Jump to content
  • Advertisement
Sign in to follow this  
sooner123

[web] Password security for login system

This topic is 2948 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I only store the hash of the password in the database. Having recently read about salting, I'd like to employ it for extra security.

Is salting really necessary? I use md5 hashing.

What type of salting is typically used? In the examples, all that was done was append some text to the password before hashing, but this seems silly to me. If someone were really able to reverse engineer the digest (not likely), it would be really obvious what had been appended. So I had the idea of dynamically salting the password. (inverting case, reversing, symmetric key XOR substitution, etc.)

What exactly does salting protect against that a nice md5 or sha-1 hash doesn't?

Share this post


Link to post
Share on other sites
Advertisement
First of all, if you're worried about security, then MD5 isn't a great choice anymore. From Wikipedia:

Quote:
The security of the MD5 hash function is severely compromised. A collision attack exists that can find collisions within seconds on a computer with a 2.6Ghz Pentium4 processor (complexity of 224.1).[15] Further, there is also a chosen-prefix collision attack that can produce a collision for two chosen arbitrarily different inputs within hours, using off-the-shelf computing hardware (complexity 239).[16]

These collision attacks have been demonstrated in the public in various situations, including colliding document files[17][18] and digital certificates.[7]

As of 2009, a theoretical attack also breaks MD5's preimage resistance.


Secondly, to answer your questions about salting. Salting is a way to provide an extra layer of security. Here's how:

To login with someone else's password, you would need to reverse the hash to get the plain text password. This is unfeasable. What is feasible is to find a collision (another text that results in the same hash) and use that as the password instead. It will pass the login tests too.

Adding a salt makes using a collision impossible, as long as the salt is a secret of course. If you find a text that has a collision with the current password, you can't use that specific text in the password field, because a salt is added to it yielding a different hash.

Share this post


Link to post
Share on other sites
Quote:

What exactly does salting protect against that a nice md5 or sha-1 hash doesn't?


It's not an either or proposition, salting is used in conjunction with MD5 or SHA for additional security. Salting makes it far more difficult to attack the passwords by brute-force or a rainbow table.

A Similar concept called a nonce, which prevents "replay attacks" (reusing old communications such when logging in) by append a unique peace of data before hashing.

Cryptographic Salt
Nounce

Share this post


Link to post
Share on other sites
Quote:

What exactly does salting protect against that a nice md5 or sha-1 hash doesn't?

A really obvious example of why salts are good is to look at a reasonably large password table. Imagine you are using password "password1" (allegedly the most common password). The password is hashed. However, you can - by mere inspection - see all the people who share your password, because their passwords have the same hash as yours. You barely have to do any work - apart from get access to the database in the first place.

There are tables of hashed values of common passwords. This makes it easy to do simple statistical attacks without bothering to write a complex program to actually do hashing at all, all you need is to compare the relative proportions of each hash.

It is pretty trivial to attack a database that lacks salts. If you are bothered to write a program to attack it, you can brute force any passwords of interest (maybe an known administrator for instance).

Share this post


Link to post
Share on other sites
Quote:
Original post by btower
First of all...
This is technically correct, but irrelevant. That attack on MD5 why you can read everywhere on the internet that MD5 is useless can construct a different input to a known input which will have the same hash.
For message authenticy that is indeed a big problem, because I could change "I owe you 20 dollars, signed" into "You owe me 5345346 dollars, signed".
For storing passwords, however, it's somewhat silly, because if the attacker already knows the password, there is no point in producing one that produces a collision.
A bigger problem is that MD5 has "only" 128 bits, which makes a brute force attack feasible (not necessarily cheap, but feasible). For 256 bit hashes, a brute force attack is impossible unless someone invents an energy source about the size of the sun.

Quote:
Adding a salt makes using a collision impossible, as long as the salt is a secret of course.
No. All hash functions (not only MD5) necessarily have collisions, and it is always possible to generate and use collisions regardless of salt.
A hash function hashes N input bytes to M output bytes with M < N (usually M <<< N). It is therefore not possible not to have collisions. Think of 50 people in a room, drawing numbers from 1 to 5 out of a hat. There is no way that none of them will get the same number, simply because there isn't a unique number for everybody.

Also, salt does not need to be secret. If it is secret, that's a plus, but it is not necessary. It's similar to what crypto algorithm you use or how it works. If the attacker doesn't know, that's a plus. However, it will still work (it has to!) if the attacker knows.

See the posts by prh99 and rip-off, which describe what salt does very well.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!