Editing 1286: Encryptic

{{comic
| number    = 1286
| date      = November 4, 2013
| title     = Encryptic
| image     = encryptic.png
| titletext = It was bound to happen eventually. This data theft will enable almost limitless [xkcd.com/792]-style password reuse attacks in the coming weeks. There's only one group that comes out of this looking smart: Everyone who pirated Photoshop.
}}

==Explanation==
{{w|Triple DES}} is an older but still relatively secure encryption algorithm that works on 64-bit (8 character) blocks. Assuming that the passwords are stored in plain ASCII, this means that each sequence of 8 characters on the same position is always encrypted to the same result and therefore two passwords starting with “12345678” would start with the same block after being encrypted. Furthermore, this means that you can actually get a very good idea of the length of the password since anything with only one block is a password with length between 1 and 8 characters, with two blocks it has between 9 and 16 characters etc.

This way of storing passwords does not follow the recommended way of using a suitable cryptographically-secure {{w|Hash function|hash function}} that yields only a single block so that there is no way to tell the length of the password from the result. It is also a good practice to {{w|Salt (cryptography)|add a salt}} specific to each user (like their username) so that two users with the same password would not have the same hash.

Adobe also stored hints users created for their passwords. That means that an attacker knows not only if the same 8 characters are used for multiple passwords but also has some hints for guessing them. That means that common password portions should be easy to recover and that any user may be “compromised” by someone else using a part of the same password and providing a good hint. As an example, a password having three hints “Big Apple”, “Twin Towers” and “If you can make it there” is probably “New York” (or a simple variation on that). The weakness here is that no decryption and therefore no hard cracking has to take place, you just group the passwords by their encrypted blocks and try to solve them like a crossword puzzle.

It seems the examples are not taken from the actual leaked file as that [http://arstechnica.com/security/2013/11/how-an-epic-blunder-by-adobe-could-strengthen-hand-of-password-crackers/ uses a different format].

The title text makes a reference to [[792|Black Hat’s trouble with what to do with stolen passwords]]. It also states that users of pirated Photoshop are the winners here. This is because in order to make Photoshop pirate-able, it was modified (cracked) by removing the requirement for registration so their passwords were not sent to Adobe and therefore are not present in the leaked file.

The title itself is a reference to [http://en.wikipedia.org/wiki/Cryptic_crossword cryptic crosswords]

==Passwords==
Note that characters in the passwords could be upper or lower case, and they may involve common substitutions like "0" (number zero) for "O" (letter O); therefore, the clues cannot guarantee that the answer shown here is precisely correct.  Nevertheless, we have plenty of information for a brute force attack.

{|class="wikitable"
! Input
! Hint
! Password
! Explanation
|-
|<tt>4e18acc1ab27a2d6</tt>
|weather vane sword
|<tt>matthias</tt>
|In ''Redwall'', several characters are associated with a sword hung from a weather vane, but only Matthias shares the name of an apostle (6 lines down).
|-
|<tt>4e18acc1ab27a2d6</tt>
|
|<tt>matthias</tt>
|Although no hint was used, we know this password too, since it matches the previous one.
|-
|<tt>4e18acc1ab27a2d6&nbsp;a0a2876eb1ea1fea</tt>
|name1
|<tt>matthias1</tt>
|Even without knowing the user's name, we already know how this starts, so the clue gives us a pretty good idea how it finishes (and another block useful 2 lines down)
|-
|<tt>8babb6299e06eb6d</tt>
|duh
|<tt>password</tt>
|Unfortunately, this is all too common, and the user practically told us that it's an easy one.
|-
|<tt>8babb6299e06eb6d&nbsp;a0a2876eb1ea1fea</tt>
|
|<tt>password1</tt>
|Although no hint was used, we know this by combining the previous two.
|-
|<tt>8babb6299e06eb6d&nbsp;85e9da81a8a78adc</tt>
|57
|<tt>password57</tt>
|Since we know how this begins, this is a good guess.
|-
|<tt>4e18acc1ab27a2d6</tt>
|favorite of 12 apostles
|<tt>matthias</tt>
|This has only 12 possibilities to begin with (plus variant spellings, variant lists, and one replacement), but actually we know already which one by combining with the clue 6 lines up.
|-
|<tt>1ab29ae86da6e5ca&nbsp;7a2d6a0a2876eb1e</tt>
|with your own hand you have done all this
|<tt>Judith1510</tt>
|This is a quotation from Judith 15:10.
|-
|<tt>a1f9b2b6299e7a2b&nbsp;eadec1e6ab797397</tt>
|sexy earlobes
|<tt>Charlie&nbsp;Sheen</tt>
|This refers to an episode of ''Two and a Half Men''.  Other answers are possible, but only this one fits the next line.
|-
|<tt>a1f9b2b6299e7a2b&nbsp;617ab0277727ad85</tt>
|best TOS episode
|<tt>Charlie&nbsp;X</tt>
|"TOS" refers to the original series of ''Star Trek''.  Although this had dozens of episodes, only one fits the previous line.
|-
|<tt>39738b7adb0b8af7&nbsp;617ab0277727ad85</tt>
|Sugarland
|<tt>HoustonTX</tt>
|Sugarland is a suburb of Houston, Texas.  This fits with the previous line.
|-
|<tt>1ab29ae86da6e5ca</tt>
|name + jersey#
|<tt>Judith15</tt>
|Even if we knew this user's name, we wouldn't know their jersey number.  But the clue 4 lines up already gave us the answer.
|-
|<tt>877ab7889d3862b1</tt>
|alpha
|<tt>abc</tt>
|This password is also far too common, but this clue still isn't enough to narrow it down.  Combine with the clue 3 lines below, however, and it's quite easy.
|-
|<tt>877ab7889d3862b1</tt>
|
|<tt>abc</tt>
|No hint, but the same as the surrounding passwords.
|-
|<tt>877ab7889d3862b1</tt>
|
|<tt>abc</tt>
|No hint, but the same as the surrounding passwords.
|-
|<tt>877ab7889d3862b1</tt>
|Michael Jackson
|<tt>abc</tt>
|Michael Jackson did many songs, but only one was alphabetical (3 lines up).
|-
|<tt>38a7c9279cadeb44&nbsp;9dca1d79d4dec6d5</tt>
|
|
|No hint, but the same as the one below.
|-
|<tt>38a7c9279cadeb44&nbsp;9dca1d79d4dec6d5</tt>
|he did the MASH, he did the
|
|
|
|-
|<tt>38a7c9279cadeb44</tt>
|Purloined
|
|
|-
|<tt>a8ae5754a2b7af7a&nbsp;9dca1d79d4dec6d5</tt>
|fav water-3 Pokemon
|
|''second block is "Mash" per two lines up''
|-
|}

==Transcript==
:Hackers recently leaked '''''153 million''''' Adobe user emails, encrypted passwords, and password hints.
:Adobe encrypted the passwords improperly, misusing block-mode 3DES. The result is something wonderful:

<pre>
User password                      Hint
-------------                      ----

4e18acc1ab27a2d6                   weather vane sword
4e18acc1ab27a2d6
4e18acc1ab27a2d6 a0a2876eb1ea1fea  name1
8babb6299e06eb6d                   duh
8babb6299e06eb6d a0a2876eb1ea1fea
8babb6299e06eb6d 85e9da81a8a78adc  57
4e18acc1ab27a2d6                   favorite of 12 apostles
1ab29ae86da6e5ca 7a2d6a0a2876eb1e  with your own hand you
                                   have done all this
a1f9b2b6299e7a2b eadec1e6ab797397  sexy earlobes
a1f9b2b6299e7a2b 617ab0277727ad85  best tos episode
39738b7adb0b8af7 617ab0277727ad85  sugarland
1ab29ae86da6e5ca                   name + jersey#
877ab7889d3862b1                   alpha
877ab7889d3862b1
877ab7889d3862b1
877ab7889d3862b1                   obvious
877ab7889d3862b1                   Michael Jackson
38a7c9279cadeb44 9dca1d79d4dec6d5
38a7c9279cadeb44 9dca1d79d4dec6d5  he did the MASH, he did the
38a7c9279cadeb44                   Purloined
a8ae5754a2b7af7a 9dca1d79d4dec6d5  fav water-3 pokemon
</pre>

:The greatest crossword puzzle in the history of the world

{{comic discussion}}

[[Category:Comics with color]]
@@ Line 8: / Line 8: @@
 ==Explanation==
-Web sites and other computers that authenticate users via passwords need to be able to know if the user typed in the right password. But storing the password itself on the computer has been known to be unnecessarily risky since the publication of [http://www.neurosecurity.com/articles/security/passwd.pdf Password Security: A Case History] in 1978. In that paper, Robert Morris and Ken Thompson demonstrated the practice of using a slow, cryptographically-secure one-way {{w|hash function}}, so that even if the password file is stolen, it will be very hard to figure out what the passwords are, so long as the passwords themselves are suitably complex. They also pioneered the use of {{w|Salt (cryptography)|a "salt"}} which makes each password hash completely different even if two users use the same password. See [http://security.blogoverflow.com/2011/07/a-tour-of-password-questions-and-answers/ A tour of password questions and answers] for background on salts and suitably slow hash functions.
+{{w|Triple DES}} is an older but still relatively secure encryption algorithm that works on 64-bit (8 character) blocks. Assuming that the passwords are stored in plain ASCII, this means that each sequence of 8 characters on the same position is always encrypted to the same result and therefore two passwords starting with “12345678” would start with the same block after being encrypted. Furthermore, this means that you can actually get a very good idea of the length of the password since anything with only one block is a password with length between 1 and 8 characters, with two blocks it has between 9 and 16 characters etc.
-Adobe, however, ignored these well-known principles, and instead stored over a hundred million passwords in a reversibly encrypted way, using a terrible choice of encryption methods which exposes a great deal of information about the passwords, and does not involve a salt. This password database was recently obtained by someone and released on the Internet.
+This way of storing passwords does not follow the recommended way of using a suitable cryptographically-secure {{w|Hash function|hash function}} that yields only a single block so that there is no way to tell the length of the password from the result. It is also a good practice to {{w|Salt (cryptography)|add a salt}} specific to each user (like their username) so that two users with the same password would not have the same hash.
-In particular, Adobe used {{w|Triple DES}}, an older encryption algorithm which can still be relatively secure when properly used, but they {{w|Electronic codebook|used it improperly}}. It works on 64-bit (8 character) blocks. Assuming that the passwords are stored in plain ASCII, this means that a sequence of 8 characters in a password which starts on a character position which is a multiple of eight is always encrypted to the same result. Therefore, two passwords starting with "12345678" would start with the same block after being encrypted. Furthermore, this means that you can actually get a very good idea of the length of the password since anything with only one block is a password with length between 1 and 8 characters, and having two blocks implies it has between 9 and 16 characters, etc.
+Adobe also stored hints users created for their passwords. That means that an attacker knows not only if the same 8 characters are used for multiple passwords but also has some hints for guessing them. That means that common password portions should be easy to recover and that any user may be “compromised” by someone else using a part of the same password and providing a good hint. As an example, a password having three hints “Big Apple”, “Twin Towers” and “If you can make it there” is probably “New York” (or a simple variation on that). The weakness here is that no decryption and therefore no hard cracking has to take place, you just group the passwords by their encrypted blocks and try to solve them like a crossword puzzle.
-Adobe also stored hints users created for their passwords. That means that an attacker knows not only if the same 8 characters are used for multiple passwords but also has some hints for guessing them. That means that common password portions should be easy to recover and that any user may be "compromised" by someone else using a part of the same password and providing a good hint. As an example, a password having three hints "Big Apple", "Twin Towers" and "If you can make it there" is probably "New York" or a simple variation on that. The weakness here is that no decryption and therefore no hard cracking has to take place, you just group the passwords by their encrypted blocks and try to solve them like a crossword puzzle. These weaknesses have already been used to presumably identify a password used by {{w|Edward Snowden}}, as discussed at [http://7habitsofhighlyeffectivehackers.blogspot.com/2013/11/can-someone-be-targeted-using-adobe.html 7 Habits of Highly Effective Hackers: Can someone be targeted using the Adobe breach?].
+It seems the examples are not taken from the actual leaked file as that [http://arstechnica.com/security/2013/11/how-an-epic-blunder-by-adobe-could-strengthen-hand-of-password-crackers/ uses a different format].
-The examples are not taken from the actual leaked file, since that [http://arstechnica.com/security/2013/11/how-an-epic-blunder-by-adobe-could-strengthen-hand-of-password-crackers/ uses a different format], and the examples are evidently cleverly crafted to make a nice crossword-like puzzle, which can be solved as shown in the Passwords section below.
+The title text makes a reference to [[792|Black Hat’s trouble with what to do with stolen passwords]]. It also states that users of pirated Photoshop are the winners here. This is because in order to make Photoshop pirate-able, it was modified (cracked) by removing the requirement for registration so their passwords were not sent to Adobe and therefore are not present in the leaked file.
-As mentioned on http://filosottile.github.io/analyzing-the-adobe-leaked-passwords/ the data in the comic isn't real and contains a hidden message. If the "user password" hashes are Base64 encoded, they read:
+The title itself is a reference to [http://en.wikipedia.org/wiki/Cryptic_crossword cryptic crosswords]
-<pre>ThiswasnotagooduseofyourtimeButthenagainitwasprobablynotagooduseofmytimeeith
-erAndyethereweareXOXOXOLetsLiveHereInThisTinySecretEncodedTextWorldForever==</pre>
-More readable:
+==Passwords==
-<pre>This was not a good use of your time
+Note that characters in the passwords could be upper or lower case, and they may involve common substitutions like "0" (number zero) for "O" (letter O); therefore, the clues cannot guarantee that the answer shown here is precisely correct.  Nevertheless, we have plenty of information for a brute force attack.
-But then again it was probably not a good use of my time either
-And yet here we are
-XOXOXO
-Lets Live Here In This Tiny Secret Encoded Text World Forever</pre>
-E.g., with the initial unique hash blocks: <tt>python2 -c "print '4e18acc1ab27a2d6a0a2876eb1ea1fca'.decode('hex_codec').encode('base64')"</tt>
-The last letter "r" is not fully encoded in the data shown, but any letter from "g" to "v" produces the same binary data.
-===Title Text===
-The title text makes a reference to a previous comic: [[792|Black Hat's trouble with what to do with stolen passwords]]. It also states that users of pirated Photoshop are the winners here. This is because in order to make Photoshop pirate-able, it was modified (cracked) by removing the requirement for registration so their passwords were not sent to Adobe and therefore are not present in the leaked file.
-Soon after this comic was published, the most common 1000 passwords were actually compiled into [http://zed0.co.uk/crossword/ a set of 10 interactive online crosswords], inspired by the comic.
-The title itself is a reference to {{w|cryptic crossword}}s. (see [[2032: Word Puzzles]])
-===Passwords===
-Note that characters in the passwords could be upper or lower case, and they may involve common substitutions like "0" (number zero) for "O" (letter O); therefore, the clues cannot guarantee that the answer shown here is precisely correct. Nevertheless, we have plenty of information for a brute force attack.
 {|class="wikitable"
@@ Line 51: / Line 31: @@
 |<tt>4e18acc1ab27a2d6</tt>
 |weather vane sword
-|<tt>[http://redwall.wikia.com/wiki/Matthias matthias]</tt>
+|<tt>matthias</tt>
-|In ''{{w|Redwall}}'', several characters are associated with a sword hung from a weather vane, but only Matthias shares the name of an apostle (6 lines down).
+|In ''Redwall'', several characters are associated with a sword hung from a weather vane, but only Matthias shares the name of an apostle (6 lines down).
 |-
 |<tt>4e18acc1ab27a2d6</tt>
@@ Line 59: / Line 39: @@
 |Although no hint was used, we know this password too, since it matches the previous one.
 |-
-|<tt>4e18acc1ab27a2d6&nbsp;a0a2876eb1ea1fca</tt>
+|<tt>4e18acc1ab27a2d6&nbsp;a0a2876eb1ea1fea</tt>
 |name1
 |<tt>matthias1</tt>
@@ Line 69: / Line 49: @@
 |Unfortunately, this is all too common, and the user practically told us that it's an easy one.
 |-
-|<tt>8babb6299e06eb6d&nbsp;a0a2876eb1ea1fca</tt>
+|<tt>8babb6299e06eb6d&nbsp;a0a2876eb1ea1fea</tt>
 |
 |<tt>password1</tt>
@@ Line 80: / Line 60: @@
 |-
 |<tt>4e18acc1ab27a2d6</tt>
-|favorite of {{w|Apostle (Christian)|12 apostles}}
+|favorite of 12 apostles
-|<tt>{{w|Saint Matthias|matthias}}</tt>
+|<tt>matthias</tt>
-|The hint suggests only 12 possibilities. Variant spellings, variant lists, and a replacement for Judas add to that number. But we already know which one by combining with the clue 6 lines up. (Surprise: it's the replacement!)
+|This has only 12 possibilities to begin with (plus variant spellings, variant lists, and one replacement), but actually we know already which one by combining with the clue 6 lines up.
 |-
 |<tt>1ab29ae86da6e5ca&nbsp;7a2d6a0a2876eb1e</tt>
 |with your own hand you have done all this
 |<tt>Judith1510</tt>
-|This is a quotation from [http://www.biblestudytools.com/nrsa/judith/15-10.html Judith 15:10] in the Bible.
+|This is a quotation from Judith 15:10.
 |-
 |<tt>a1f9b2b6299e7a2b&nbsp;eadec1e6ab797397</tt>
 |sexy earlobes
-|<tt>{{w|Charlie Sheen|Charlie&nbsp;Sheen}}</tt>
+|<tt>Charlie&nbsp;Sheen</tt>
-|This refers to an episode of ''{{w|Two and a Half Men}}''.  Other answers are possible, but only this one fits the next line.
+|This refers to an episode of ''Two and a Half Men''.  Other answers are possible, but only this one fits the next line.
 |-
 |<tt>a1f9b2b6299e7a2b&nbsp;617ab0277727ad85</tt>
 |best TOS episode
-|<tt>{{w|Charlie X|Charlie&nbsp;X}}</tt>
+|<tt>Charlie&nbsp;X</tt>
-|"{{w|Star Trek: The Original Series|TOS}}" refers to The Original Series (TOS) of ''{{w|Star Trek}}''.  Although this had dozens of episodes, only one fits the previous line as well as the next line.
+|"TOS" refers to the original series of ''Star Trek''.  Although this had dozens of episodes, only one fits the previous line.
 |-
 |<tt>39738b7adb0b8af7&nbsp;617ab0277727ad85</tt>
 |Sugarland
 |<tt>HoustonTX</tt>
-|{{w|Sugar Land, Texas|Sugar Land}} is a suburb of {{w|Houston}}, {{w|Texas}}.  This fits with the previous line. {{w|Sugarland}} is a band, but it does not fit well with the previous hint, and would not lead to our first guess.
+|Sugarland is a suburb of Houston, Texas.  This fits with the previous line.
 |-
 |<tt>1ab29ae86da6e5ca</tt>
@@ Line 112: / Line 92: @@
 |alpha
 |<tt>abc</tt>
-|This password is also far too common, but this clue still isn't enough to narrow it down.  Combine with the clue 4 lines below, however, and it's quite easy.
+|This password is also far too common, but this clue still isn't enough to narrow it down.  Combine with the clue 3 lines below, however, and it's quite easy.
 |-
 |<tt>877ab7889d3862b1</tt>
@@ Line 123: / Line 103: @@
 |<tt>abc</tt>
 |No hint, but the same as the surrounding passwords.
-|-
-|<tt>877ab7889d3862b1</tt>
-|obvious
-|<tt>abc</tt>
-|Same as the surrounding passwords.
 |-
 |<tt>877ab7889d3862b1</tt>
 |Michael Jackson
 |<tt>abc</tt>
-|{{w|Michael Jackson}} did many songs, but only one was {{w|ABC (The Jackson 5 song)|alphabetical}} (4 lines up).
+|Michael Jackson did many songs, but only one was alphabetical (3 lines up).
 |-
 |<tt>38a7c9279cadeb44&nbsp;9dca1d79d4dec6d5</tt>
 |
-|<tt>asdfghjkl</tt>
+|
 |No hint, but the same as the one below.
 |-
 |<tt>38a7c9279cadeb44&nbsp;9dca1d79d4dec6d5</tt>
-|he did the mash, he did the
+|he did the MASH, he did the
-|<tt>asdfghjkl</tt>
+|
-|Probably a "keyboard mash" (e.g. asdfghjkl), a common password. The hint is a reference to the song "{{w|Monster Mash}}" ("He did the mash/He did the monster mash").
+|
+|
 |-
 |<tt>38a7c9279cadeb44</tt>
-|purloined
+|Purloined
-|<tt>asdfghjk</tt>
+|
-|A reference to the {{w|Edgar Allan Poe}} story "{{w|The Purloined Letter}}", this represents all the keys of the home row, or the keyboard mash password, but with one missing ("[[:wikt:purloin|purloin]]ed") letter.
+|
 |-
-|<tt>a8ae5745a2b7af7a&nbsp;9dca1d79d4dec6d5</tt>
+|<tt>a8ae5754a2b7af7a&nbsp;9dca1d79d4dec6d5</tt>
-|fav water-3 {{w|List_of_Pokémon|Pokemon}}
+|fav water-3 Pokemon
-|<tt>[http://bulbapedia.bulbagarden.net/wiki/Tentacool_(Pok%C3%A9mon) Tentacool]</tt>
+|
-|This is the only [http://bulbapedia.bulbagarden.net/wiki/Water_3_%28Egg_Group%29 water-3] Pokémon with a 9 letter name ending in "l", so it must be this to fit with the password 'asdfghjkl'.
+|''second block is "Mash" per two lines up''
 |-
 |}
 ==Transcript==
-:[Caption above the panel:]
 :Hackers recently leaked '''''153 million''''' Adobe user emails, encrypted passwords, and password hints.
 :Adobe encrypted the passwords improperly, misusing block-mode 3DES. The result is something wonderful:
@@ Line 167: / Line 142: @@
 e18acc1ab27a2d6                   weather vane sword
 e18acc1ab27a2d6
-e18acc1ab27a2d6 a0a2876eb1ea1fca  name1
+e18acc1ab27a2d6 a0a2876eb1ea1fea  name1
 babb6299e06eb6d                   duh
-babb6299e06eb6d a0a2876eb1ea1fca
+babb6299e06eb6d a0a2876eb1ea1fea
 babb6299e06eb6d 85e9da81a8a78adc  57
 e18acc1ab27a2d6                   favorite of 12 apostles
@@ Line 184: / Line 159: @@
 ab7889d3862b1                   Michael Jackson
 a7c9279cadeb44 9dca1d79d4dec6d5
-a7c9279cadeb44 9dca1d79d4dec6d5  he did the mash, he did the
+a7c9279cadeb44 9dca1d79d4dec6d5  he did the MASH, he did the
-a7c9279cadeb44                   purloined
+a7c9279cadeb44                   Purloined
-a8ae5745a2b7af7a 9dca1d79d4dec6d5  fav water-3 pokemon
+a8ae5754a2b7af7a 9dca1d79d4dec6d5  fav water-3 pokemon
 </pre>
-:[Caption below the panel:]
 :The greatest crossword puzzle in the history of the world
 {{comic discussion}}
 [[Category:Comics with color]]
-[[Category:Pokémon]]
-[[Category:Cryptography]]
-[[Category:Star Trek]]
-[[Category:Redwall]]