[pLog-svn] Salted MD5

Matt Wood matt at woodzy.com
Wed Mar 12 09:04:54 EDT 2008


Heh... this is OT... but more importantly, what other websites do you use
your password on. There exists programs that will try username/password
combinations on the top 500 financial institutions (banks/brokers/etc...).

Assuming your password is of some strength, I doubt having the salt in the
config file instead of the database is worth the hassle. The main idea of
the salt is to fubar precomputed hash attacks.

On Tue, Mar 11, 2008 at 10:49 PM, Jon Daley <plogworld at jon.limedaley.com>
wrote:

>        Perhaps the salt should be stored in the config file instead of
> the database to prevent it being grabbed trivially along with the stored
> passwords?
>        I wonder how much the time-to-crack really matters in this app -
> how many of you have *ever* changed your login to your blog?
>
> On Tue, 11 Mar 2008, Matt Wood wrote:
> >> From a cryptographic standpoint, since sha256 has a larger byte output,
> > there are situations where the md5 calculation will actually reduce the
> > number of bytes of "randomness" (entropy). And since we're talking about
> a
> > WebApp here... not a high speed wireless encryption scheme, why not just
> use
> > sha256 all the way through? Same for the salt, if it contains a
> sufficient
> > amount of entropy.
> >
> > And to clairify what I said about the salt before... simply adding a
> salt
> > will defeat rainbow attacks as Reto has already said, the added
> complexity
> > of using a "hash function", of any kind, on the salt, does not
> significantly
> > impact a dedicated attacker. Because in the situation of a database
> > compromise the salt (which is assumably stored in the database, per
> user,
> > and of sufficient entropy) has already been revealed, and the hash of it
> > simply needs to be calculated once for the brute force attack on the
> > password.
> >
> > Either way, the salt is a good addition. I'm pleased you guys are so
> > proactive about security.
> >
> > However, if you are wishing to increase the security (time to brute
> > force) of the password/salt entry it may be worthwhile to follow the
> > following algorithm instead.
> >
> > sha2($salt + sha2($password + $salt))
> >
> > you can repeat that ad-naseum increasing the complexity of the brute
> force
> > by forcing the attacker to follow the chained hash algorithm in their
> brute
> > forcing attempts. You can even add multiple salts... Just don't store
> the
> > final hash in the HTTP cookie like some of these other blogging
> platforms...
> > On Tue, Mar 11, 2008 at 12:04 AM, Mark Wu <markplace at gmail.com> wrote:
> >
> >>  That's why I use (MD5($password)+MD5($salt)) to keep it easy to
> upgrade.
> >>
> >> And use sha256() to enhence the security level.
> >>
> >> Mark
> >>
> >>  ------------------------------
> >> *From:* plog-svn-bounces at devel.lifetype.net [mailto:
> >> plog-svn-bounces at devel.lifetype.net] *On Behalf Of *Matt Wood
> >> *Sent:* Tuesday, March 11, 2008 3:23 AM
> >>
> >> *To:* LifeType Developer List
> >> *Subject:* Re: [pLog-svn] Salted MD5
> >>
> >>   The only reason you would salt passwords in a database means your
> >> concerned that the password db table has been compromised... if you
> fear
> >> that has happened then the salt that your storing in the database is
> >> available to the attacker. Thus adding md5 or sha1 or sha256 of that
> salt to
> >> the password is no more secure than just appending the salt in
> plaintext.
> >> The same number of computations will be required to "crack" the
> password
> >> hash.
> >>
> >> -Matt
> >>
> >> PS. md5/sha1 are not cryptographically secure hash algorithms anymore
> >> (however probably are ok for this situation). any sha2 algorithm
> (sha256,
> >> sha512) is suposedly.
> >>
> >> On Mon, Mar 10, 2008 at 11:32 AM, Mark Wu <markplace at gmail.com> wrote:
> >>
> >>>>
> >>>>       How much more secure is than simply:
> >>>>
> >>>> md5($password . $private_key)
> >>>
> >>> Actually, it's no difference for normal people, but much secure for
> >>> those
> >>> hackers...
> >>>
> >>> BTW, VBB and IPB use:
> >>>
> >>> md5(md5($password).md5($private_key))
> >>>
> >>>>
> >>>> And are there any downsides of the new method - ie. will it
> >>>> fail on upgrades, or fail for certain servers, etc?
> >>>>
> >>>
> >>> mmm .... for lifetype 2.0 . The minimal requirement is php 5.1.x ...
> >>>
> >>> so, It won't be a problem.
> >>>
> >>> mhash become "hash" in pecl in php5, if there is no hash installed, it
> >>> will
> >>> use the pure php  implementation...
> >>>
> >>>>
> >>>> On Mon, 10 Mar 2008, Mark Wu wrote:
> >>>>
> >>>>> Here comes more secure algorithm:
> >>>>>
> >>>>> sha256(md5($password)+md5($your_provide_private_key));
> >>>>>
> >>>>> I use sha256 here.
> >>>>>
> >>>>> Here also comes the pure php sha256 implementation:
> >>>>>
> >>>>> http://nanolink.ca/pub/sha256/
> >>>>>
> >>>>> If the server has "hash" pecl, it will use it instead of
> >>>> the pure one.
> >>>>>
> >>>>> Mark
> >>>>>
> >>>>>> -----Original Message-----
> >>>>>> From: plog-svn-bounces at devel.lifetype.net
> >>>>>> [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of Reto Hugi
> >>>>>> Sent: Monday, March 10, 2008 7:25 PM
> >>>>>> To: LifeType Developer List
> >>>>>> Subject: Re: [pLog-svn] Salted MD5
> >>>>>>
> >>>>>> Hi Mark
> >>>>>>
> >>>>>> I welcome your suggestion and think that this is valuable
> >>>>>> protection against rainbow table attacks.
> >>>>>>
> >>>>>> We already had an issue with the revealed admin password
> >>>>>> hash. This would have been less severe with the saltet md5.
> >>>>>>
> >>>>>> Thanks for suggesting!
> >>>>>>
> >>>>>> reto
> >>>>>>
> >>>>>> Mark Wu wrote:
> >>>>>>> Hi All:
> >>>>>>>
> >>>>>>> I plan to upgrade our password algorithm to salted MD5, take the
> >>>>>>> following for eaxample:
> >>>>>>>
> >>>>>>> sha1(md5($password) + user_defined_private_key);
> >>>>>>>
> >>>>>>> I will also remain an option in lifetype admin panel for
> >>>>>> user to use
> >>>>>>> the old MD5 way to keep compatability.
> >>>>>>>
> >>>>>>> If we use the algorithm above, It is also possible to
> >>>>>> convert the old
> >>>>>>> hashed password to new hased password.
> >>>>>>>
> >>>>>>> How do you think?
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>
> http://kuza55.blogspot.com/2006/10/online-reverse-lookup-tables-for.ht
> >>>>>>> ml
> >>>>>>>
> >>>>>>> These kind of online reverse lookup table sites making
> >>>> the MD5 only
> >>>>>>> algorithm more dangerous.
> >>>>>>>
> >>>>>>> Mark
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>
> ----------------------------------------------------------------------
> >>>>>>> --
> >>>>>>>
> >>>>>>> _______________________________________________
> >>>>>>> pLog-svn mailing list
> >>>>>>> pLog-svn at devel.lifetype.net
> >>>>>>> http://limedaley.com/mailman/listinfo/plog-svn
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> pLog-svn mailing list
> >>>>>> pLog-svn at devel.lifetype.net
> >>>>>> http://limedaley.com/mailman/listinfo/plog-svn
> >>>>>
> >>>>> _______________________________________________
> >>>>> pLog-svn mailing list
> >>>>> pLog-svn at devel.lifetype.net
> >>>>> http://limedaley.com/mailman/listinfo/plog-svn
> >>>>>
> >>>>
> >>>> --
> >>>> Jon Daley
> >>>> http://jon.limedaley.com/
> >>>>
> >>>> We are all made different, but we are all sinners.
> >>>> -- Jim Herron
> >>>> _______________________________________________
> >>>> pLog-svn mailing list
> >>>> pLog-svn at devel.lifetype.net
> >>>> http://limedaley.com/mailman/listinfo/plog-svn
> >>>
> >>> _______________________________________________
> >>> pLog-svn mailing list
> >>> pLog-svn at devel.lifetype.net
> >>> http://limedaley.com/mailman/listinfo/plog-svn
> >>>
> >>
> >>
> >> _______________________________________________
> >> pLog-svn mailing list
> >> pLog-svn at devel.lifetype.net
> >> http://limedaley.com/mailman/listinfo/plog-svn
> >>
> >
>
> --
> Jon Daley
> http://jon.limedaley.com/
>
> Our software is not 'released'.
> It *escapes*, leaving a trail of mangled QA engineers in its path.
>  _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://limedaley.com/pipermail/plog-svn/attachments/20080312/a08ea894/attachment-0001.htm 


More information about the pLog-svn mailing list