What could an attacker do if they gained access to PBKDF2 hashes?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;







up vote
7
down vote

favorite
1












This is regarding a web application where a user has to login with their personal email as the ID, and a password they have chosen personally.



If an attacker somehow gained access to a credential store with a list of all the PBKDF2 hashes with the email addresses, to what extent could this be used maliciously?






passwords cryptography hash pbkdf2







share|improve this question























  • When you say “a list of all the PBKDF2 hashes”, do you mean to imply that the list would also include the email address corresponding to each hash, which is the most likely scenario, or do you mean just the hashes?
    – Mike Scott
    2 days ago










  • They would also include the email addresses.
    – deltzy
    2 days ago










  • Is this web application using Peppers and Salts?
    – Matthieu M.
    2 days ago










  • This is a well-known scenario, and I'm pretty sure there's a duplicate of this question somewhere - aren't you basically asking "what's the consequences of a database breach with correctly hashed passwords" ?
    – Riking
    yesterday
















up vote
7
down vote

favorite
1












This is regarding a web application where a user has to login with their personal email as the ID, and a password they have chosen personally.



If an attacker somehow gained access to a credential store with a list of all the PBKDF2 hashes with the email addresses, to what extent could this be used maliciously?






passwords cryptography hash pbkdf2







share|improve this question























  • When you say “a list of all the PBKDF2 hashes”, do you mean to imply that the list would also include the email address corresponding to each hash, which is the most likely scenario, or do you mean just the hashes?
    – Mike Scott
    2 days ago










  • They would also include the email addresses.
    – deltzy
    2 days ago










  • Is this web application using Peppers and Salts?
    – Matthieu M.
    2 days ago










  • This is a well-known scenario, and I'm pretty sure there's a duplicate of this question somewhere - aren't you basically asking "what's the consequences of a database breach with correctly hashed passwords" ?
    – Riking
    yesterday












up vote
7
down vote

favorite
1









up vote
7
down vote

favorite
1






1





This is regarding a web application where a user has to login with their personal email as the ID, and a password they have chosen personally.



If an attacker somehow gained access to a credential store with a list of all the PBKDF2 hashes with the email addresses, to what extent could this be used maliciously?






passwords cryptography hash pbkdf2







share|improve this question















This is regarding a web application where a user has to login with their personal email as the ID, and a password they have chosen personally.



If an attacker somehow gained access to a credential store with a list of all the PBKDF2 hashes with the email addresses, to what extent could this be used maliciously?






passwords cryptography hash pbkdf2




passwords cryptography hash pbkdf2






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 2 days ago

























asked 2 days ago









deltzy

525




525











  • When you say “a list of all the PBKDF2 hashes”, do you mean to imply that the list would also include the email address corresponding to each hash, which is the most likely scenario, or do you mean just the hashes?
    – Mike Scott
    2 days ago










  • They would also include the email addresses.
    – deltzy
    2 days ago










  • Is this web application using Peppers and Salts?
    – Matthieu M.
    2 days ago










  • This is a well-known scenario, and I'm pretty sure there's a duplicate of this question somewhere - aren't you basically asking "what's the consequences of a database breach with correctly hashed passwords" ?
    – Riking
    yesterday
















  • When you say “a list of all the PBKDF2 hashes”, do you mean to imply that the list would also include the email address corresponding to each hash, which is the most likely scenario, or do you mean just the hashes?
    – Mike Scott
    2 days ago










  • They would also include the email addresses.
    – deltzy
    2 days ago










  • Is this web application using Peppers and Salts?
    – Matthieu M.
    2 days ago










  • This is a well-known scenario, and I'm pretty sure there's a duplicate of this question somewhere - aren't you basically asking "what's the consequences of a database breach with correctly hashed passwords" ?
    – Riking
    yesterday















When you say “a list of all the PBKDF2 hashes”, do you mean to imply that the list would also include the email address corresponding to each hash, which is the most likely scenario, or do you mean just the hashes?
– Mike Scott
2 days ago




When you say “a list of all the PBKDF2 hashes”, do you mean to imply that the list would also include the email address corresponding to each hash, which is the most likely scenario, or do you mean just the hashes?
– Mike Scott
2 days ago












They would also include the email addresses.
– deltzy
2 days ago




They would also include the email addresses.
– deltzy
2 days ago












Is this web application using Peppers and Salts?
– Matthieu M.
2 days ago




Is this web application using Peppers and Salts?
– Matthieu M.
2 days ago












This is a well-known scenario, and I'm pretty sure there's a duplicate of this question somewhere - aren't you basically asking "what's the consequences of a database breach with correctly hashed passwords" ?
– Riking
yesterday




This is a well-known scenario, and I'm pretty sure there's a duplicate of this question somewhere - aren't you basically asking "what's the consequences of a database breach with correctly hashed passwords" ?
– Riking
yesterday










2 Answers
2






active

oldest

votes

















up vote
9
down vote



accepted










The attacker would have to crack the hashes in order to obtain the original passwords. Since PBKDF2 does multiple iterations of the same hash function, the act of cracking them would be significantly slower. The end result is that even weaker passwords are less likely be revealed, leading to a significantly lower percentage of successfully cracked passwords in the credential list.






share|improve this answer
















  • 3




    Lists of hundreds of millions of previously-compromised passwords are freely available, and it’s perfectly feasible to run the whole of such a list against a few thousand leaked hashes. Experience shows that this will reveal 80% to 90% of all passwords. troyhunt.com/86-of-passwords-are-terrible-and-other-statistics
    – Mike Scott
    2 days ago






  • 3




    @MikeScott Quite a few are indeed terrible, but 80% or 90% is a lot more than it really is. Just compare a leaked MD5 hash list with a leaked bcrypt hash list. The former may have almost 50% cracked, whereas the latter may have under 10% cracked!
    – forest
    2 days ago

















up vote
4
down vote













Assuming the attacker got the salts as well as the hashes, they could run a list of known previously used passwords against the list of hashes and get the passwords of most of the users, since the majority of users use passwords whose plain text has already been compromised somewhere. They couldn’t recover long well-chosen passwords that have never been used before.






share|improve this answer






















  • While true, I'm not sure if this is especially applicable, as the attacker could just as easily take those leaked password lists and simply login to the website itself. The only thing they would really need to do that is the list of email addresses, so in this case the actual useful information from the leak would be the list of registered email addresses. The passwords themselves would actually be less valuable. It is true that offline cracking would be easier to setup and faster than attempting logins on the live site, but I don't think it would be a dramatic difference.
    – Conor Mancone
    2 days ago






  • 10




    There is indeed a dramatic difference between online and offline attack. Offline, you can quickly guess triillions (fast hashes) or hundreds of thousands / millions (slow hashes) of candidate passwords against a single account, discover original plaintext, and use it to immediately log into the site without triggering any alarms. Online, if targeting a single user, your IP address(es) and/or the target user's account is likely to get locked out after relatively small number of guesses. Password spraying can help in an online attack, but it's still massively less stealthy than offline attack.
    – Royce Williams
    2 days ago











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f193366%2fwhat-could-an-attacker-do-if-they-gained-access-to-pbkdf2-hashes%23new-answer', 'question_page');

);

Post as a guest

















2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
9
down vote



accepted










The attacker would have to crack the hashes in order to obtain the original passwords. Since PBKDF2 does multiple iterations of the same hash function, the act of cracking them would be significantly slower. The end result is that even weaker passwords are less likely be revealed, leading to a significantly lower percentage of successfully cracked passwords in the credential list.






share|improve this answer
















  • 3




    Lists of hundreds of millions of previously-compromised passwords are freely available, and it’s perfectly feasible to run the whole of such a list against a few thousand leaked hashes. Experience shows that this will reveal 80% to 90% of all passwords. troyhunt.com/86-of-passwords-are-terrible-and-other-statistics
    – Mike Scott
    2 days ago






  • 3




    @MikeScott Quite a few are indeed terrible, but 80% or 90% is a lot more than it really is. Just compare a leaked MD5 hash list with a leaked bcrypt hash list. The former may have almost 50% cracked, whereas the latter may have under 10% cracked!
    – forest
    2 days ago














up vote
9
down vote



accepted










The attacker would have to crack the hashes in order to obtain the original passwords. Since PBKDF2 does multiple iterations of the same hash function, the act of cracking them would be significantly slower. The end result is that even weaker passwords are less likely be revealed, leading to a significantly lower percentage of successfully cracked passwords in the credential list.






share|improve this answer
















  • 3




    Lists of hundreds of millions of previously-compromised passwords are freely available, and it’s perfectly feasible to run the whole of such a list against a few thousand leaked hashes. Experience shows that this will reveal 80% to 90% of all passwords. troyhunt.com/86-of-passwords-are-terrible-and-other-statistics
    – Mike Scott
    2 days ago






  • 3




    @MikeScott Quite a few are indeed terrible, but 80% or 90% is a lot more than it really is. Just compare a leaked MD5 hash list with a leaked bcrypt hash list. The former may have almost 50% cracked, whereas the latter may have under 10% cracked!
    – forest
    2 days ago












up vote
9
down vote



accepted







up vote
9
down vote



accepted






The attacker would have to crack the hashes in order to obtain the original passwords. Since PBKDF2 does multiple iterations of the same hash function, the act of cracking them would be significantly slower. The end result is that even weaker passwords are less likely be revealed, leading to a significantly lower percentage of successfully cracked passwords in the credential list.






share|improve this answer












The attacker would have to crack the hashes in order to obtain the original passwords. Since PBKDF2 does multiple iterations of the same hash function, the act of cracking them would be significantly slower. The end result is that even weaker passwords are less likely be revealed, leading to a significantly lower percentage of successfully cracked passwords in the credential list.







share|improve this answer












share|improve this answer



share|improve this answer










answered 2 days ago









forest

22k116886




22k116886







  • 3




    Lists of hundreds of millions of previously-compromised passwords are freely available, and it’s perfectly feasible to run the whole of such a list against a few thousand leaked hashes. Experience shows that this will reveal 80% to 90% of all passwords. troyhunt.com/86-of-passwords-are-terrible-and-other-statistics
    – Mike Scott
    2 days ago






  • 3




    @MikeScott Quite a few are indeed terrible, but 80% or 90% is a lot more than it really is. Just compare a leaked MD5 hash list with a leaked bcrypt hash list. The former may have almost 50% cracked, whereas the latter may have under 10% cracked!
    – forest
    2 days ago












  • 3




    Lists of hundreds of millions of previously-compromised passwords are freely available, and it’s perfectly feasible to run the whole of such a list against a few thousand leaked hashes. Experience shows that this will reveal 80% to 90% of all passwords. troyhunt.com/86-of-passwords-are-terrible-and-other-statistics
    – Mike Scott
    2 days ago






  • 3




    @MikeScott Quite a few are indeed terrible, but 80% or 90% is a lot more than it really is. Just compare a leaked MD5 hash list with a leaked bcrypt hash list. The former may have almost 50% cracked, whereas the latter may have under 10% cracked!
    – forest
    2 days ago







3




3




Lists of hundreds of millions of previously-compromised passwords are freely available, and it’s perfectly feasible to run the whole of such a list against a few thousand leaked hashes. Experience shows that this will reveal 80% to 90% of all passwords. troyhunt.com/86-of-passwords-are-terrible-and-other-statistics
– Mike Scott
2 days ago




Lists of hundreds of millions of previously-compromised passwords are freely available, and it’s perfectly feasible to run the whole of such a list against a few thousand leaked hashes. Experience shows that this will reveal 80% to 90% of all passwords. troyhunt.com/86-of-passwords-are-terrible-and-other-statistics
– Mike Scott
2 days ago




3




3




@MikeScott Quite a few are indeed terrible, but 80% or 90% is a lot more than it really is. Just compare a leaked MD5 hash list with a leaked bcrypt hash list. The former may have almost 50% cracked, whereas the latter may have under 10% cracked!
– forest
2 days ago




@MikeScott Quite a few are indeed terrible, but 80% or 90% is a lot more than it really is. Just compare a leaked MD5 hash list with a leaked bcrypt hash list. The former may have almost 50% cracked, whereas the latter may have under 10% cracked!
– forest
2 days ago












up vote
4
down vote













Assuming the attacker got the salts as well as the hashes, they could run a list of known previously used passwords against the list of hashes and get the passwords of most of the users, since the majority of users use passwords whose plain text has already been compromised somewhere. They couldn’t recover long well-chosen passwords that have never been used before.






share|improve this answer






















  • While true, I'm not sure if this is especially applicable, as the attacker could just as easily take those leaked password lists and simply login to the website itself. The only thing they would really need to do that is the list of email addresses, so in this case the actual useful information from the leak would be the list of registered email addresses. The passwords themselves would actually be less valuable. It is true that offline cracking would be easier to setup and faster than attempting logins on the live site, but I don't think it would be a dramatic difference.
    – Conor Mancone
    2 days ago






  • 10




    There is indeed a dramatic difference between online and offline attack. Offline, you can quickly guess triillions (fast hashes) or hundreds of thousands / millions (slow hashes) of candidate passwords against a single account, discover original plaintext, and use it to immediately log into the site without triggering any alarms. Online, if targeting a single user, your IP address(es) and/or the target user's account is likely to get locked out after relatively small number of guesses. Password spraying can help in an online attack, but it's still massively less stealthy than offline attack.
    – Royce Williams
    2 days ago















up vote
4
down vote













Assuming the attacker got the salts as well as the hashes, they could run a list of known previously used passwords against the list of hashes and get the passwords of most of the users, since the majority of users use passwords whose plain text has already been compromised somewhere. They couldn’t recover long well-chosen passwords that have never been used before.






share|improve this answer






















  • While true, I'm not sure if this is especially applicable, as the attacker could just as easily take those leaked password lists and simply login to the website itself. The only thing they would really need to do that is the list of email addresses, so in this case the actual useful information from the leak would be the list of registered email addresses. The passwords themselves would actually be less valuable. It is true that offline cracking would be easier to setup and faster than attempting logins on the live site, but I don't think it would be a dramatic difference.
    – Conor Mancone
    2 days ago






  • 10




    There is indeed a dramatic difference between online and offline attack. Offline, you can quickly guess triillions (fast hashes) or hundreds of thousands / millions (slow hashes) of candidate passwords against a single account, discover original plaintext, and use it to immediately log into the site without triggering any alarms. Online, if targeting a single user, your IP address(es) and/or the target user's account is likely to get locked out after relatively small number of guesses. Password spraying can help in an online attack, but it's still massively less stealthy than offline attack.
    – Royce Williams
    2 days ago













up vote
4
down vote










up vote
4
down vote









Assuming the attacker got the salts as well as the hashes, they could run a list of known previously used passwords against the list of hashes and get the passwords of most of the users, since the majority of users use passwords whose plain text has already been compromised somewhere. They couldn’t recover long well-chosen passwords that have never been used before.






share|improve this answer














Assuming the attacker got the salts as well as the hashes, they could run a list of known previously used passwords against the list of hashes and get the passwords of most of the users, since the majority of users use passwords whose plain text has already been compromised somewhere. They couldn’t recover long well-chosen passwords that have never been used before.







share|improve this answer














share|improve this answer



share|improve this answer








edited 2 days ago

























answered 2 days ago









Mike Scott

6,6481328




6,6481328











  • While true, I'm not sure if this is especially applicable, as the attacker could just as easily take those leaked password lists and simply login to the website itself. The only thing they would really need to do that is the list of email addresses, so in this case the actual useful information from the leak would be the list of registered email addresses. The passwords themselves would actually be less valuable. It is true that offline cracking would be easier to setup and faster than attempting logins on the live site, but I don't think it would be a dramatic difference.
    – Conor Mancone
    2 days ago






  • 10




    There is indeed a dramatic difference between online and offline attack. Offline, you can quickly guess triillions (fast hashes) or hundreds of thousands / millions (slow hashes) of candidate passwords against a single account, discover original plaintext, and use it to immediately log into the site without triggering any alarms. Online, if targeting a single user, your IP address(es) and/or the target user's account is likely to get locked out after relatively small number of guesses. Password spraying can help in an online attack, but it's still massively less stealthy than offline attack.
    – Royce Williams
    2 days ago

















  • While true, I'm not sure if this is especially applicable, as the attacker could just as easily take those leaked password lists and simply login to the website itself. The only thing they would really need to do that is the list of email addresses, so in this case the actual useful information from the leak would be the list of registered email addresses. The passwords themselves would actually be less valuable. It is true that offline cracking would be easier to setup and faster than attempting logins on the live site, but I don't think it would be a dramatic difference.
    – Conor Mancone
    2 days ago






  • 10




    There is indeed a dramatic difference between online and offline attack. Offline, you can quickly guess triillions (fast hashes) or hundreds of thousands / millions (slow hashes) of candidate passwords against a single account, discover original plaintext, and use it to immediately log into the site without triggering any alarms. Online, if targeting a single user, your IP address(es) and/or the target user's account is likely to get locked out after relatively small number of guesses. Password spraying can help in an online attack, but it's still massively less stealthy than offline attack.
    – Royce Williams
    2 days ago
















While true, I'm not sure if this is especially applicable, as the attacker could just as easily take those leaked password lists and simply login to the website itself. The only thing they would really need to do that is the list of email addresses, so in this case the actual useful information from the leak would be the list of registered email addresses. The passwords themselves would actually be less valuable. It is true that offline cracking would be easier to setup and faster than attempting logins on the live site, but I don't think it would be a dramatic difference.
– Conor Mancone
2 days ago




While true, I'm not sure if this is especially applicable, as the attacker could just as easily take those leaked password lists and simply login to the website itself. The only thing they would really need to do that is the list of email addresses, so in this case the actual useful information from the leak would be the list of registered email addresses. The passwords themselves would actually be less valuable. It is true that offline cracking would be easier to setup and faster than attempting logins on the live site, but I don't think it would be a dramatic difference.
– Conor Mancone
2 days ago




10




10




There is indeed a dramatic difference between online and offline attack. Offline, you can quickly guess triillions (fast hashes) or hundreds of thousands / millions (slow hashes) of candidate passwords against a single account, discover original plaintext, and use it to immediately log into the site without triggering any alarms. Online, if targeting a single user, your IP address(es) and/or the target user's account is likely to get locked out after relatively small number of guesses. Password spraying can help in an online attack, but it's still massively less stealthy than offline attack.
– Royce Williams
2 days ago





There is indeed a dramatic difference between online and offline attack. Offline, you can quickly guess triillions (fast hashes) or hundreds of thousands / millions (slow hashes) of candidate passwords against a single account, discover original plaintext, and use it to immediately log into the site without triggering any alarms. Online, if targeting a single user, your IP address(es) and/or the target user's account is likely to get locked out after relatively small number of guesses. Password spraying can help in an online attack, but it's still massively less stealthy than offline attack.
– Royce Williams
2 days ago


















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f193366%2fwhat-could-an-attacker-do-if-they-gained-access-to-pbkdf2-hashes%23new-answer', 'question_page');

);

Post as a guest
































































Comments

Post a Comment

Popular posts from this blog

What does second last employer means? [closed]

Image
Clash Royale CLAN TAG #URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0; up vote -3 down vote favorite Say, for example I have worked in the following companies, Company A => 2010 - 2011 Company B => 2011 - 2012 Company C => 2012 - Till Date Company D => Have offer Now assume Company D is asking to submit documents from my second last employer. So from the list of companies given, which company would be qualified as second last employer? software-industry employer share | improve this question asked Aug 10 '14 at 5:16 Rajaprabhu Aravindasamy 559 1 6 13 closed as off-topic by Jim G., jmort253 ♦ Aug 11 '14 at 1:58 This question appears to be off-topic. The users who voted to close gave this specific reason: "Questions seeking advice on company-specific regulations, agreements, or policies should be directed to your manager or HR department. Questions that address...
Read more

Installing NextGIS Connect into QGIS 3?

Image
Clash Royale CLAN TAG #URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0; up vote 1 down vote favorite Just acquired free version of NEXTGIS and trying to install the plugin for QGIS. It tells me it was not designed for version 3 of QGIS. How do I set up the QGIS-NEXTGIS interface then? qgis qgis-plugins nextgis share | improve this question edited 3 hours ago PolyGeo ♦ 51.9k 17 77 233 asked 4 hours ago IanGS 16 4 New contributor IanGS is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct. add a comment  |  up vote 1 down vote favorite Just acquired free version of NEXTGIS and trying to install the plugin for QGIS. It tells me it was not designed for version 3 of QGIS. How do I set up the QGIS-NEXTGIS interface then? qgis qgis-plugin...
Read more

Confectionery

Image
Prepared foods made with a lot of sugar or other cabohydrates "Sweetmeat" redirects here. For the racehorse, see Sweetmeat (horse). Not to be confused with Sweetbread. This Kransekake is a traditional Scandinavian baker's confection. Confectionery is the art of making confections , which are food items that are rich in sugar and carbohydrates. Exact definitions are difficult. [1] In general, though, confectionery is divided into two broad and somewhat overlapping categories, bakers' confections and sugar confections. [2] Bakers' confectionery, also called flour confections , includes principally sweet pastries, cakes, and similar baked goods. Sugar confectionery includes candies ( sweets in British English), candied nuts, chocolates, chewing gum, bubble gum, pastillage, and other confections that are made primarily of sugar. In some cases, chocolate confections (confections made of chocolate) are treated as a separate category, as are sugar-free versions of ...
Read more