Adobe data breach far worse than first claimed

November 5, 2013 // 9:34 a.m.

Tags: #3des #adobe #cryptography #data-breach #data-loss #encryption #hashing #insecurity #passwords #security #triple-des

The data breach announced by Adobe early last month is considerably more serious than the company first believed, with badly-protected passwords and ancillary data for more than 150 million of its customers being made public.

Adobe's initial report on the attack was bleak enough: at the time, the company claimed that customer IDs, passwords, payment card details and other order-related information on around three million of its customers had been leaked. Worse still, the as-yet unidentified attackers made off with the source code for several Adobe products.

In recent weeks, however, Adobe has been forced to admit that its initial estimation of the attack's scope was a little off the mark. First came the revelation that the data breach resulted in the details of over 38 million customers, not the original three million the company had claimed, being downloaded. This was followed by the publication of a list containing around 153 million account details, showing the attack to have been massively more successful than feared. Now, it has been pushed into admitting that its methods for encrypting or hashing said data was flawed.

When Adobe first announced the breach, it claimed that all personal data was stored in an encrypted format that would prevent the attackers from being able to retrieve passwords - a claim many took to mean the passwords were hashed using a one-way cryptographic function, as is industry standard practice. That, sadly, has turned out to a false assumption: rather than hashing, the passwords were indeed encrypted - and in such a way as to make them vulnerable to attack.

When a password is hashed, it is scrambled in such a way that it becomes the next best thing to gibberish. There is no known way to take the hash of a password and reverse it to gain the original; instead, attackers are forced to hash entire dictionaries or brute-force strings word-by-word and compare them to the list of hashes for a match. Coupled with salting, where a value is used to ensure two identical passwords produce two different hashes, this makes uncovering all but the most basic and insecure of passwords extremely difficult.

Sadly, that's not what Adobe did. Instead of a one-way hash function, the company encrypted the passwords using the Triple-DES (3DES) cipher in its insecure Electronic Code Book (ECB) mode. Worse, the company stored user-supplied password hints in unencrypted form - with many 'hints' actually repeating the password in plain text. Even where the hint was blank or apparently unhelpful, the encryption method used allows an attacker to ascertain the exact length of the password.

Science-themed web comic xkcd was quick to poke fun at Adobe's security practices, describing the breach as 'the greatest crossword puzzle in the history of the world.' For those affected by the flaw - a significant proportion of Adobe's customer base, it would seem - the gaffe is likely to prove no laughing matter.

'With very little effort, we have already recovered an awful lot of information about the breached passwords,' explained Sophos' Paul Ducklin in his analysis of the leaked account details. '[This includes] identifying the top five passwords precisely, plus the 2.75% of users who chose them, and determining the exact password length of nearly one third of the database.

'Bear in mind that salted hashes - the recommended programmatic approach here - wouldn't have yielded up any such information - and you appreciate the magnitude of Adobe's blunder.