Jump to content

How to Safely Store a Password


Recommended Posts

This is a response to this post, since the topic is locked:

 

Obviously we don't want to go into additional detail,

 

From Wikipedia:

In cryptography, Kerckhoffs's principle (also called Kerckhoffs's desiderata, Kerckhoffs's assumption, axiom, or law) was stated by Auguste Kerckhoffs in the 19th century: A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

 

You should go into additional detail.

 

but the passwords were salted and hashed multiple times.

 

This sounds like you rolled your own cryptography in production. This is a bad idea.

 

What to do next time, couresy of Coda Hale:

 

 

Use bcrypt

Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt.

Why Not {MD5, SHA1, SHA256, SHA512, SHA-3, etc}?

These are all general purpose hash functions, designed to calculate a digest of huge amounts of data in as short a time as possible. This means that they are fantastic for ensuring the integrity of data and utterly rubbish for storing passwords.

A modern server can calculate the MD5 hash of about 330MB every second. If your users have passwords which are lowercase, alphanumeric, and 6 characters long, you can try every single possible password of that size in around 40 seconds.

And that’s without investing anything.

If you’re willing to spend about 2,000 USD and a week or two picking up CUDA, you can put together your own little supercomputer cluster which will let you try around 700,000,000 passwords a second. And that rate you’ll be cracking those passwords at the rate of more than one per second.

Salts Will Not Help You

It’s important to note that salts are useless for preventing dictionary attacks or brute force attacks. You can use huge salts or many salts or hand-harvested, shade-grown, organic Himalayan pink salt. It doesn’t affect how fast an attacker can try a candidate password, given the hash and the salt from your database.

Salt or no, if you’re using a general-purpose hash function designed for speed you’re well and truly effed.

bcrypt Solves These Problems

How? Basically, it’s slow as hell. It uses a variant of the Blowfish encryption algorithm’s keying schedule, and introduces a work factor, which allows you to determine how expensive the hash function will be. Because of this, bcrypt can keep up with Moore’s law. As computers get faster you can increase the work factor and the hash will get slower.

How much slower is bcrypt than, say, MD5? Depends on the work factor. Using a work factor of 12, bcrypt hashes the password yaaa in about 0.3 seconds on my laptop. MD5, on the other hand, takes less than a microsecond.

So we’re talking about 5 or so orders of magnitude. Instead of cracking a password every 40 seconds, I’d be cracking them every 12 years or so. Your passwords might not need that kind of security and you might need a faster comparison algorithm, but bcrypt allows you to choose your balance of speed and security. Use it.

tl;drUse bcrypt.

 

Since this forum software is a PHP application, you should be using password_hash() and password_verify().

Link to post
Share on other sites

So you want to school us on security. Let me school you how this works:

 

1. This website is owned by this guy and hasn't been around like forever and we have basically zero access to the server.

2. We are volunteers and do not get paid (that means people like you or those that cook soup for the homeless)

3. This is a forum for which the license costs 175$ which we need to pay for, while all profits of the ads go directly to no-show.

4. Be grateful you piece of sh*t instead of trying to school professionals that have lives just like you and donate their time and money to help people like you ALL FREE OF CHARGE!!!

 

You are that homeless guy that complains when he finds a fly in his soup!

Link to post
Share on other sites

 

What to do next time, couresy of Coda Hale:

 

 

Since this forum software is a PHP application, you should be using password_hash() and password_verify().

 

You should start with an understanding of the difference between a hash and encryption.

 

This site hashes passwords and stores the hash.  

 

What this means in a practical sense is that we do not store the passwords.  Nor can they be decrypted.  

 

People who are interested in this subject can do additional research.  We have had ample threads discussing this for years.  

 

As further stated, we use a well known commercial forum software package here.  It was stated clearly, but anyone who wanted to even look at the forum for a minute would be able to tell that this is the case and we did not "roll our own cryptography".   

 

Given that you failed to understand these simple facts that are basically self evident to any reasonably knowledgable developer, you're either trolling, or not the sharpest tool in the toolbox.

 

One of our staff believes that you may have simply glossed over the basics.  This is a community where experienced developers have helped others with PHP for a long long time, and while you're clearly unfamiliar with what we've done for something like 14 years (long before SO and most of the other well known developer forums)  that doesn't excuse the fact that you've rushed to judgement and made assumptions that were just wrong.

 

Quite frankly, with decryption, the requirement is that a decryption key exist.  These keys are likely to be compromised if your site is compromised.  A hash has the advantage that it intrinsically is not decrypt-able.  This is a judgement call.    

 

Anyone who used a well formed highly random password has very little to worry about because their password will not be in a Rainbow table, and that is/was the case here.  

Link to post
Share on other sites

So you want to school us on security. Let me school you how this works:

 

1. This website is owned by this guy and hasn't been around like forever and we have basically zero access to the server.

2. We are volunteers and do not get paid (that means people like you or those that cook soup for the homeless)

3. This is a forum for which the license costs 175$ which we need to pay for, while all profits of the ads go directly to no-show.

4. Be grateful you piece of sh*t instead of trying to school professionals that have lives just like you and donate their time and money to help people like you ALL FREE OF CHARGE!!!

 

You are that homeless guy that complains when he finds a fly in his soup!

 

Sounds like a complicated situation.

 

You should start with an understanding of the difference between a hash and encryption.

 

This site hashes passwords and stores the hash.  

 

What this means in a practical sense is that we do not store the passwords.  Nor can they be decrypted.  

 

People who are interested in this subject can do additional research.  We have had ample threads discussing this for years.  

 

As further stated, we use a well known commercial forum software package here.  It was stated clearly, but anyone who wanted to even look at the forum for a minute would be able to tell that this is the case and we did not "roll our own cryptography".   

 

Given that you failed to understand these simple facts that are basically self evident to any reasonably knowledgable developer, you're either trolling, or not the sharpest tool in the toolbox.

 

One of our staff believes that you may have simply glossed over the basics.  This is a community where experienced developers have helped others with PHP for a long long time, and while you're clearly unfamiliar with what we've done for something like 14 years (long before SO and most of the other well known developer forums)  that doesn't excuse the fact that you've rushed to judgement and made assumptions that were just wrong.

 

Quite frankly, with decryption, the requirement is that a decryption key exist.  These keys are likely to be compromised if your site is compromised.  A hash has the advantage that it intrinsically is not decrypt-able.  This is a judgement call.    

 

Anyone who used a well formed highly random password has very little to worry about because their password will not be in a Rainbow table, and that is/was the case here.  

Okay, this is comical. At no point did I accuse you of encrypting passwords. I accused you of rolling your own cryptography based on that post in the other thread.

 

Not only am I not confused about the difference between hashing and encryption, but you seem to have confused the word cryptography to mean encryption. You should start with an understanding of basic cryptography terms and concepts.

 

Let me draw you a map:

CQslvfJWIAAJlR9.png

If you're going to accuse me of incompetence, please do so competently.

Link to post
Share on other sites

Guys, this discussion isn't going anywhere.

 

Nobody rolled their own crypto, and nobody makes a secret of the forum software. As you can see in the bottom right corner, this site uses IP.Board. There's no need to repeat that in the announcement.

 

There's also no need for condescending lectures on security basics. Everybody who cares about this community is fully aware of the security disaster. And we've already had more than enough rubbernecks telling us that we all suck, that PHP sucks etc. I understand the schadenfreude, but it just doesn't help.

 

If you want to provide actual help beyond the standard bcrypt rant, contact an admin.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.