Hashing and Cracking Passwords
Written by Dr. Jim Marquardson
Assistant Professor of Information Assurance and Cyber Defense
College of Business, Northern Michigan University
jimarqua@nmu.edu
updated September 24, 2020
When creating accounts, it is important to choose strong passwords. For systems developers, storing password securely is important.
Consider the following website registration form. Enter a random username and password and click the register button (but do not use your real password). The username and password will be stored in the table below.
| Username | |
| Password | |
| Username | Password |
|---|---|
| alice | kitten1! |
| zeke | idk |
Notice that your password was stored in cleartext, meaning that anybody can read it. This is a major security problem. Hashing can help protect your password.
What is a hash?
Hashes are the results of one-way functions. They take an input (such as a password) and produce a hash digest (commonly referred to simply as the hash). For example, an input might be "asdf" and the hash would be "912ec803b2ce49e4a541068d495ab570".
Use the form below to register with another fake username and password. This time, your password will be stored as a hash.
| Username | |
| Password | |
| Username | Password |
|---|---|
| alice | 6b8dca09e851a987050463c9c60603e9ad797ba09117056fc2e0c07bcac66e43 |
| zeke | f0e4c2f76c58916ec258f246851bea091d14d4247a2fc3e18694461b1816e13b |
In the table above, passwords are stored more securely. If you were to log in again, the website would check a hash of the password in the login form against the hash value stored in the database. Even if somebody hacked the database, they would not know your password. However, if you choose a poor password, there is a chance that a hacker could "crack" your password (explained later).
Hashes cannot be reversed. If you tell me your password hash, I can't just reverse the hashing algorithm and "decyrpt" your password. Instead, I may have to guess your password, hash my guess, and see if it matches your password. More cracking techniques will be explained later.
Generate a Hash
The 256 bit Secure Hash Algorithm (SHA256) is a popular hashing algorithm. Enter something in the textbox below, then click the button to generate an SHA256 hash. Change the text and generate the new SHA256 hash. Generate the hash several times for the same input by just clicking the button several times.
Text Input:
SHA256 Hashes:
Key takeaway: When the input is changed, the SHA256 hash output will change.
Other key takeaway: When the input is the same, the SHA256 hash will be the same ever time.
Notice that the SHA256 hashes only contain the digits 0-9 and the letter a-f. This is because they are hexadecimal numbers. Each character represents 4 bits (a bit is a binary 0 or 1). Instead of showing you 256 0s and 1s, a SHA256 hash can be represented by "only" 64 hexadecimal characters. The only thing you need to know about hexadecimal right now is that it's a compact way of representing a hash.
The following tables shows a number, how that number is represented in hexadecimal, and how that same number looks in binary. Computers store all information in 0s and 1s, but it can be hard for people to make sense of the data. Hexadecimal helps us see differences in hashes easier than looking at the raw binary.
| Integer | Hexadecimal Representation | Binary Representation |
|---|---|---|
| 18,730 | 492A | 0100100100101010 |
| 14,012,015,201 | 3432E6261 | 001101000011001011100110001001100001 |
| 987,654,321 | 3ADE68B1 | 00111010110111100110100010110001 |
| 15 | F | 1111 |
Types of Hashes
Many hash algorithms exist. Each algorithm is based off of mathematical formulas that produce the hash. Some algorithms are stronger than others, meaning that they produce more random results.
- Message Digest Algorithm series 5: MD5. Old and busted. Not recommended for use anymore.
- Secure Hash Algorithm 1: SHA1. Was great until Google proved it wasn't so great in 2017.
- Secure Hash Algorithm 2: SHA256. Great for hashing files. Okay for hashing (salted) passwords. Better alternatives exist for hashing passwords.
- Bcrypt. The "b" is for the blowfish cryptography algorithm. Current gold standard for password storage. Not usable for hashing files.
Key takeaways: Flaws in algorithms found by security researchers push other researchers to develop newer, better algorithms. We should use the right algorithm for the right purpose.
The form below allows you to provide an input and generate the hash of that input using several algorithms.
Text input:
| Algorithm | Hash Value |
|---|---|
| MD5 | |
| SHA1 | |
| SHA256 | |
| Bcrypt |
Notice that MD5 is the shortest, SHA1 is a bit longer, and SHA256 is the longest. SHA256 is a better algorithm than MD5 and SHA1 not only because it is longer, but because mathematically it cannot be manipulated as easily. Security experts recommend that people not use MD5 or SHA1 anymore. Lots of website have passwords stored using MD5 and SHA1.
Important note: Though bcrypt is recommended for password storage, SHA256 and other algorithms are often used to store passwords. These algorithms are often attacked by hackers. This page will walk you through how these attacks work. Not every example here represents security best practices.
For files, SHA256 is great. For passwords, bcrypt is the best choice. But because bcrypt is so secure for passwords, we'll show you how to different algorithms can be cracked. Many, many passwords on the internet are stored in insecure formats.
Hashing Different Length Inputs
Enter a single letter of the alphabet in the following text box, then calculate the hash. Take note of the size of the hash.
Single Letter:
SHA256 Hash:
Generate the hash for the long message in the textbox. Feel free to add as much text as you want.
Long Message:
SHA256 Hash:
Key takeaway: Hash algorithms have fixed length outputs. No matter how big the input, the length of the output will always be the same.
Small Input Changes → Big Hash Changes
Generate the hash for the long message in the textbox.
SHA256 Hash:
Key takeaway: A small change in the input has a drastic change on the output.
Password Cracking
In a data breach, hackers sometimes steal the database containing all usernames and hashed passwords. Hackers will try to "crack" the hashed passwords by discovering the password that will produce the same hash.
There are 3 main ways to crack passwords
- Brute force
- Dictionary attacks
- Rainbow tables
We will give you a taste of these three methods next.
Brute Force Password Cracking
The brute force method has you try every possible password to see if its hash matches the target. This method can take a very long time for long passwords (10+ characters), but computers can crack short passwords fairly quickly.
Scenario: Your brother forgot his password to a website. He knows it's a number between 10 and 20, but he forgot which one. For some reason, he knows that his password hash is 4523540f1504cd17100c4835e85b7eefd49911580f8efff0599a8f283be6b9e3. Perform a brute force attack by calculating the hash for all numbers between 10 and 20. When you find the hash "4523540f1504cd17100c4835e85b7eefd49911580f8efff0599a8f283be6b9e3," you know you found the password.
# from 10-20:
SHA256 Hash:
Is the hash "4523540f1504cd17100c4835e85b7eefd49911580f8efff0599a8f283be6b9e3"? If so, you can stop your brute force attack because you've cracked the password.
Check your answer
Brother's password:
Key takeaway: A brute force password attack requires that the hacker try all possible passwords. In this example, there were only a few passwords to check. But if somebody's password was 10 characters long, had upper case, lower case, and digits, there would be 839,299,365,868,340,224 (840,000 trillion) different possible passwords.
Dictionary Attacks
People rarely choose completely random passwords. Passwords like "wildcat," "password1," and "asdf" are surprisingly common. In a dictionary attack, the hacker tries to find a password by computing hashes of all of the values in the dictionary.
Note that when we refer to dictionaries, we aren't talking about Webster's dictionry. Instead, a dictionary in this context is just a list of words. Password dictionaries can contain words from a regular dictionary, but they might also contain millions of passwords harvested from previous data breaches.
Scenario: Your sister forgot her password to login to Spotify. She remembers that her password was the name of one of her favorite metal bands (in lower case letters), but she can't remember which. For some reason, she knows that her password hash is: bcace611c16cdaf764b84e3feb654ec432655d0c3c8063b7118393aca9e979d5. She gave you the following list of her favorite bands. Perform a dictionary attack by calculating the hash of each one until you find the matching hash.
- disturbed
- gojira
- megadeth
- metallica
- opeth
- otep
- pantera
- slayer
- slipknot
Band Name:
SHA256 Hash:
Is the hash "bcace611c16cdaf764b84e3feb654ec432655d0c3c8063b7118393aca9e979d5"? If so, you can stop your dictionary attack because you found the password.
Check Your Answer
Sister's password:
Key takeaway: Dictionary attacks can crack hashes very quickly as long as the password is in the dictionary. If a dictionary attack fails, either a brute force or rainbow attack is needed.
Rainbow Tables
Rainbow tables are huge lists of precomputed hashes. To perform a rainbow table attack, you just lookup the hash in a table, kind of like looking up a name in a phone book.
Scenario: Your dad wrote his email password hash on a sticky note: 6ca13d52ca70c883e0f0bb101e425a89e8624de51db2d2392593af6a84118090
The following table contains a list of pre-computed SHA256 hashes. The hash is on the left, and the password associated with the hash is on the right. The hashes are sorted alphabetically to make it easier for you to lookup a specific value.
| SHA256 Hash | Input |
|---|---|
| 000c285457fc971f862a79b786476c78812c8897063c6fa9c045f579a3b2d63f | monkey |
| 02317af5040dfbf07670ec23673a98f9f8e83c82a185a6ebf7c0b3bf9fec5a5f | tequiero |
| 03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4 | 1234 |
| 1c8bfe8f801d79745c4631d09fff36c82aa37fc4cce4fc946683d7b336b63032 | letmein |
| 5994471abb01112afcc18159f6cc74b4f511b99806da59b3caf5a9c173cacfc5 | 12345 |
| 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 | password |
| 65e84be33532fb784c48129675f9eff3a682b27168c0ea744b2cf58ee02337c5 | qwerty |
| 6ca13d52ca70c883e0f0bb101e425a89e8624de51db2d2392593af6a84118090 | abc123 |
| 8bb0cf6eb9b17d0f7d22b456f121257dc1254e1f01665370476383ea776df414 | 1234567 |
| 8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92 | 123456 |
| 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 | test |
| a9c43be948c5cabd56ef2bacffb77cdaa5eec49dd5eb0cc4129cf3eda5f0e74c | dragon |
| bcb15f821479b4d5772bd0ca866c00ad5f926e3580720659cc80d39c9d09802a | 111111 |
| e4ad93ca07acb8d908a3aa41e920ea4f4ef4f26e7f86cf8291c5db289780a5ae | iloveyou |
| ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f | 12345678 |
(Side note--the above table lists the 15 most commonly used passwords in the real world.)
Dad's password:
Key takeaway: Rainbow tables have big lists of precomputed hashes. Rainbow tables make cracking password extremely fast as long as the hashed password is in the lookup table.
The table above is a very small table (and not technically a "rainbow" table, but it's a good enough approximation for learning the principles). True rainbow tables can be huge. A rainbow table that can crack all MD5 hashes for passwords 1-9 characters long would need to be 690 gigabytes. The amount of disk space required to store hashes increases dramatically as password lengths increase. After 11 or 12 characters in a password, you basically need supercomputing facilities for rainbow tables.
Better Ways to Store Passwords
There are 2 major things that system designers can do to thwart would-be password crackers.
- Salt passwords
- Use bcrypt--a great password hashing algorithm
Hashing + Salting
"Salting" is the processing of adding some text to a password before computing the hash value. The salt is often kept secret, such as a secret word kept in the website source code. Hackers have a much harder time cracking passwords that have been salted.
Enter a password in the following form and generate the hashes. The first hash generated uses the password salt "sekret." The second hash does not use any salting. Notice that the hashes look totally different.
Sample password:
Salt: sekret (this would be invisible to website users)
What gets hashed:
Salted SHA256 Hash:
Unsalted SHA256 Hash:
Key takeaway: Salting passwords prevents your passwords from being cracked using standard dictionaries and rainbow tables. Brute forcing is more difficult also.
A Better Way to Hash Passwords: Bcrypt
Hash functions are okay at storing passwords. But bcrypt is a prime example of key stretching algorithms that have 2 benefits over traditional hashing algorithms:
- They include salt by default, which makes them harder to crack.
- They are intentionally slow, which makes them harder to crack.
Bcrypt would be a terrible choice for verifying the integrity of a huge movie file. But it's a fantastic choice for storing passwords.
Use the following input to create a bcrypt hash. Enter a password, then click the button to generate a bcrypt hash several times, looking at the result each time.
Input:
Bcrypt Hash:
Key takeaway: The bcrypt hash will be different each time you generate the hash, even if the input is the same.
Verifying Bcrypt Hashes
So if the same input can produce different bcrypt hashes, how can we verify that an input matches the hash? The answer is math. A lot of math. But without delving into the mathemtatical details we can at least verify that it works.
Copy these hashes into the form below. All of these hashes should match the input "wildcat." Change the input to something else (e.g. "mining") and verify that the hash does not validate.
- $2a$10$bv2fmq6sRjNF7BCe5IRzJehR1CjRu6Lg/b42iVUQHabz2Pr./Pe0i
- $2a$10$dknWo.aZVz9b2Sr2Ynep..Bh04FOCI5ykWLRjykdiSOU94r88A18W
- $2a$10$li8dL9m4Oq9EnzTJP0U8fe0kwGtzIokTvOmFIyFBzchlX7Z8UoUjK
- $2a$10$4Ue3uyqfxii.TI.7z54DT.Z.GHzRPwaJ4hL9Q/z.edeh8989pK.za
- $2a$10$BZ39vEggNsGTaj/hYw3Nf.vcxEeJlsfT/aaonBmTdlsbqE05eg73e
Input:
Bcrypt:
Result:
Key takeaway: With bcrypt, a lot of different hashes can validate to the same input. This is one reason why passwords stored using bcrypt are harder to attack.
Key System Designer Takeaways
If you are a system designer wanting to store passwords, here are the key takeaways.
- Don't store passwords in cleartext
- Storing passwords as MD5 hashes is only a bit better than storing them in cleartext
- Using SHA256 to hash salted passwords is much better than using MD5.
- Bcrypt is currently the best way to generate password hashes you should store in a database.
Key Regular Person Takeways
You might never try to crack a password in real life, but it's guaranteed that hackers will try to crack your passwords. Here are some practical recommendations for protecting yourself.
- For sensitive websites (like banking and email) use 2-factor authentication. Setup your account so that you get a text message with a verification code (a 2nd factor) if somebody is logging in from a new device.
- Don't reuse passwords. Yes, you must use a unique password on every site.
- Choose long passwords.
- Choose passwords that do not exist in a dictionary (e.g. staplemytacotomyface).
- Use a password manager so that you do not have to remember your passwords.
- Don't share your passwords with anybody.
How secure is your password?
Enter a password in the field below and click the analyze button. You will see how long it would take to crack your password. Try passwords with different lengths, add upper case, numbesr, and symbols. Try short passwords with mixed case and symbols.
Password:
Time to crack the password with a brute force attack: ??
This assumes 1 billion hashes can be checked per second. This number could be higher if a faster computer were used. Or, this number could be smaller if a better hashing algorithm (such as bcrypt) were used. This number is just an estimate. If the password can be found in a dictionary attack, for example, the password could be cracked quickly despite being long and having numbers, symbols, and lower & upper case letters.
Challenges
Hashing is an important part of modern cryptography. There is much more for you to learn about hashing, password security, password security, and security tools. Explore the following challenges to help you learn more.
Big Database of Breached Passwords
Lots of people have had their passwords compromised. Some security researchers have put together big databases of passwords that have been found in data breaches.
- Open https://haveibeenpwned.com/Passwords in a new tab.
- Search for passwords that you think might be secure. If you find a password in a list, that probably means a hacker is going to look for that password in a dictionary attack.
- What is the strangest password that you can find that has been used before? (For example, "wildcatnmu" has been found 4 times in data breaches.)
Crack an MD5 Hash
You have to find your own tools to crack hashes this time.
- Find a website that will crack MD5 hashes. (Google is your friend.)
- Use the website to determine what password produces the hash: 41fca3a29aaddd9a004fd0156a45426b.
Hash Algorithm Expiration
- Go to the Lifetimes of cryptographic hash functions web page.
- Compare MD5 and SHA-2. What does this page tell you about how long SHA-2 will be useful?
- Will human beings ever be able to create a hash algorithm that is perfect?
Password Managers
Most security professionals recommend the use of password managers. Password managers secure store your passwords on your computer or phone. An encrypted copy of your database is often stored online. Passwords managers make it easier to use unique passwords on each site. Many password managers will also automatically fill in usernames and passwords for you. It might seem like a risk to store all of your passwords in one place, but most password managers are design so that even if attackers breach the customer databases, the attackers won't have access to the passwords.
- Check out LastPass.. It has browser plugins and phone apps.
- Check out 1Password.. Compare its features to LastPass.
- Investigate other passwords managers by searching online. Which of them do you trust?
- Recommended: create an account with an online password manager and start using it to store your passwords.
- If you've used a password on more than one site, change them. Store the new, long password in your password manager.
Hashing Files
The exercises above mostly look at using hash functions for passwords. Hash functions are also used with files.
- Using the Windows Start menu, launch the "Windows PowerShell" application.
- Run the command "Get-FileHash C:\windows\system32\drivers\etc\hosts" (without the quotes)
- Use PowerShell to calculate the hashes of other files on the computer
Collisions
Hash collisions occur when different inputs to a hash function result in the same hash output. In 2017, Google researches found a way to engineer a hash collision using the SHA1 algorithm. They created 2 different PDF files that have the same SHA1 hash.
- Visit https://shattered.io/.
- Look at the hashes of the sample PDF files.
- Open the PDF files to verify that they are in fact different.
- Investigate how much computing time it took Google to engineer the hash collision.
- What could an attacker do if they could engineer the hash of a file, such as an executable application file?
Hashcat
If you want to use the a tool that professionals use to crack hashes, check out Hashcat. Hashcat can due brute force attacks, dictionary attacks, or combine dictonary attacks with rules (like adding a number to the end of each word in a dictionary).
SecLists
Dictionary attacks do not work well unless you have a good dictionary. Ethical hackers have compiled different password dictionaries and published them online. One popular project with lots of dictionaries (and tons more stuff) is called SecLists (i.e. Security Lists).
- Browse different password dictionarys on the GitHub SecLists project.
- What do you notice about the differences in the password lists?
- Why don't you think they just create 1 big master list with all of the password lists combined?