[Cryptography] millions of Ashley Madison bcrypt hashes cracked efficiently

[arxlight]

On 20/09/15 06:15, Bill Frantz wrote:
> On 9/19/15 at 7:47 AM, iang at iang.org (ianG) wrote:
> 
>> On 12/09/2015 01:33 am, Bill Frantz wrote:
>>> When your bank account is cracked, the bank makes it
>>> right. When you SSN is misused, there are ways to make it right.
>>> Admittedly any of these problems can be a royal PITA, but you don't lose
>>> any reputation when your accounts get cracked this way, even if your own
>>> negligence contributed to the incident.
>>
>>
>> People pointing out you can't get an SSN is interesting
>> counter-evidence.  And, there is plenty of evidence that people are
>> screwed by their banks, and not a few court cases.
> 
> I would love to have a reference for "You can't get a new SSN." Is there
> something on a government web page? But not all people are screwed by
> their banks. So being screwed by a bank falls in the "there but for the
> grace..." bucket where people can say, but it won't affect me.

I cannot give you that reference, since the assertion "you can't get an
[a replacement] SSN" is false.  I can give you the opposite reference:

"Should you get a new Social Security number?

If you have done all you can to fix the problems resulting from misuse
of your Social Security number and someone still is using your number,
we may assign you a new number."

See: http://www.ssa.gov/pubs/EN-05-10064.pdf

This has actually been the case for a long time and while it's an uphill
climb against the headwinds of a thousand apathetic junior
administrators in an organization with the political inertia of a small
to medium sized neutron star, it's not impossible.

However, you may wish to sprinkle that pamphlet with some skepticism
given it also asserts:

"Your number is confidential

The Social Security Administration protects your Social Security number
and keeps your records confidential. We do not give your number to
anyone, except when authorized by law."

Uh huh.

Back to the matter at hand:

There's a bit of interesting identity theft abuse tolerance incentive
built in to the current SSN/IRS system which I'm not sure is entirely
accidental.  That being, so long as a third party using a number not
their own does not attempt to file fraudulent returns to collect
unearned tax refunds (seems strange to call tax refunds "earned") the
net effect is to boost the apparent Social Security contributions to the
valid holder.  This might have the effect of causing the IRS to ask
about non-reported income, but generally speaking that's easily
dismissed by showing the valid holder was simultaneously working
hundreds or thousands of miles away and not at a construction site
somewhere.

Alarmingly, and though I've seen a few of these situations before, I've
never seen the IRS circle back to the SSA and cause the additional
contributions to be corrected.  Unless the valid holder reports it
separately to the SSA those tend to persist.

Not much incentive to rock the boat.

At first blush this looks like the opposite of the dynamic involved with
Ashley Madison.  There we have a strong incentive to show that it was
possible (or to actually fabricate evidence to this effect) that a
"unique identifier" was used by multiple parties.  Someone (sorry, I
can't remember who to credit) even opined about that on this list a few
weeks ago.

But that's not the case either.  We're just looking at the party on the
other side of the dynamic.  Certainly, for the fembot programmers at
Ashley Madison the non-uniqueness (or hyper-uniqueness?) of an
identifier (multiple identifiers for the same bot infrastructure) was a
feature.  For certain parties, even some at the SSA, the non-uniqueness
of SSNs is a feature.


Going one more, fingerprints are supposed to be unique identifiers of
sorts.  But there are parties that have richly benefited from the fact
that, in practice, they aren't.  Just read an article about FBI or local
law enforcement fingerprint lab scandals for a quick example.  Also, it
seems convenient that fingerprints also act as a tracking mechanism.
Officer friendly isn't fingerprinting your kids at school JUST to
identify their decomposing corpse later.  In fact, that might not even
be the primary purpose at all.

These sorts of examples make me want to coin a phrase like:

"Unique identifiers aren't."  With apologies to whomever said "First
responders aren't."

Cryptographic challenge-response is clearly a better way to go, but even
this (with public key challenge response anyhow) depends on the "unique
identifier" of a particular public/private key combination.  At least
you can keep (or can try to keep) the "SSN" private in that case.  Even
from the overarching agency.

And, so what?  What ramifications on systems design?

Any system that leans on the supposed uniqueness of a "unique
identifier" does so at its peril.  Despite this, there are often
incentives to use it anyhow.  It didn't take long for SSNs to evolve
into an "identification" mechanism, despite the fact that those cards
bear the prohibition of that use case right on the paper.

Cryptographically, this suggests that there are reasons beyond the
apathy of the designers when a system is still using MD5 instead of
bcrypt.  It should make you just as suspicious as seeing someone still
using SSN's as a unique identifier.  If you look beyond the simple
question of the incentives for the designers (who certainly didn't want
to have to pump out thousands of public/private keypairs for their bots
even if end users would have tolerated that) you can learn a lot quickly.