Security Idea

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Zeggy
Forum Newbie
Posts: 6
Joined: Tue Jan 08, 2008 11:19 am

Security Idea

Post by Zeggy »

I got an idea for security, not that any more security techniques are needed, but it seemed interesting to me :)

If anybody's interested:
http://www.pbbgblog.com/2008/01/07/usin ... eparately/

I would like to know any responses, or feedback. (Post here or leave a comment)
Basically, would this be strong enough in practice to protect data?
Are there any weaknesses?

Thanks!
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Security Idea

Post by Mordred »

Zeggy wrote:There are already so many people using so many different combinations of MD5 and SHA-1 to protect sensitive data in games as well as elsewhere. Different methods are used, such as salting, multiple stages of encryption, etc.

I have an idea of going one step further in encrypting data. It’s not so complicated as some other methods I’ve seen, but I don’t know how effective this would be in practice, and I haven’t found any similar experiments in my search on Google, so I’ll just post it here and hear your thoughts on it.

My idea is to use both MD5 and SHA-1 separately, and saving two different hashes. Let’s say we were encrypting a password. Then we would have two columns in our database, called `password_md5` and `password_sha1`. These are the passwords encrypted using the two methods. Whether or not the password is salted or not is your choice, so long as the data parameters of the MD5 and SHA-1 functions are the same. When somebody logs in, you will need to make to comparisons to make sure that both hashes of the password (+salt) are correct.

The reason for doing this is that, if somebody were to find a collision for one hash, I think it would be highly unlikely (and maybe impossible) for that same collision to have the correct hash for the other encryption technique. I don’t really know the inner workings of MD5 and SHA-1, but I am guessing that they both work very differently, enough for this to be true.

Couple this method with salting and it should be quite secure. Of course, you could use the same principle of using two hashes, except with just one encryption technique. Instead, you could vary the salt used instead. The underlying principle is still the same.

I hope I explained that well enough for you to understand I’d also like some feedback and thoughts on this. Can you think of any disadvantages or weaknesses? Or do you think that this will be a complete failure?
This is wrong in many ways, up to the point that this looks dangerously close to a trolling attempt. Before spending time on rebutting your reasoning, here's a couple of "challenge" questions:

1. What problem(s) are you trying to solve?
2. How - in detail - the measures you propose would help in the said problems.
3. Some (preferably scientific) reference would help assuring the audience that you've actualy taken some time in researching the problem domain.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Re: Security Idea

Post by superdezign »

Zeggy wrote:My idea is to use both MD5 and SHA-1 separately, and saving two different hashes. [...]

The reason for doing this is that, if somebody were to find a collision for one hash, I think it would be highly unlikely (and maybe impossible) for that same collision to have the correct hash for the other encryption technique. I don’t really know the inner workings of MD5 and SHA-1, but I am guessing that they both work very differently, enough for this to be true.
This seems to only be effective against rainbow tables... But that's one of the main reasons that we use salting and peppering in the first place.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Security Idea

Post by Mordred »

superdezign wrote:
Zeggy wrote:My idea is to use both MD5 and SHA-1 separately, and saving two different hashes. [...]

The reason for doing this is that, if somebody were to find a collision for one hash, I think it would be highly unlikely (and maybe impossible) for that same collision to have the correct hash for the other encryption technique. I don’t really know the inner workings of MD5 and SHA-1, but I am guessing that they both work very differently, enough for this to be true.
This seems to only be effective against rainbow tables... But that's one of the main reasons that we use salting and peppering in the first place.
No, it's not "effective against rainbow tables", RTs are just a way to do reverse lookups on hashes. If anything, having two hashes instead of one, would help the attacker, as it increases the probability that the hash in question will be findable in one of the RTs. Unless the two hashes are salted that is, in which case we're back to square one with no added security against RTs (in comparison with using a single salted hash).

As for the idea - it's not new (apparently the OP hasn't spent any significant time in research), and only has limited merit against collision attacks. The combined collision resistance is not the sum of resistances of the different hash functions (due to the implementation details of most modern hash functions, which I'm barely familiar with, just quoting here), but it's still somewhat useful if one of the functions gets too broken, the combined collision resistance will still be no less than the collision resistance of the remaining function. This is why they still continue to use MD5 + SHA1 in signing some GNU/Linux distros.

When dealing with login credentials, we do not care about the collision properties of the hash functions, but of their preimage-attack resistance (i.e. one-way-ness). As such, the OP has been solving the wrong problem. I already spoke about keeping two hashes. Now, if we want to increase preimage-resistance, a better theoretical thing is to use a single function with better resistance (say SHA256). A better practical thing is to use SHA256 because there are no (or rarer "less", haven't checked really) public RT services against it. And don't forget a good salting.
Zeggy
Forum Newbie
Posts: 6
Joined: Tue Jan 08, 2008 11:19 am

Post by Zeggy »

Okay, thanks Mordred, I understand now :)

I just wanna say, I'm not much of a security expert. This was just an idea. I didn't find much in my short search on google because I don't know what keywords to use. I'm not sure if this method has a name.

But I guess this method isn't really useful.
Post Reply