Re: Hashed password secure?

From: Michael Amling (nospam_at_nospam.com)
Date: 06/29/04 

Date: Tue, 29 Jun 2004 03:31:25 GMT

Matthijs Hebly wrote:
> Jarma wrote:
>
>> Is keeping password hashed by e.g. MD5 or SHA secure? I mean verification
>> would be comparing hash values of key(password) and this hash value
>> would be
>> easy to obtain (= known). Hash functions are one direction funtions, but
>> would revealing password's hash value be secure? (I'm thinking of
>> brute-force method among others).
>
> I had an idea about this. Please comment, 'cause I couldn't find
> anything about this (maybe I didn't look hard enough):
> What if I were to salt the password with N bits and *NOT* store the
> salt? Let's say the average today PC is capable of calculating approx.
> 65,536 ($10000) hashes (i.e. SHA-1(Password+Salt)) in 1 second (let's
> just assume, it doesn't matter how much it actually is for my question).
> Let's assume we would take 16-bit Salts, based on this number ('cause we
> can store 65,536 numbers in 16 bits). Then, when the user types in
> his/her password, the PC would have to check on average 32,768 ($8000)
> hashes before concluding that the password is in fact correct, or 65,536
> to conclude that the password was incorrect. But, to avoid timing
> attacks, the PC would check all 65,536 Salts anyway. Anyway, any
> brute-force attack would take 1 second per (tried, and failed) password
> to check whether the password is correct or not.

   The same goal is attained by key stretching. Instead of performing
64K independent hashes, perform 64K chained hashes, storing only the
final result. Of course normal salting, with stored salt, can also be
used with key stretching.

--Mike Amling

Relevant Pages

  • RE: Values to use for a salt?
    ... some misunderstandings of salt, hashes, and HMACs (and maybe also plug ... hashes so that the same password doesn't always produce the same hash, ... prevent the attacker using a dictionary of pre-computed hashes. ...
    (SecProg)
  • Re: Hashed password secure?
    ... When not storing the salt and searching for it, ... So when you are using MD5 with a 16-bit hash, ... > hashes before concluding that the password is in fact correct, or 65,536 ... > second average to check whether a password is correct? ...
    (sci.crypt)
  • Re: password cracking: one char at a time.
    ... > What are salt bits? ... generating the Hash of the password. ... This is especially usefull when 2 ... With salt, the hashes are different. ...
    (Security-Basics)
  • Re: Is this secure
    ... What I do in my business layer I get the salt, then I use my custom classes ... to hash the passed in password then send the Hash to a Stored Proc to ... Both the hashed password and salt are stored in the database. ... but then i'd need the salt to create a saltedhash to ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: [7.8.2002 44916] Notice of Copyright Infringement]
    ... Appending a single bit onto the end of the file makes a different hash. ... and you no longer match the hashes. ... The only way to prove you're breaking copyright is to download at ... |"real" warezed version of whatever movie. ...
    (Vuln-Dev)