[pLog-svn] Salted MD5

Jon Daley plogworld at jon.limedaley.com
Tue Mar 11 22:49:23 EDT 2008 

 	Perhaps the salt should be stored in the config file instead of 
the database to prevent it being grabbed trivially along with the stored 
passwords?
 	I wonder how much the time-to-crack really matters in this app - 
how many of you have *ever* changed your login to your blog?

On Tue, 11 Mar 2008, Matt Wood wrote:
>> From a cryptographic standpoint, since sha256 has a larger byte output,
> there are situations where the md5 calculation will actually reduce the
> number of bytes of "randomness" (entropy). And since we're talking about a
> WebApp here... not a high speed wireless encryption scheme, why not just use
> sha256 all the way through? Same for the salt, if it contains a sufficient
> amount of entropy.
>
> And to clairify what I said about the salt before... simply adding a salt
> will defeat rainbow attacks as Reto has already said, the added complexity
> of using a "hash function", of any kind, on the salt, does not significantly
> impact a dedicated attacker. Because in the situation of a database
> compromise the salt (which is assumably stored in the database, per user,
> and of sufficient entropy) has already been revealed, and the hash of it
> simply needs to be calculated once for the brute force attack on the
> password.
>
> Either way, the salt is a good addition. I'm pleased you guys are so
> proactive about security.
>
> However, if you are wishing to increase the security (time to brute
> force) of the password/salt entry it may be worthwhile to follow the
> following algorithm instead.
>
> sha2($salt + sha2($password + $salt))
>
> you can repeat that ad-naseum increasing the complexity of the brute force
> by forcing the attacker to follow the chained hash algorithm in their brute
> forcing attempts. You can even add multiple salts... Just don't store the
> final hash in the HTTP cookie like some of these other blogging platforms...
> On Tue, Mar 11, 2008 at 12:04 AM, Mark Wu <markplace at gmail.com> wrote:
>
>>  That's why I use (MD5($password)+MD5($salt)) to keep it easy to upgrade.
>>
>> And use sha256() to enhence the security level.
>>
>> Mark
>>
>>  ------------------------------
>> *From:* plog-svn-bounces at devel.lifetype.net [mailto:
>> plog-svn-bounces at devel.lifetype.net] *On Behalf Of *Matt Wood
>> *Sent:* Tuesday, March 11, 2008 3:23 AM
>>
>> *To:* LifeType Developer List
>> *Subject:* Re: [pLog-svn] Salted MD5
>>
>>   The only reason you would salt passwords in a database means your
>> concerned that the password db table has been compromised... if you fear
>> that has happened then the salt that your storing in the database is
>> available to the attacker. Thus adding md5 or sha1 or sha256 of that salt to
>> the password is no more secure than just appending the salt in plaintext.
>> The same number of computations will be required to "crack" the password
>> hash.
>>
>> -Matt
>>
>> PS. md5/sha1 are not cryptographically secure hash algorithms anymore
>> (however probably are ok for this situation). any sha2 algorithm (sha256,
>> sha512) is suposedly.
>>
>> On Mon, Mar 10, 2008 at 11:32 AM, Mark Wu <markplace at gmail.com> wrote:
>>
>>>>
>>>>       How much more secure is than simply:
>>>>
>>>> md5($password . $private_key)
>>>
>>> Actually, it's no difference for normal people, but much secure for
>>> those
>>> hackers...
>>>
>>> BTW, VBB and IPB use:
>>>
>>> md5(md5($password).md5($private_key))
>>>
>>>>
>>>> And are there any downsides of the new method - ie. will it
>>>> fail on upgrades, or fail for certain servers, etc?
>>>>
>>>
>>> mmm .... for lifetype 2.0 . The minimal requirement is php 5.1.x ...
>>>
>>> so, It won't be a problem.
>>>
>>> mhash become "hash" in pecl in php5, if there is no hash installed, it
>>> will
>>> use the pure php  implementation...
>>>
>>>>
>>>> On Mon, 10 Mar 2008, Mark Wu wrote:
>>>>
>>>>> Here comes more secure algorithm:
>>>>>
>>>>> sha256(md5($password)+md5($your_provide_private_key));
>>>>>
>>>>> I use sha256 here.
>>>>>
>>>>> Here also comes the pure php sha256 implementation:
>>>>>
>>>>> http://nanolink.ca/pub/sha256/
>>>>>
>>>>> If the server has "hash" pecl, it will use it instead of
>>>> the pure one.
>>>>>
>>>>> Mark
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: plog-svn-bounces at devel.lifetype.net
>>>>>> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Reto Hugi
>>>>>> Sent: Monday, March 10, 2008 7:25 PM
>>>>>> To: LifeType Developer List
>>>>>> Subject: Re: [pLog-svn] Salted MD5
>>>>>>
>>>>>> Hi Mark
>>>>>>
>>>>>> I welcome your suggestion and think that this is valuable
>>>>>> protection against rainbow table attacks.
>>>>>>
>>>>>> We already had an issue with the revealed admin password
>>>>>> hash. This would have been less severe with the saltet md5.
>>>>>>
>>>>>> Thanks for suggesting!
>>>>>>
>>>>>> reto
>>>>>>
>>>>>> Mark Wu wrote:
>>>>>>> Hi All:
>>>>>>>
>>>>>>> I plan to upgrade our password algorithm to salted MD5, take the
>>>>>>> following for eaxample:
>>>>>>>
>>>>>>> sha1(md5($password) + user_defined_private_key);
>>>>>>>
>>>>>>> I will also remain an option in lifetype admin panel for
>>>>>> user to use
>>>>>>> the old MD5 way to keep compatability.
>>>>>>>
>>>>>>> If we use the algorithm above, It is also possible to
>>>>>> convert the old
>>>>>>> hashed password to new hased password.
>>>>>>>
>>>>>>> How do you think?
>>>>>>>
>>>>>>>
>>>>>>
>>>> http://kuza55.blogspot.com/2006/10/online-reverse-lookup-tables-for.ht
>>>>>>> ml
>>>>>>>
>>>>>>> These kind of online reverse lookup table sites making
>>>> the MD5 only
>>>>>>> algorithm more dangerous.
>>>>>>>
>>>>>>> Mark
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>> ----------------------------------------------------------------------
>>>>>>> --
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> pLog-svn mailing list
>>>>>>> pLog-svn at devel.lifetype.net
>>>>>>> http://limedaley.com/mailman/listinfo/plog-svn
>>>>>>
>>>>>> _______________________________________________
>>>>>> pLog-svn mailing list
>>>>>> pLog-svn at devel.lifetype.net
>>>>>> http://limedaley.com/mailman/listinfo/plog-svn
>>>>>
>>>>> _______________________________________________
>>>>> pLog-svn mailing list
>>>>> pLog-svn at devel.lifetype.net
>>>>> http://limedaley.com/mailman/listinfo/plog-svn
>>>>>
>>>>
>>>> --
>>>> Jon Daley
>>>> http://jon.limedaley.com/
>>>>
>>>> We are all made different, but we are all sinners.
>>>> -- Jim Herron
>>>> _______________________________________________
>>>> pLog-svn mailing list
>>>> pLog-svn at devel.lifetype.net
>>>> http://limedaley.com/mailman/listinfo/plog-svn
>>>
>>> _______________________________________________
>>> pLog-svn mailing list
>>> pLog-svn at devel.lifetype.net
>>> http://limedaley.com/mailman/listinfo/plog-svn
>>>
>>
>>
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.lifetype.net
>> http://limedaley.com/mailman/listinfo/plog-svn
>>
>

-- 
Jon Daley
http://jon.limedaley.com/

Our software is not 'released'.
It *escapes*, leaving a trail of mangled QA engineers in its path.

More information about the pLog-svn mailing list