Editing 1286: Encryptic

Jump to: navigation, search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision Your text
Line 8: Line 8:
  
 
==Explanation==
 
==Explanation==
Web sites and other computers that authenticate users via passwords need to be able to know if the user typed in the right password. But storing the password itself on the computer has been known to be unnecessarily risky since the publication of [http://www.neurosecurity.com/articles/security/passwd.pdf Password Security: A Case History] in 1978. In that paper, Robert Morris and Ken Thompson demonstrated the practice of using a slow, cryptographically-secure one-way {{w|hash function}}, so that even if the password file is stolen, it will be very hard to figure out what the passwords are, so long as the passwords themselves are suitably complex. They also pioneered the use of {{w|Salt (cryptography)|a "salt"}} which makes each password hash completely different even if two users use the same password. See [http://security.blogoverflow.com/2011/07/a-tour-of-password-questions-and-answers/ A tour of password questions and answers] for background on salts and suitably slow hash functions.
+
Web sites and other computers that authenticate users via passwords need to be able to know if the user typed in the right password. But storing the password itself on the computer has been known to be unnecessarily risky since the publication of [http://www.neurosecurity.com/articles/security/passwd.pdf Password Security: A Case History] in 1978. In that paper, Robert Morris and Ken Thompson demonstrated the practice of using a slow, cryptographically-secure one-way {{w|hash function}}, so that even if the password file is stolen, it will be very hard to figure out what the passwords are, so long as the passwords themselves are suitably complex. They also pioneered the use of {{w|Salt (cryptography)|a "salt"}} which makes each password hash completely different even if two users use the same password. See [http://security.blogoverflow.com/2011/07/a-tour-of-password-questions-and-answers/ A tour of password questions and answers] for background on salts and suitably slow hash functions.
  
Adobe, however, ignored these well-known principles, and instead stored over a hundred million passwords in a reversibly encrypted way, using a terrible choice of encryption methods which exposes a great deal of information about the passwords, and does not involve a salt. This password database was recently obtained by someone and released on the Internet.
+
Adobe, however, ignored these well-known principles, and instead stored over a hundred million passwords in a reversibly encrypted way, using a terrible choice of encryption methods which exposes a great deal of information about the passwords, and does not involve a salt. This password database was recently obtained by someone and released on the Internet.
  
In particular, Adobe used {{w|Triple DES}}, an older encryption algorithm which can still be relatively secure when properly used, but they {{w|Electronic codebook|used it improperly}}. It works on 64-bit (8 character) blocks. Assuming that the passwords are stored in plain ASCII, this means that a sequence of 8 characters in a password which starts on a character position which is a multiple of eight is always encrypted to the same result. Therefore, two passwords starting with "12345678" would start with the same block after being encrypted. Furthermore, this means that you can actually get a very good idea of the length of the password since anything with only one block is a password with length between 1 and 8 characters, and having two blocks implies it has between 9 and 16 characters, etc.
+
In particular, Adobe used {{w|Triple DES}}, an older encryption algorithm which can still be relatively secure when properly used but they used it improperly. It works on 64-bit (8 character) blocks. Assuming that the passwords are stored in plain ASCII, this means that a sequence of 8 characters in a password which starts on a character position which is a multiple of eight is always encrypted to the same result. Therefore two passwords starting with "12345678" would start with the same block after being encrypted. Furthermore, this means that you can actually get a very good idea of the length of the password since anything with only one block is a password with length between 1 and 8 characters, and having two blocks implies it has between 9 and 16 characters, etc.
  
Adobe also stored hints users created for their passwords. That means that an attacker knows not only if the same 8 characters are used for multiple passwords but also has some hints for guessing them. That means that common password portions should be easy to recover and that any user may be "compromised" by someone else using a part of the same password and providing a good hint. As an example, a password having three hints "Big Apple", "Twin Towers" and "If you can make it there" is probably "New York" or a simple variation on that. The weakness here is that no decryption and therefore no hard cracking has to take place, you just group the passwords by their encrypted blocks and try to solve them like a crossword puzzle. These weaknesses have already been used to presumably identify a password used by {{w|Edward Snowden}}, as discussed at [http://7habitsofhighlyeffectivehackers.blogspot.com/2013/11/can-someone-be-targeted-using-adobe.html 7 Habits of Highly Effective Hackers: Can someone be targeted using the Adobe breach?].
+
Adobe also stored hints users created for their passwords. That means that an attacker knows not only if the same 8 characters are used for multiple passwords but also has some hints for guessing them. That means that common password portions should be easy to recover and that any user may be "compromised" by someone else using a part of the same password and providing a good hint. As an example, a password having three hints "Big Apple", "Twin Towers" and "If you can make it there" is probably "New York" (or a simple variation on that). The weakness here is that no decryption and therefore no hard cracking has to take place, you just group the passwords by their encrypted blocks and try to solve them like a crossword puzzle. These weaknesses have already been used to presumably identify a password used by {{w|Edward Snowden}}, as discussed at [http://7habitsofhighlyeffectivehackers.blogspot.com/2013/11/can-someone-be-targeted-using-adobe.html 7 Habits of Highly Effective Hackers: Can someone be targeted using the Adobe breach?].
  
 
The examples are not taken from the actual leaked file, since that [http://arstechnica.com/security/2013/11/how-an-epic-blunder-by-adobe-could-strengthen-hand-of-password-crackers/ uses a different format], and the examples are evidently cleverly crafted to make a nice crossword-like puzzle, which can be solved as shown in the Passwords section below.
 
The examples are not taken from the actual leaked file, since that [http://arstechnica.com/security/2013/11/how-an-epic-blunder-by-adobe-could-strengthen-hand-of-password-crackers/ uses a different format], and the examples are evidently cleverly crafted to make a nice crossword-like puzzle, which can be solved as shown in the Passwords section below.
  
As mentioned on http://filosottile.github.io/analyzing-the-adobe-leaked-passwords/ the data in the comic isn't real and contains a hidden message. If the "user password" hashes are Base64 encoded, they read:
+
As mentioned on http://filosottile.github.io/analyzing-the-adobe-leaked-passwords/ the data in the comic isn't real and contains a hidden message.
 +
If the "user password" hashes are Base64 encoded, they read:
 
<pre>ThiswasnotagooduseofyourtimeButthenagainitwasprobablynotagooduseofmytimeeith
 
<pre>ThiswasnotagooduseofyourtimeButthenagainitwasprobablynotagooduseofmytimeeith
 
erAndyethereweareXOXOXOLetsLiveHereInThisTinySecretEncodedTextWorldForever==</pre>
 
erAndyethereweareXOXOXOLetsLiveHereInThisTinySecretEncodedTextWorldForever==</pre>
  
More readable:
+
E.g., with the initial unique hash blocks: <tt>python -c "print '4e18acc1ab27a2d6a0a2876eb1ea1fca'.decode('hex_codec').encode('base64')"</tt>
<pre>This was not a good use of your time
 
But then again it was probably not a good use of my time either
 
And yet here we are
 
XOXOXO
 
Lets Live Here In This Tiny Secret Encoded Text World Forever</pre>
 
 
 
E.g., with the initial unique hash blocks: <tt>python2 -c "print '4e18acc1ab27a2d6a0a2876eb1ea1fca'.decode('hex_codec').encode('base64')"</tt>
 
  
 
The last letter "r" is not fully encoded in the data shown, but any letter from "g" to "v" produces the same binary data.
 
The last letter "r" is not fully encoded in the data shown, but any letter from "g" to "v" produces the same binary data.
  
===Title Text===
 
 
The title text makes a reference to a previous comic: [[792|Black Hat's trouble with what to do with stolen passwords]]. It also states that users of pirated Photoshop are the winners here. This is because in order to make Photoshop pirate-able, it was modified (cracked) by removing the requirement for registration so their passwords were not sent to Adobe and therefore are not present in the leaked file.
 
The title text makes a reference to a previous comic: [[792|Black Hat's trouble with what to do with stolen passwords]]. It also states that users of pirated Photoshop are the winners here. This is because in order to make Photoshop pirate-able, it was modified (cracked) by removing the requirement for registration so their passwords were not sent to Adobe and therefore are not present in the leaked file.
  
Soon after this comic was published, the most common 1000 passwords were actually compiled into [http://zed0.co.uk/crossword/ a set of 10 interactive online crosswords], inspired by the comic.
+
The title itself is a reference to [http://en.wikipedia.org/wiki/Cryptic_crossword cryptic crosswords]
  
The title itself is a reference to {{w|cryptic crossword}}s. (see [[2032: Word Puzzles]])
+
==Passwords==
 
+
Note that characters in the passwords could be upper or lower case, and they may involve common substitutions like "0" (number zero) for "O" (letter O); therefore, the clues cannot guarantee that the answer shown here is precisely correct. Nevertheless, we have plenty of information for a brute force attack.
===Passwords===
 
Note that characters in the passwords could be upper or lower case, and they may involve common substitutions like "0" (number zero) for "O" (letter O); therefore, the clues cannot guarantee that the answer shown here is precisely correct. Nevertheless, we have plenty of information for a brute force attack.
 
  
 
{|class="wikitable"
 
{|class="wikitable"
Line 97: Line 88:
 
|best TOS episode
 
|best TOS episode
 
|<tt>{{w|Charlie X|Charlie&nbsp;X}}</tt>
 
|<tt>{{w|Charlie X|Charlie&nbsp;X}}</tt>
|"{{w|Star Trek: The Original Series|TOS}}" refers to The Original Series (TOS) of ''{{w|Star Trek}}''.  Although this had dozens of episodes, only one fits the previous line as well as the next line.
+
|"{{w|Star Trek: The Original Series|TOS}}" refers to the original series of ''{{w|Star Trek}}''.  Although this had dozens of episodes, only one fits the previous line as well as the next line.
 
|-
 
|-
 
|<tt>39738b7adb0b8af7&nbsp;617ab0277727ad85</tt>
 
|<tt>39738b7adb0b8af7&nbsp;617ab0277727ad85</tt>
Line 132: Line 123:
 
|Michael Jackson
 
|Michael Jackson
 
|<tt>abc</tt>
 
|<tt>abc</tt>
|{{w|Michael Jackson}} did many songs, but only one was {{w|ABC (The Jackson 5 song)|alphabetical}} (4 lines up).
+
|{{w|Michael Jackson}} did many songs, but only one was {{w|ABC (song)|alphabetical}} (4 lines up).
 
|-
 
|-
 
|<tt>38a7c9279cadeb44&nbsp;9dca1d79d4dec6d5</tt>
 
|<tt>38a7c9279cadeb44&nbsp;9dca1d79d4dec6d5</tt>
Line 147: Line 138:
 
|purloined
 
|purloined
 
|<tt>asdfghjk</tt>
 
|<tt>asdfghjk</tt>
|A reference to the {{w|Edgar Allan Poe}} story "{{w|The Purloined Letter}}", this represents all the keys of the home row, or the keyboard mash password, but with one missing ("[[:wikt:purloin|purloin]]ed") letter.
+
|A reference to the {{w|Edgar Allan Poe}} story "{{w|The Purloined Letter}}", this represents all the keys of the home row, or the keyboard mash password, but with one missing("purloined") letter.
 
|-
 
|-
 
|<tt>a8ae5745a2b7af7a&nbsp;9dca1d79d4dec6d5</tt>
 
|<tt>a8ae5745a2b7af7a&nbsp;9dca1d79d4dec6d5</tt>
 
|fav water-3 {{w|List_of_Pokémon|Pokemon}}
 
|fav water-3 {{w|List_of_Pokémon|Pokemon}}
 
|<tt>[http://bulbapedia.bulbagarden.net/wiki/Tentacool_(Pok%C3%A9mon) Tentacool]</tt>
 
|<tt>[http://bulbapedia.bulbagarden.net/wiki/Tentacool_(Pok%C3%A9mon) Tentacool]</tt>
|This is the only [http://bulbapedia.bulbagarden.net/wiki/Water_3_%28Egg_Group%29 water-3] Pokémon with a 9 letter name ending in "l", so it must be this to fit with the password 'asdfghjkl'.
+
|This is the only [http://bulbapedia.bulbagarden.net/wiki/Water_3_%28Egg_Group%29 water-3] Pokémon with a 9 letter name ending in "l", so it must be this to fit with the password 'asdfghjkl'
 
|-
 
|-
 
|}
 
|}
  
 
==Transcript==
 
==Transcript==
:[Caption above the panel:]
 
 
:Hackers recently leaked '''''153 million''''' Adobe user emails, encrypted passwords, and password hints.
 
:Hackers recently leaked '''''153 million''''' Adobe user emails, encrypted passwords, and password hints.
 
:Adobe encrypted the passwords improperly, misusing block-mode 3DES. The result is something wonderful:
 
:Adobe encrypted the passwords improperly, misusing block-mode 3DES. The result is something wonderful:
Line 189: Line 179:
 
</pre>
 
</pre>
  
:[Caption below the panel:]
 
 
:The greatest crossword puzzle in the history of the world
 
:The greatest crossword puzzle in the history of the world
  
 
{{comic discussion}}
 
{{comic discussion}}
 +
 
[[Category:Comics with color]]
 
[[Category:Comics with color]]
 
[[Category:Pokémon]]
 
[[Category:Pokémon]]
 
[[Category:Cryptography]]
 
[[Category:Cryptography]]
[[Category:Star Trek]]
 
[[Category:Redwall]]
 

Please note that all contributions to explain xkcd may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see explain xkcd:Copyrights for details). Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following CAPTCHA:

Cancel | Editing help (opens in new window)

Templates used on this page:

Retrieved from "https://www.explainxkcd.com/wiki/index.php/1286:_Encryptic"