I'm interested in salting my hashed passwords...

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: I'm interested in salting my hashed passwords...

Post by Eran »

I see, makes sense :)
I've been using shorter salts till now, probably time to upgrade them a little
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: I'm interested in salting my hashed passwords...

Post by kaisellgren »

pytrin wrote:I see, makes sense :)
I've been using shorter salts till now, probably time to upgrade them a little
Oh well. We would ideally look for a perfect preimage, but the hash value does not only consist of salts, but also of possible peppers and the password itself. So, determining a perfect salt is not easy. Just make sure the salt does not have too low entropy or length. If you do that, then your concern is the underlying hash function or you have no concerns at all (which is what you should aim at 8) ).
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: I'm interested in salting my hashed passwords...

Post by Mordred »

My paper (draft ... since 2007. I actually have some updates, but not enough for publishing) on the subject covers most of the whys and hows:
viewtopic.php?f=34&t=62782&st=0&sk=t&sd=a

Some extra points on the duscussion so far:
- You should really really salt and pepper password hashes. I have a collection of examples where the opposite was a mistake.
- (per-user) salts are usually kept with the other login data (There might be some problems if not so, but of course it's possible to keep them separated, you just have to know what you're doing), so yes, when designing your hashing scheme, assume the attacker has them. I have some ideas of practical implementations, I'll follow up if you want.
- (side-wide) salt (aka pepper) should be looooooong.
- Use hash(hash(pepper.salt.password)) for your hashing scheme.

Kai I haven't read the article carefully (will do so in the near future), but I can easily spot some points of disagreement ;)

1. Double hashing is fine (I know I said otherwise in the 2007 article, I now have solid reasons for using it). (there's a debate about this in another thread)
2. I find no arguments for this "sufficient length" calculation. Salts in my book serve a different purpose, and as such a handful of characters is enough. Arguments, please?
3.
kaisellgren wrote:Rainbow tables are online websites (or even some sort of local databases) that show you a form where you fill the hash and then they give you back the orginal plaintext.
Kai, had I known you wrote such a statement, I would not have entered that discussion with you about hashing. Man, no offense, but if you're mentioning something in a security article at least read the bloody wikipedia article, okay? (Well actually in my book if you have to read the wp article, it's too early to write anything on the subject)
4. Also, citing your sources would be nice. I think my article (above) should be among them.
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: I'm interested in salting my hashed passwords...

Post by kaisellgren »

Mordred: I would not recommend double hashing, but there is nothing evil about it. Did I say otherwise? If you spot that in the article, do tell me if and where I said that in the article.

And oh, yea, that sentence wasn't a good one. I have my own lookup table that also works as an online website so I kind of mixed up everything, but please note that I wrote the whole article from 11 PM to 5 AM so it's full of mistakes, grammatical errors, etc. The article is more like my thoughts - what I thought at the moment I wrote it. The whole site is for my own purpose, to pull all my thoughts together, but I decided to share them to people (there are plenty of private articles).
Mordred wrote:4. Also, citing your sources would be nice. I think my article (above) should be among them.
I'll probably say the same thing again, the site is contains my thoughts... it's not a library, not a place to learn security, not an education site.. I wanted to write everything so it becomes more clear to me. You do know what I'm talking about, don't you? When you actually start writing, you suddenly think about other aspects and you can actually put everything together. Very useful. That's why I originally made that, and I have really no idea where I have got some of the information. Most of the stuff just makes sense more or less, when you think about the bigger picture. When I wrote that article, I never looked into any sources. I just wrote it all alone the whole night. For sure, some of the information I have learnt in the past, but I do not remember what, when, where or from who.

I do have read your forum entry, I have really no idea what parts of it I may have absorbed. I do know that peppering originates from 2005, http://script.wareseeker.com/PHP/salt-p ... .zip/17340 maybe dynamic hashing? Er, I don't know.

Btw, what does your word "book" refer to? To the forum post? A real physical book?

EDIT: I modified the sentence. Hopefully makes more sense now.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: I'm interested in salting my hashed passwords...

Post by Mordred »

(sorry for the thread hijack)
kaisellgren wrote:Mordred: I would not recommend double hashing, but there is nothing evil about it. Did I say otherwise? If you spot that in the article, do tell me if and where I said that in the article.
Heh, well, you did say it, only in the hashing thread.
kaisellgren wrote:And oh, yea, that sentence wasn't a good one. I have my own lookup table that also works as an online website so I kind of mixed up everything, but please note that I wrote the whole article from 11 PM to 5 AM so it's full of mistakes, grammatical errors, etc. The article is more like my thoughts - what I thought at the moment I wrote it. The whole site is for my own purpose, to pull all my thoughts together, but I decided to share them to people (there are plenty of private articles).
Mordred wrote:4. Also, citing your sources would be nice. I think my article (above) should be among them.
I'll probably say the same thing again, the site is contains my thoughts... it's not a library, not a place to learn security, not an education site.. I wanted to write everything so it becomes more clear to me. You do know what I'm talking about, don't you? When you actually start writing, you suddenly think about other aspects and you can actually put everything together. Very useful. That's why I originally made that, and I have really no idea where I have got some of the information. Most of the stuff just makes sense more or less, when you think about the bigger picture. When I wrote that article, I never looked into any sources. I just wrote it all alone the whole night. For sure, some of the information I have learnt in the past, but I do not remember what, when, where or from who.
Yeah, fair enough, I know what you mean.
kaisellgren wrote:I do have read your forum entry, I have really no idea what parts of it I may have absorbed. I do know that peppering originates from 2005, http://script.wareseeker.com/PHP/salt-p ... .zip/17340 maybe dynamic hashing? Er, I don't know.
Hmm, have you actually read that script? You'll find that what the author means by "pepper" is totally different, it's just his name for the function to check a hash. Otherwise, he just uses a site-wide salt, basically one of the main approaches I argue against in the article.

I've read a lot of articles on the subject before writing mine, and I haven't seen anyone propose my scheme (of course it doesn't mean I'm the first one to invent it, I just haven't seen one like it). I think that one reason for this might be people drawing analogies with the unix-style password hashing for system accounts, where salting is quite enough. Web credentials on the other hand "live" in different conditions. Also, for good or bad, the term "pepper" meaning "site-wide salt" is also my "invention" (which I don't like much: "site-wide salt" is much more descriptive). It's not very clever, I agree - the pun with "salt" is too obvious, and other people have used it for various different reasons (I'm surprised you didn't bump into "Data Tastes Better Seasoned" in your googling for example).
kaisellgren wrote:Btw, what does your word "book" refer to? To the forum post? A real physical book?
Naah, just a silly idiom.

Btw, I recall you mentioning that you want to write a book, do you have any plans about it?
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: I'm interested in salting my hashed passwords...

Post by kaisellgren »

Mordred wrote:I've read a lot of articles on the subject before writing mine, and I haven't seen anyone propose my scheme (of course it doesn't mean I'm the first one to invent it, I just haven't seen one like it). I think that one reason for this might be people drawing analogies with the unix-style password hashing for system accounts, where salting is quite enough. Web credentials on the other hand "live" in different conditions. Also, for good or bad, the term "pepper" meaning "site-wide salt" is also my "invention" (which I don't like much: "site-wide salt" is much more descriptive). It's not very clever, I agree - the pun with "salt" is too obvious, and other people have used it for various different reasons (I'm surprised you didn't bump into "Data Tastes Better Seasoned" in your googling for example).
I understand what you mean. I'm using a "filesystem-database necktie" value in my current application, which is basically a pepper. It does not just apply to passwords, but to sessions, file uploads, etc.
Mordred wrote:Btw, I recall you mentioning that you want to write a book, do you have any plans about it?
Yes. The plans are gone now, and the actual writing has started. :) 190 pages written so far. It's about web application security. Btw, it does have a section "references" in the end.

Hmm. Would you be interested in proofreading it in terms of security? I already got an English proofreader plus one security expert.
Post Reply