When Security Experts Forget Passwords

What happens when you've forgotten the password that unlocks every byte of data you have stored?

That was the scenario faced recently by Web application security expert Jeremiah Grossman, CTO of WhiteHat Security, who woke up one morning and -- after many failed password attempts -- realized that he'd changed his password but forgotten what he'd changed it to.

As a result, he was unable to access the many different Mac OS X Disk Image (.dmg) files he uses to store his work, which he created with Apple FileVault using double the default level of encryption: AES-256.

"A great thing about DMGs is that they can be stored anywhere -- hidden in some obscure directory on the local machine, a network storage device, a USB drive, whatever. All my confidential files are typically stored this way, in a series of encrypted DMGs with separate passwords," said Grossman in a blog post.

[ Study shows the strongest passwords are built by stringing together nouns. Read more at Want Stronger Passwords? Try Bad Grammar. ]

Needless to say, he also uses strong passwords to make it difficult, if not impossible, to crack any of the AES-256-encrypted DMG archives via a brute-force attack. Grossman also mounts the DMGs only when they're needed, both to make the files harder to find should someone obtain his password, and to make the data much more difficult for any hackers who remotely compromise his system. Likewise, Grossman didn't store his password in the OS X Keychain. Nor did he write it down and store it in a safe or other hiding place.

Thanks to those steps, he said, "Should my computer get 'hacked,' a remote attacker will find it extremely difficult to transfer out many gigabytes worth of data as a single DMG file before being noticed, the computer loses its connection to the Internet, or the image is unmounted."

The only flaw in that plan: what if you forget your password?

After a week of trying and failing to enter the correct password, Grossman issued a plea via Twitter, which was answered by four developers: Solar Designer, gat3way, Dhiru Kholia and Magnum. They collectively created the John the Ripper (JtR) password cracker along with Jeremi Gosney of Stricture Consulting Group, which maintains a powerful GPU cluster for rapidly cracking passwords. "Collectively, these guys are the amongst the world's foremost experts in password cracking. If they can't help, no one can," said Grossman.

But Grossman couldn't simply email the password-cracking experts a multi-gigabyte DMG file, not least because of the threat of exposing intellectual property. Thankfully, a tool called dmg2john scrapes the DMG and provides output that can be cracked with JtR by others without putting the data at risk, so Grossman was able to send only the encrypted data pertaining to his password.

Then came the bad news: Thanks to AES-256, despite the use of a powerful GPU-based cluster, only about 104 hashes per second total -- 104 blind guesses per second -- could be made against 41 billion password possibilities. Fortunately for Grossman, he did remember part of his password. "Understanding this, Jeremi begins asking for more information about what the extra six or so characters in my password might have been," Grossman said. "We're (sic) they all upper- and lower-case characters? What about digits? Any special characters? Which characters were most likely used or not used? Every bit of intel helped a lot."

Ultimately, the details that Grossman remembered reduced the password combination possibilities down to just 22,472. "This meant the total amount of time required to crack the DMG was reduced to 3.5 minutes on his rig," he said. "Subsequently, Jeremi sent me what had to be one the most relieving and frightening emails I've ever received in my life. Relieving because I recognized the password immediately upon sight. I knew it was right, but my anxiety level remained at 10 until typing it in and seeing it work."

The moral of the story: No matter how secure your system might be, never discount the human element, even if that human is an information security specialist. In addition, always back up your passwords. "Clearly I need paper backup, and [I'm] thinking maybe about giving it to my attorney for safekeeping where it'll enjoy legal privilege protection," said Grossman.

Rick Falkvinge, the founder of the Swedish Pirate Party and a campaigner for sensible information policy, will present the keynote address at Black Hat Europe 2013. Black Hat Europe will take place March 12-15 at The Grand Hotel Krasnapolsky in Amsterdam.