MD5, hashes, passwords, salts and more - Security Reference

[Xeoncross]

 

1) You need to salt your passwords.

 

Assume a user's secret key is stolen and he is known to use one of 200,000 English words as his password. The system uses a 32-bit salt (like md5). Because of this salt, the attacker's pre-calculated hashes are of no value. He/she must calculate the hash of each word with each of 2^32 (4,294,967,296) possible salts appended until a match is found. The total number of possible inputs can be obtained by multiplying the number of words in the dictionary with the number of possible salts:

 

2^{32} \times 200 000 = 8.58993459 \times 10^{14}

 

To complete a brute-force attack, the attacker must now compute about 800 trillion hashes, instead of only 200,000. Even though the password itself is known to be simple, the secret salt makes breaking the password radically more difficult. - http://en.wikipedia.org/wiki/Salt_(cryptography)

 

2) Now that I got that off my chest I recommend this awesome PHP class http://www.openwall.com/phpass/ as even WORDPRESS has started using it.

 

3) Plain md5 is just too simple to crack - it is like WEP in WIFI: http://md5.rednoize.com/

 

4) Rainbow Tables can kill your simple PHP scripts: http://www.antsight.com/zsl/rainbowcrack/

http://en.wikipedia.org/wiki/Rainbow_table

 

So please, I don't want to see anyone still using plain md5() hashes - at least use a salt!

 

http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/

http://phpsec.org/articles/2005/password-hashing.html

 

[soycharliente]

If anyone wants to brute force my site and steal my blog posts and lunch data, be my guest

 

So does all that mean that if I use uppercase characters, lowercase characters, numbers, and symbols in a word that's a combination of English and another language for my password, that regular md5 should be fine?

[Xeoncross]

No, you are not safe unless the person is using a "simple" rainbow table.

 

By the way, what are you having? I might just try your site if your lunch is good enough...

[Xeoncross]

Well, actually it depends on how safe you want to be. If someone REALLY wanted into your site (like winning lotto number) - that wouldn't stop them - but the non-english chars would sure slow them down!

[soycharliente]

I live in Atlanta and I made a site for one of my coworkers. He's logged every place he's eaten for lunch on a workday in the US (he left for Ireland for a while) since he started. It's all in a notebook on his desk too, but I made a site for him as a joke and it caught on. I added more and more stuff to it later.

 

http://donger.charlieholder.com

[discomatt]

Also note PHP5's (PECL as well) hash() function... which can take advantage of a multitude of hashing algorithms.

 

http://php.net/manual/en/ref.hash.php

 

But remember, security through obscurity only goes so far. If someone REALLY wants your data, they will get it as long as they have access to the hashing algorithm.

[Xeoncross]

 

Besides checking your passwords with a rainbow table you might also try running John on them.

 

http://www.codinghorror.com/blog/archives/000953.html

http://pbeblog.wordpress.com/2008/02/12/secure-hashes-in-php-using-salt/

http://www.bigroom.co.uk/blog/php-password-security

[discomatt]

Or better advice IMHO:

 

If any of this confuses you (not poking fun, a lot of this stuff can be hard to comprehend), let someone else or a reliable, premade package handle your authentication and password storage until you better understand the concepts of hashing and salting.

[Xeoncross]

 

Does anyone know of a good way to generate a hash "salt" when working with OS code? For example, I thought that the salt could be the first 5 chars of the username. But if the project is OS then any hacker could just add the first 5 chars to the password salt and it would be useless.

 

I also thought of making each user create a random 7-20 char salt after they download the system - but then all passwords would use the same salt and if a cracker found the salt they could also just apply it to every password.

 

I'm talking brute force attacks (rainbow tables) here.

 

So what is a formula to auto-create a hash salt that is always the same, but is not guessable? (or is this even possible?)

 

[Xeoncross]

Here is an example I found of my point.

 

Calling generateHash() with a single argument (the plain text password) will cause a random string to be generated and used for the salt. The resulting string consists of the salt followed by the SHA-1 hash - this is to be stored away in your database. When you're checking a user's login, the situation is slightly different in that you already know the salt you'd like to use. The string stored in your database can be passed to generateHash() as the second argument when generating the hash of a user-supplied password for comparison. - http://phpsec.org/articles/2005/password-hashing.html

 

<?php

define('SALT_LENGTH', 9);

function generateHash($plainText, $salt = null) {

    //IF no salt+hash was passed
    if ($salt === null) {
    
        //Create a salt
        $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
    
    } else {

        //get the salt from the front of the salt+hash
        $salt = substr($salt, 0, SALT_LENGTH);

    }

    //return the salt+hash
    return $salt . sha1($salt . $plainText);
}

?>

 

Either way, if a user knew this was the way that passwords were hashed they could just look at the first 9 chars of the hash and add that to the passwords. So salting like this is useless in OS projects.