Page 1 of 1
Passwords
Posted: Sun Jul 22, 2007 1:57 pm
by toasty2
How should I hash passwords? Just use crypt? Use crypt with one of the other encryptions? Something else?
Posted: Sun Jul 22, 2007 2:35 pm
by Oren
Re: Passwords
Posted: Sun Jul 22, 2007 4:59 pm
by The Phoenix
toasty2 wrote:How should I hash passwords? Just use crypt? Use crypt with one of the other encryptions? Something else?
Crypt is reversible. Hashes are not.
You want hashes, as they are not reversible, so an attacker with control of the database cannot extract the plain-text version of users passwords.
md5, sha1, sha256/512/etc all work well.
Posted: Sun Jul 22, 2007 9:48 pm
by toasty2
Posted: Mon Jul 23, 2007 3:29 am
by dbevfat
It'd be better if you added some salt. Did you read the article that Oren linked?
Posted: Tue Jul 24, 2007 9:32 am
by timgolding
toasty2 wrote:So, is using:
good?
this is still susceptible to dictionary attacks.
Posted: Sat Aug 04, 2007 4:18 am
by grant
MD5 Salt hashing is the way to go. Don't just MD5 your passwords Salt them too.
Google can provide many examples. Means if someone dumps all your passwords then your passwords will be secure.
Posted: Sat Aug 04, 2007 8:09 am
by superdezign
grant wrote:MD5 Salt hashing is the way to go. Don't just MD5 your passwords Salt them too.
I think anything-stronger-than-MD5 salt hashing is a better way to go.

Posted: Sat Aug 18, 2007 2:21 am
by RhapX
grant wrote:MD5 Salt hashing is the way to go. Don't just MD5 your passwords Salt them too.
Google can provide many examples. Means if someone dumps all your passwords then your passwords will be secure.
MD5 can be cracked, sha1 is the way to go.
Posted: Sat Aug 18, 2007 2:24 am
by hawleyjr
Posted: Sat Aug 18, 2007 9:13 am
by superdezign
RhapX wrote:MD5 can be cracked, sha1 is the way to go.
As in reversed? Are you certain? That's a rumor I've heard, but I haven't seen any proof of it, yet.
Posted: Sat Aug 18, 2007 10:05 am
by The Phoenix
superdezign wrote:RhapX wrote:MD5 can be cracked, sha1 is the way to go.
As in reversed? Are you certain? That's a rumor I've heard, but I haven't seen any proof of it, yet.
Reversed isn't correct. Predicted and repeated with different inputs is.
Two of the strengths of hashes is that they are unique, and that they aren't (generally) predictable. MD5 has fallen to both. That means you can get an MD5sum for your favorite OS (OpenBSD? Linux?), and it might not mean your copy hasn't been tampered with. (I could generate a new image with a rootkit pre-installed, for example).
Thats bad, depending on the application of the hash. SHA1 has also had substantial compromises in the last few years as well. SHA-256 and above are the current suggested solutions for hashing in most security circles.
As to proof, google for "MD5 broken paper", and you'll find plenty of discussion (and links) to the papers from 2005 that led to most of the compromises. Its very real.
Posted: Sat Aug 18, 2007 10:09 am
by superdezign
The Phoenix wrote:Two of the strengths of hashes is that they are unique, and that they aren't (generally) predictable. MD5 has fallen to both.
Is that a flaw of the algorithm or of the length of the hash?
Edit: So they found ways to reliably fake the same hash? Whoa.. why bother knowing a password if you can just make up one that works. :/
Posted: Sat Aug 18, 2007 10:36 am
by The Phoenix
superdezign wrote:Is that a flaw of the algorithm or of the length of the hash?
Edit: So they found ways to reliably fake the same hash? Whoa.. why bother knowing a password if you can just make up one that works. :/
In the case of MD5, its the algorithm. In the case of SHA, I don't think there is a clear answer. The length of the hash makes it less likely to occur, but it is due to a flaw in the algorithm. So, both, I guess?
And yes, thats the problem. MD5 is broken, broken, broken. Even if it wasn't, it can be reliably brute-forced relatively quickly for most reasonable inputs thanks to the incredible increases in processing speeds.
SHA on the other hand is still relatively strong for most reasonable uses. The level at which it isn't is pretty much exactly the level where you should be looking at SSL or similar transports to obviate the need for a (weaker) hash.