Do similar passwords have similar hashes?

Question

Our computer system at work requires users to change their password every few weeks, and you cannot have the same password as you had previously. It remembers something like 20 of your last passwords. I discovered most people simply increment a digit at the end of their password, so "thisismypassword1" becomes "thisismypassword2" then 3, 4, 5 etc.

Since all of these passwords are stored somewhere, I wondered if there was any weakness in the hashes themselves, for standard hashing algorithms used to store passwords like MD5. Could a hacker increase their chances of brute-forcing the password if they have a list of hashes of similar passwords?

Answer 1

It depends on the hashing algorithm. If it is any good, similar passwords should not have similar hashes.

Answer 2

With a good hash algorithm, similar passwords will get distributed across the hashes. So similar passwords will have very different hashes.

You can try this with MD5 and different strings.

"hello world" - 5eb63bbbe01eeed093cb22bb8f5acdc3
"hello  world" - fd27fbb9872ba413320c606fdfb98db1

Answer 3

Short answer, no!

The output of a hash function varies greatly even if one character is increased.

But this is only if you want to break the hashfunction itself.

Of course, it is bad practice since it makes bruteforcing easier.

Answer 4

It depends on the hash algorithm used. A good one will distribute similiar inputs to disparate outputs.

Answer 5

No, if you check the password even slightly it produces completely new hash.

Answer 6

The whole point of a cryptographic hash is that similar passwords would absolutely not create similar hashes.

More importantly, you would most likely salt the password so that even the same passwords do not produce the same hash.

Answer 7

As a general rule, a "good hash" will not hash two similar (but unequal) strings to similar hashes. MD5 is good enough that this isn't a problem. However, there are "rainbow tables" (essentially password:hash pairs) for quite a few common passwords (and for some password hashes, the traditional DES-based unix passwords, for example) full rainbow tables exist.

Answer 8

Different Inputs may result in the same Hash this is what is called a hash collision.

Check here:

http://en.wikipedia.org/wiki/Collision_%28computer_science%29

Hash colisions may be used to increase chances of a successfull brute force attack, see:

http://en.wikipedia.org/wiki/Birthday_attack

Answer 9

To expand on what others have said, a quick test shows that you get vastly different hashes with small changes made to the input.

I used the following code to run a quick test:

<?php
for($i=0;$i<5;$i++)
        echo 'password' . $i . ' - ' .md5('password' . $i) . "<br />\n";
?>

and I got the following results:

password0 - 305e4f55ce823e111a46a9d500bcb86c
password1 - 7c6a180b36896a0a8c02787eeafb0e4c
password2 - 6cb75f652a9b52798eb6cf2201057c73
password3 - 819b0643d6b89dc9b579fdfc9094f28e
password4 - 34cc93ece0ba9e3f6f235d4af979b16c

Answer 10

Do similar passwords have similar hashes?

No.

Could a hacker increase their chances of brute-forcing the password if they have a list of hashes of similar passwords?

Indirectly, yes, knowing that those are your old passwords. Not because of any property of the hash, but suppose the attacker manages to (very slowly) brute-force one or more of your old passwords using those old hashes, and sees that in the past it has been "thisismypassword3" and "thisismypassword4".

Your password has since changed, to "thisismypassword5". Well done, by changing it before the attacker cracked it, you have successfully ensured that the attacker did not recover a valuable password! Victory! Except it does you no good, since the attacker has the means to guess the new one quickly anyway using the old password(s).

Even if the attacker only has one old password, and therefore cannot easily spot a trend, password crackers work by trying passwords which are similar to dictionary words and other values. To over-simplify a bit, it will try the dictionary words first, then strings consisting of a word with one extra character added, removed or changed, then strings with two changes, and so on.

By including your old password in the "other values", the attacker can ensure that strings very similar to it are checked early in the cracking process. So if your new password is similar to old ones, then having the old hashes does have some value to the attacker - reversing any one of them gives him a good seed to crack your current password.

So, incrementing your password regularly doesn't add much. Changing your password to something that's guessable from the old password puts your attacker in the same position as they'd be in if they knew nothing at all, but your password was guessable from nothing at all.

The main practical attacks on password systems these days are eavesdropping (via keyloggers and other malware) and phishing. Trying to reverse password hashes isn't a good percentage attack, although if an attacker has somehow got hold of an /etc/passwd file or equivalent, they will break some weak passwords that way on the average system.