Re: SHA Question

Ichinin wrote:
> First; hashing a password with a hash do not give much more security at
> all, it's just a linerar transformation that takes soso-many
> miliseconds to perform.
>
> And yes, you should use the output of the hash algorithm as an
> encryption key, but using those bits alone wont slow down attackers.

What about a salt? Should they use that and why?

> (Note: Remember that Sha-1 generate 160 bit hashes and if you are going
> to use AES-256 then you need 96 more bits, if AES-128, strip off 32
> bits. A better choise would be SHA-256.)
>
> What you want to do when you slow down bruteforce attacks is to
> increase the time required to compute the hashes and make it hard(-er)
> to make a dictionary database, i've seen some people do:
>
> For (n = 0; n < 1000; n++)
> password = sha1(password);

PKCS #5 addresses this in a more flexible manner.

> That slow down bruteforce attacks by a factor of 1000. Since SHA-1 is
> quite fast (and computers are getting faster), you can expand this up
> to say 65535 without the user detecting any significant "speed bump",
> that adds 2¨16 combinations to each password per password.
> Unfortunately - this alone wont slow down dictionary attacks, since
> precalculating a dictionary is still possible (it just takes longer,
> but distributed computing solves alot of problems fast)
>
> To harden it even further, you can do more things ;
>
> 1. Make the password affect how many times the hash function loops
> itself

Weak passwords?

> 2. Add some salt: feed soso-many random (but STATIC) bytes into the
> hash function.

They're not salt bytes if they're static. That actually doesn't make
it any harder for the attacker.

> One thing you should think of is when you're done encrypting, clear out
> the memory variables, alot of people forget to do that..

You really ought to brush up on password management and use properties.

1. Always salt your passwords. Use per session salts if possible
[e.g. file tool or online tool]

2. If you're going to use a length increasing or time increasing
function use PKCS #5. It allows you to emit more than the hash output
size bytes [e.g. to derive a cipher key, IV and MAC key for instance]
and also lengthen the time to compute.

3. Don't make the the time to compute a function of the password.
That just leaks bits of the private information. It should be
invariant as much as possible.

Tom

.

Relevant Pages

  • Re: Values to use for a salt?
    ... > there are definitely situations where salt is not secret. ... > randomness and uniqueness of a password's hash. ... only increases the randomness of a password. ... and your hash function sucks. ...
    (SecProg)
  • Re: How good an encryption algorithm is this?
    ... Just one question - presumably the "salt" always has to be the same? ... >> corresponding hash)! ... these sorts of attacks are trivial and you can break ... you need to perform this iteration only once. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: How good an encryption algorithm is this?
    ... Just one question - presumably the "salt" always has to be the same? ... >> corresponding hash)! ... these sorts of attacks are trivial and you can break ... you need to perform this iteration only once. ...
    (microsoft.public.vc.language)
  • Re: keys and counters
    ... how many times can the counter be incremented before there is a collision in the hash, that is what i am asking. ... A hash function operated in such a counter mode as you suggest does not have this property - if I can guess or discover the input to the first block then I will know all the other blocks. ... You might think that some attacks are unreasonable/infeasible but do you really know what is possible to the world's largest employer of mathematicians, who have had for many years the world's largest computer budget and unlimited access to 60 plus years of classified research or what is possible for any of the other multi-billion dollar "smaller" big brothers?. ...
    (sci.crypt)
  • Re: Hashed password secure?
    ... ]> would be comparing hash values of keyand this hash value would be ... ]What if I were to salt the password with N bits and *NOT* store the ... ]can store 65,536 numbers in 16 bits). ... ]attacks, the PC would check all 65,536 Salts anyway. ...
    (sci.crypt)
Loading