When adult infidelity site Ashley Madison was breached in July, exposing 37 million users to risk, not all was lost. While usernames and email addresses were exposed publicly, the actual user accounts were still protected by a password—and that password wasn’t stored in clear-text, but instead protected by one of the more robust protection mechanisms.
Security vendor Avast looked at the Ashley Madison database leak, which included passwords that were encrypted with bcrypt. Bcrypt is a secure hashing algorithm for good passwords—that is, passwords that are not trivial to guess, according to Ross Dickey, senior systems engineer at Avast.
“The usernames and emails were not encrypted, and full credit card numbers were not part of the leak,” Dickey told eWEEK. Just the last four digits of the credit cards used to make payments, as well as the names on the cards and addresses associated with them, were leaked, he said.
“The only piece encrypted with bcrypt were the passwords,” Dickey said. “Encrypting anything else with bcrypt wouldn’t make sense because you couldn’t recover it without knowing what it was in the first place.”
While bcrypt provides a secure hashing algorithm that makes it difficult to guess passwords, Dickey noted that the problem is that there is no known way to securely store the password “123456” or “password.” As such, Ashley Madison users with simple passwords are still at risk, as the passwords could be cracked even with bcrypt hashing. That said, the use of brcrypt added a significant amount of complexity and time in attempting to decrypt Ashley Madison user passwords, he said.
Avast’s researchers looked at a subset of the Ashley Madison database, examining 1 million encrypted passwords.
“Using the 500 worst passwords list, we only were able to get less than 5 percent of the 1 million passwords and, using the rockyou list, we got less than 0.01 percent of the passwords,” Dickey said. “Had these been stored as MD5 or even SHA, we would have gotten way more in that time.”
MD5 and SHA are alternative, older and less secure hashing algorithms that were once commonly deployed. Bcrypt is considered to be more secure than both MD5 and SHA for a number of reasons, not the least of which is the fact that bcrypt hashes are “salted” by default. A salt is a random data element that is included in a hash to make it more secure.
An example of what a bcrypt hash looks like, according to Dickey, is:
“$2b” means “this is bcrypt”; “$12” is the strength of the password (indicating 2^12  iterations of the algorithm will be applied); “l6H5ho1roAD/vIsL.nVpZ” is the salt; and “bkaMpYF1kc1DSANPcZn1ttQ0A5Luqyy” is the salt and the password.
“For other hashes, such as MD5 or SHA, a salt must be applied manually and stored alongside the hash in the database,” Dickey said. “This salt is not necessary for bcrypt, since the mechanism is built-in.”
By making use of the hashcat and cudaHashcat password hash cracking applications running on a system powered by a single six-core CPU, with two GTX 970 GPUs, Avast was able to crack 25,393 hashes out of the million passwords it examined. Of those 25,393 hashes, Avast found only 1,064 unique passwords.
“It means that there were 1,064 different passwords, and each of the 25,393 people picked one of those,” Dickey said.
The top password found by Avast was “123456,” which was used by 6,495 Ashley Madison users. In second place was “password,” chosen by 3,268 people.
Although the Ashley Madison database was leaked by way of a criminal attack that is being investigated by a Toronto police force-led global task force, Dickey believes there is nothing wrong with looking at the password hashes.
“We believe we acted ethically and in public interest as we are raising awareness around a security issue, which is part of our responsibility as a security company,” he said. “People need to understand the importance of strong passwords to protect themselves and their valuable data.”
Security research group Cynosure Prime has also looked at Ashley Madison passwords and is claiming that it has found a more efficient method of decrypting the hashes.
“Through the two insecure methods of $logkinkey generation observed in two different functions, we were able to gain enormous speed boosts in cracking the bcrypt hashed passwords,” Cynsosure Prime wrote.
Cynosure Prime claims that its method enabled it to decrypt millions of bcrypt hashes in days, not years. That said, the insecure functions are not present on the entire database and allowed the researchers to take advantage of the weaker MD5 hashing algorithms to decrypt passwords.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.