Page 1 of 2
I'm interested in salting my hashed passwords...
Posted: Sun Mar 01, 2009 9:07 pm
by Luke
I have always stored my passwords in a database as a sha1 hash. I generally haven't salted these hashes mostly because I'm lazy, but also because I don't know enough about the subject to do it properly. I do know that it's best to give each user their own unique salt, but how do you store the salt in that case? Forgive my complete lack of knowledge on the subject.
Re: I'm interested in salting my hashed passwords...
Posted: Sun Mar 01, 2009 10:45 pm
by Chris Corbyn
It's pretty easy but one serious gotcha... don't store the salt as character data in MySQL, store it as binary data since it really screws up when you switch character sets and MySQL decides to try transcoding it.
Adding the salt can be done in various ways. I'm sure some more crypto experts here will post better ways but this works:
Code: Select all
$normalHash = md5($password);
$saltedHash = md5($normalHash . $salt);
Where $salt is just a few random bytes:
Code: Select all
$salt = chr(rand(0, 255)) . char(rand(0, 255)) . chr(rand(0, 255));
Re: I'm interested in salting my hashed passwords...
Posted: Sun Mar 01, 2009 10:48 pm
by Luke
So it's ok to just store the salt in the database? It doesn't matter if the salt's value is exposed in the database? Like I said, I'm not very knowledgeable in this area

Re: I'm interested in salting my hashed passwords...
Posted: Sun Mar 01, 2009 11:00 pm
by Chris Corbyn
Luke wrote:So it's ok to just store the salt in the database? It doesn't matter if the salt's value is exposed in the database? Like I said, I'm not very knowledgeable in this area

You need to store it in the database otherwise you can't re-use it

I'm not very knowledgeable in this area neither but I know if you don't have the salt stored with the hash you ain't gonna be able to generate a valid hash again

Re: I'm interested in salting my hashed passwords...
Posted: Sun Mar 01, 2009 11:02 pm
by Luke
I understand that, I am just wondering.. if my database is compromised, and the "bad guys" have access to the salt value, doesn't that defeat the purpose? I don't get it.
Re: I'm interested in salting my hashed passwords...
Posted: Sun Mar 01, 2009 11:08 pm
by Chris Corbyn
I'm pretty sure there's no real problem having the salt available with the hash. Why you're best having one salt per-user is probably something to do removing any consistency should an attacker find a way to break the hashes... though reversing a hash is not very easily done and yields any number of possible values in any case.
I think I'm best not answering your security concerns... I don't know basically

Re: I'm interested in salting my hashed passwords...
Posted: Sun Mar 01, 2009 11:17 pm
by Luke
I have seen salts stored in the database before, so I believe you are right. You are also right about why it's best to give each record its own salt.
Re: I'm interested in salting my hashed passwords...
Posted: Sun Mar 01, 2009 11:26 pm
by Luke
I do know it's never a good idea to hash twice though because it actually reduces security if you do. So never do sha1(md5($password)) or anything like that.
Re: I'm interested in salting my hashed passwords...
Posted: Sun Mar 01, 2009 11:31 pm
by Benjamin
If you have a table full of hashed passwords with no salt, or even with the same salt, it's easy to create a rainbow table to break the passwords. Using a different salt with each stored password prevents the use of a rainbow table. The attacker would need to attack each password individually.
Re: I'm interested in salting my hashed passwords...
Posted: Mon Mar 02, 2009 6:58 am
by kaisellgren
You must assume that an imaginary attacker has your hashes including salts (a full database access). Luke, I think you might want to read this:
http://www.phptalk.net/2009/01/24/every ... and-myths/
Re: I'm interested in salting my hashed passwords...
Posted: Mon Mar 02, 2009 8:00 am
by Luke
Thanks Kai! That looks like an excellent write-up. I'm going to read it as soon as I get home from work.

Re: I'm interested in salting my hashed passwords...
Posted: Mon Mar 02, 2009 8:42 am
by papa
Re: I'm interested in salting my hashed passwords...
Posted: Mon Mar 02, 2009 11:42 am
by Eran
Nice article.
I didn't understand this part though:
The sufficient length of a salt is length(hash)/8 bytes
Hash length is measured in bits and a byte is 8 bits. If you divide by 8 and then multiply by 8 you end up with the same number... what am I missing?
Re: I'm interested in salting my hashed passwords...
Posted: Mon Mar 02, 2009 12:44 pm
by josh
Insert characters from the salt at random predetermined points in the hash value, if they don't have the code they'll give up trying to figure out what the hell is going on
Re: I'm interested in salting my hashed passwords...
Posted: Mon Mar 02, 2009 1:11 pm
by kaisellgren
pytrin wrote:The sufficient length of a salt is length(hash)/8 bytes
Hash length is measured in bits and a byte is 8 bits. If you divide by 8 and then multiply by 8 you end up with the same number... what am I missing?
Maybe I could have written it better.
Theoretically, when trying to create a sufficiently enough long salt, which is enough long for hashes in general, we need to feed up the hash with the amount of bits it needs. We divide it by 8 to get the figure in bytes, so maybe this text instead makes more sense: "The sufficient length of a salt is x bytes, where x = length(hash)/8". This, of course, is not an exact number that is perfect for every hash, but a good simple rule to play around with.