2 days ago
















While true, I'm not sure if this is especially applicable, as the attacker could just as easily take those leaked password lists and simply login to the website itself. The only thing they would really need to do that is the list of email addresses, so in this case the actual useful information from the leak would be the list of registered email addresses. The passwords themselves would actually be less valuable. It is true that offline cracking would be easier to setup and faster than attempting logins on the live site, but I don't think it would be a dramatic difference.
– Conor Mancone
2 days ago




While true, I'm not sure if this is especially applicable, as the attacker could just as easily take those leaked password lists and simply login to the website itself. The only thing they would really need to do that is the list of email addresses, so in this case the actual useful information from the leak would be the list of registered email addresses. The passwords themselves would actually be less valuable. It is true that offline cracking would be easier to setup and faster than attempting logins on the live site, but I don't think it would be a dramatic difference.
– Conor Mancone
2 days ago




10




10




There is indeed a dramatic difference between online and offline attack. Offline, you can quickly guess triillions (fast hashes) or hundreds of thousands / millions (slow hashes) of candidate passwords against a single account, discover original plaintext, and use it to immediately log into the site without triggering any alarms. Online, if targeting a single user, your IP address(es) and/or the target user's account is likely to get locked out after relatively small number of guesses. Password spraying can help in an online attack, but it's still massively less stealthy than offline attack.
– Royce Williams
2 days ago





There is indeed a dramatic difference between online and offline attack. Offline, you can quickly guess triillions (fast hashes) or hundreds of thousands / millions (slow hashes) of candidate passwords against a single account, discover original plaintext, and use it to immediately log into the site without triggering any alarms. Online, if targeting a single user, your IP address(es) and/or the target user's account is likely to get locked out after relatively small number of guesses. Password spraying can help in an online attack, but it's still massively less stealthy than offline attack.
– Royce Williams
2 days ago


















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f193366%2fwhat-could-an-attacker-do-if-they-gained-access-to-pbkdf2-hashes%23new-answer', 'question_page');

);

Post as a guest
































































Comments

Post a Comment

Popular posts from this blog

Long meetings (6-7 hours a day): Being “babysat” by supervisor

Image
Clash Royale CLAN TAG #URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0; up vote 31 down vote favorite 4 I hold a PhD in mechanical engineering with a 7 year background in self-guided, self-paced research including 2 years as a graduate level course instructor and a subject matter expert for various engineering projects in a university setting in the United States. For the last 10-11 months, I am working in a research industry in France where my task is to debug C++ spaghetti code written over a period of several years by my current supervisor. It is a team of 2: just I and my supervisor. Diurnally, I am posed with a "bug of the day" to get out of this C++ code. My supervisor generally gives me about 15-30 minutes to solve it and then accosts me about whether or not the task is completed and then rinses and repeats this until the end of the day. Off-late, my supervisor has been holding 6-7 hour long "meetin
Read more

Is the Concept of Multiple Fantasy Races Scientifically Flawed? [closed]

Image
Clash Royale CLAN TAG #URR8PPP up vote 2 down vote favorite Many fantasy worlds have multiple humanoid species (elves, orcs, humans, etc) living in the same world, in addition to that, they often have the ability to interbreed. And I can't help but question their believability... fantasy-races reproduction interspecies-relations share | improve this question edited Aug 9 at 14:46 Michael Kjörling ♦ 21.1k 10 85 161 asked Aug 9 at 13:13 Chlodio 118 6 closed as unclear what you're asking by MichaelK, Gryphon, John, Vincent, Frostfyre Aug 9 at 15:25 Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question. 3 Stack Exchange exist to
Read more

Confectionery

Image
Prepared foods made with a lot of sugar or other cabohydrates "Sweetmeat" redirects here. For the racehorse, see Sweetmeat (horse). Not to be confused with Sweetbread. This Kransekake is a traditional Scandinavian baker's confection. Confectionery is the art of making confections , which are food items that are rich in sugar and carbohydrates. Exact definitions are difficult. [1] In general, though, confectionery is divided into two broad and somewhat overlapping categories, bakers' confections and sugar confections. [2] Bakers' confectionery, also called flour confections , includes principally sweet pastries, cakes, and similar baked goods. Sugar confectionery includes candies ( sweets in British English), candied nuts, chocolates, chewing gum, bubble gum, pastillage, and other confections that are made primarily of sugar. In some cases, chocolate confections (confections made of chocolate) are treated as a separate category, as are sugar-free versions of
Read more