Re: Password Hashing
Posted: Sun Jan 09, 2011 11:18 am
Article on hashing passwords: viewtopic.php?t=62782
HMAC vs. basic hash: There are some attacks against some families of hash functions, among which are md5 and sha*. HMAC protects agains them. They mostly concern appending data to an unkonwn signed message and producing a valid HMAC of the new message, which is not relevant to the application of securing passwords. Nevertheless, when working with security primitives, it is always better to stick to old and proven ones, such as HMAC. For that reason, I recommend using it.
multiple hashings: This is called strengthening and is a valid method. It does not provide much better security on its own without salting, so you can consider using it on top of proper salting.
What is a good length for a salt?: As long as you can "afford" in your environment. The purpose of salting is to increase the entropy of weak passwords, so instead of "qwerty" you'd have "qwertyn230nm,GFM@#$()". A good rule of thumb is to use a salt of lenght and complexity as a "good" password according to your security needs. So 256 chars of salt is possible, but overkill, 4 chars is clearly too little, anything between 8 and 16 depending on the charset is okay.
Brute force attacks against stolen passwords: Yes, a "full" BF is generally a hard thing to do, but you can do some clever attacks nevertheless. Salting and strengthening will help protect against mass recovery of passwords. Salting and peppering (described in the article I linked to) may severely diminish the chances of success for the attacker.
HMAC vs. basic hash: There are some attacks against some families of hash functions, among which are md5 and sha*. HMAC protects agains them. They mostly concern appending data to an unkonwn signed message and producing a valid HMAC of the new message, which is not relevant to the application of securing passwords. Nevertheless, when working with security primitives, it is always better to stick to old and proven ones, such as HMAC. For that reason, I recommend using it.
multiple hashings: This is called strengthening and is a valid method. It does not provide much better security on its own without salting, so you can consider using it on top of proper salting.
What is a good length for a salt?: As long as you can "afford" in your environment. The purpose of salting is to increase the entropy of weak passwords, so instead of "qwerty" you'd have "qwertyn230nm,GFM@#$()". A good rule of thumb is to use a salt of lenght and complexity as a "good" password according to your security needs. So 256 chars of salt is possible, but overkill, 4 chars is clearly too little, anything between 8 and 16 depending on the charset is okay.
Brute force attacks against stolen passwords: Yes, a "full" BF is generally a hard thing to do, but you can do some clever attacks nevertheless. Salting and strengthening will help protect against mass recovery of passwords. Salting and peppering (described in the article I linked to) may severely diminish the chances of success for the attacker.