Passwords
Moderator: General Moderators
- The Phoenix
- Forum Contributor
- Posts: 294
- Joined: Fri Oct 06, 2006 8:12 pm
Re: Passwords
Crypt is reversible. Hashes are not.toasty2 wrote:How should I hash passwords? Just use crypt? Use crypt with one of the other encryptions? Something else?
You want hashes, as they are not reversible, so an attacker with control of the database cannot extract the plain-text version of users passwords.
md5, sha1, sha256/512/etc all work well.
So, is using:good?
Code: Select all
hash('sha512', $password);-
timgolding
- Forum Newbie
- Posts: 14
- Joined: Tue Jul 24, 2007 9:02 am
this is still susceptible to dictionary attacks.toasty2 wrote:So, is using:good?Code: Select all
hash('sha512', $password);
- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm
- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm
- The Phoenix
- Forum Contributor
- Posts: 294
- Joined: Fri Oct 06, 2006 8:12 pm
Reversed isn't correct. Predicted and repeated with different inputs is.superdezign wrote:As in reversed? Are you certain? That's a rumor I've heard, but I haven't seen any proof of it, yet.RhapX wrote:MD5 can be cracked, sha1 is the way to go.
Two of the strengths of hashes is that they are unique, and that they aren't (generally) predictable. MD5 has fallen to both. That means you can get an MD5sum for your favorite OS (OpenBSD? Linux?), and it might not mean your copy hasn't been tampered with. (I could generate a new image with a rootkit pre-installed, for example).
Thats bad, depending on the application of the hash. SHA1 has also had substantial compromises in the last few years as well. SHA-256 and above are the current suggested solutions for hashing in most security circles.
As to proof, google for "MD5 broken paper", and you'll find plenty of discussion (and links) to the papers from 2005 that led to most of the compromises. Its very real.
- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm
Is that a flaw of the algorithm or of the length of the hash?The Phoenix wrote:Two of the strengths of hashes is that they are unique, and that they aren't (generally) predictable. MD5 has fallen to both.
Edit: So they found ways to reliably fake the same hash? Whoa.. why bother knowing a password if you can just make up one that works. :/
- The Phoenix
- Forum Contributor
- Posts: 294
- Joined: Fri Oct 06, 2006 8:12 pm
In the case of MD5, its the algorithm. In the case of SHA, I don't think there is a clear answer. The length of the hash makes it less likely to occur, but it is due to a flaw in the algorithm. So, both, I guess?superdezign wrote:Is that a flaw of the algorithm or of the length of the hash?
Edit: So they found ways to reliably fake the same hash? Whoa.. why bother knowing a password if you can just make up one that works. :/
And yes, thats the problem. MD5 is broken, broken, broken. Even if it wasn't, it can be reliably brute-forced relatively quickly for most reasonable inputs thanks to the incredible increases in processing speeds.
SHA on the other hand is still relatively strong for most reasonable uses. The level at which it isn't is pretty much exactly the level where you should be looking at SSL or similar transports to obviate the need for a (weaker) hash.