<div>Heh... this is OT... but more importantly, what other websites do you use your password on. There exists programs that will try username/password combinations on the top 500 financial institutions (banks/brokers/etc...).</div>
<div> </div>
<div>Assuming your password is of some strength, I doubt having the salt in the config file instead of the database is worth the hassle. The main idea of the salt is to fubar precomputed hash attacks.<br><br></div>
<div class="gmail_quote">On Tue, Mar 11, 2008 at 10:49 PM, Jon Daley <<a href="mailto:plogworld@jon.limedaley.com">plogworld@jon.limedaley.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"> Perhaps the salt should be stored in the config file instead of<br>the database to prevent it being grabbed trivially along with the stored<br>
passwords?<br> I wonder how much the time-to-crack really matters in this app -<br>how many of you have *ever* changed your login to your blog?<br>
<div>
<div></div>
<div class="Wj3C7c"><br>On Tue, 11 Mar 2008, Matt Wood wrote:<br>>> From a cryptographic standpoint, since sha256 has a larger byte output,<br>> there are situations where the md5 calculation will actually reduce the<br>
> number of bytes of "randomness" (entropy). And since we're talking about a<br>> WebApp here... not a high speed wireless encryption scheme, why not just use<br>> sha256 all the way through? Same for the salt, if it contains a sufficient<br>
> amount of entropy.<br>><br>> And to clairify what I said about the salt before... simply adding a salt<br>> will defeat rainbow attacks as Reto has already said, the added complexity<br>> of using a "hash function", of any kind, on the salt, does not significantly<br>
> impact a dedicated attacker. Because in the situation of a database<br>> compromise the salt (which is assumably stored in the database, per user,<br>> and of sufficient entropy) has already been revealed, and the hash of it<br>
> simply needs to be calculated once for the brute force attack on the<br>> password.<br>><br>> Either way, the salt is a good addition. I'm pleased you guys are so<br>> proactive about security.<br>><br>
> However, if you are wishing to increase the security (time to brute<br>> force) of the password/salt entry it may be worthwhile to follow the<br>> following algorithm instead.<br>><br>> sha2($salt + sha2($password + $salt))<br>
><br>> you can repeat that ad-naseum increasing the complexity of the brute force<br>> by forcing the attacker to follow the chained hash algorithm in their brute<br>> forcing attempts. You can even add multiple salts... Just don't store the<br>
> final hash in the HTTP cookie like some of these other blogging platforms...<br>> On Tue, Mar 11, 2008 at 12:04 AM, Mark Wu <<a href="mailto:markplace@gmail.com">markplace@gmail.com</a>> wrote:<br>><br>>> That's why I use (MD5($password)+MD5($salt)) to keep it easy to upgrade.<br>
>><br>>> And use sha256() to enhence the security level.<br>>><br>>> Mark<br>>><br>>> ------------------------------<br>>> *From:* <a href="mailto:plog-svn-bounces@devel.lifetype.net">plog-svn-bounces@devel.lifetype.net</a> [mailto:<br>
>> <a href="mailto:plog-svn-bounces@devel.lifetype.net">plog-svn-bounces@devel.lifetype.net</a>] *On Behalf Of *Matt Wood<br>>> *Sent:* Tuesday, March 11, 2008 3:23 AM<br>>><br>>> *To:* LifeType Developer List<br>
>> *Subject:* Re: [pLog-svn] Salted MD5<br>>><br>>> The only reason you would salt passwords in a database means your<br>>> concerned that the password db table has been compromised... if you fear<br>
>> that has happened then the salt that your storing in the database is<br>>> available to the attacker. Thus adding md5 or sha1 or sha256 of that salt to<br>>> the password is no more secure than just appending the salt in plaintext.<br>
>> The same number of computations will be required to "crack" the password<br>>> hash.<br>>><br>>> -Matt<br>>><br>>> PS. md5/sha1 are not cryptographically secure hash algorithms anymore<br>
>> (however probably are ok for this situation). any sha2 algorithm (sha256,<br>>> sha512) is suposedly.<br>>><br>>> On Mon, Mar 10, 2008 at 11:32 AM, Mark Wu <<a href="mailto:markplace@gmail.com">markplace@gmail.com</a>> wrote:<br>
>><br>>>>><br>>>>> How much more secure is than simply:<br>>>>><br>>>>> md5($password . $private_key)<br>>>><br>>>> Actually, it's no difference for normal people, but much secure for<br>
>>> those<br>>>> hackers...<br>>>><br>>>> BTW, VBB and IPB use:<br>>>><br>>>> md5(md5($password).md5($private_key))<br>>>><br>>>>><br>>>>> And are there any downsides of the new method - ie. will it<br>
>>>> fail on upgrades, or fail for certain servers, etc?<br>>>>><br>>>><br>>>> mmm .... for lifetype 2.0 . The minimal requirement is php 5.1.x ...<br>>>><br>>>> so, It won't be a problem.<br>
>>><br>>>> mhash become "hash" in pecl in php5, if there is no hash installed, it<br>>>> will<br>>>> use the pure php implementation...<br>>>><br>>>>><br>
>>>> On Mon, 10 Mar 2008, Mark Wu wrote:<br>>>>><br>>>>>> Here comes more secure algorithm:<br>>>>>><br>>>>>> sha256(md5($password)+md5($your_provide_private_key));<br>
>>>>><br>>>>>> I use sha256 here.<br>>>>>><br>>>>>> Here also comes the pure php sha256 implementation:<br>>>>>><br>>>>>> <a href="http://nanolink.ca/pub/sha256/" target="_blank">http://nanolink.ca/pub/sha256/</a><br>
>>>>><br>>>>>> If the server has "hash" pecl, it will use it instead of<br>>>>> the pure one.<br>>>>>><br>>>>>> Mark<br>>>>>><br>
>>>>>> -----Original Message-----<br>>>>>>> From: <a href="mailto:plog-svn-bounces@devel.lifetype.net">plog-svn-bounces@devel.lifetype.net</a><br>>>>>>> [mailto:<a href="mailto:plog-svn-bounces@devel.lifetype.net">plog-svn-bounces@devel.lifetype.net</a>] On Behalf Of Reto Hugi<br>
>>>>>> Sent: Monday, March 10, 2008 7:25 PM<br>>>>>>> To: LifeType Developer List<br>>>>>>> Subject: Re: [pLog-svn] Salted MD5<br>>>>>>><br>>>>>>> Hi Mark<br>
>>>>>><br>>>>>>> I welcome your suggestion and think that this is valuable<br>>>>>>> protection against rainbow table attacks.<br>>>>>>><br>>>>>>> We already had an issue with the revealed admin password<br>
>>>>>> hash. This would have been less severe with the saltet md5.<br>>>>>>><br>>>>>>> Thanks for suggesting!<br>>>>>>><br>>>>>>> reto<br>
>>>>>><br>>>>>>> Mark Wu wrote:<br>>>>>>>> Hi All:<br>>>>>>>><br>>>>>>>> I plan to upgrade our password algorithm to salted MD5, take the<br>
>>>>>>> following for eaxample:<br>>>>>>>><br>>>>>>>> sha1(md5($password) + user_defined_private_key);<br>>>>>>>><br>>>>>>>> I will also remain an option in lifetype admin panel for<br>
>>>>>> user to use<br>>>>>>>> the old MD5 way to keep compatability.<br>>>>>>>><br>>>>>>>> If we use the algorithm above, It is also possible to<br>
>>>>>> convert the old<br>>>>>>>> hashed password to new hased password.<br>>>>>>>><br>>>>>>>> How do you think?<br>>>>>>>><br>
>>>>>>><br>>>>>>><br>>>>> <a href="http://kuza55.blogspot.com/2006/10/online-reverse-lookup-tables-for.ht" target="_blank">http://kuza55.blogspot.com/2006/10/online-reverse-lookup-tables-for.ht</a><br>
>>>>>>> ml<br>>>>>>>><br>>>>>>>> These kind of online reverse lookup table sites making<br>>>>> the MD5 only<br>>>>>>>> algorithm more dangerous.<br>
>>>>>>><br>>>>>>>> Mark<br>>>>>>>><br>>>>>>>><br>>>>>>>><br>>>>>>>><br>>>>>>>><br>
>>>>>><br>>>>> ----------------------------------------------------------------------<br>>>>>>>> --<br>>>>>>>><br>>>>>>>> _______________________________________________<br>
>>>>>>> pLog-svn mailing list<br>>>>>>>> <a href="mailto:pLog-svn@devel.lifetype.net">pLog-svn@devel.lifetype.net</a><br>>>>>>>> <a href="http://limedaley.com/mailman/listinfo/plog-svn" target="_blank">http://limedaley.com/mailman/listinfo/plog-svn</a><br>
>>>>>><br>>>>>>> _______________________________________________<br>>>>>>> pLog-svn mailing list<br>>>>>>> <a href="mailto:pLog-svn@devel.lifetype.net">pLog-svn@devel.lifetype.net</a><br>
>>>>>> <a href="http://limedaley.com/mailman/listinfo/plog-svn" target="_blank">http://limedaley.com/mailman/listinfo/plog-svn</a><br>>>>>><br>>>>>> _______________________________________________<br>
>>>>> pLog-svn mailing list<br>>>>>> <a href="mailto:pLog-svn@devel.lifetype.net">pLog-svn@devel.lifetype.net</a><br>>>>>> <a href="http://limedaley.com/mailman/listinfo/plog-svn" target="_blank">http://limedaley.com/mailman/listinfo/plog-svn</a><br>
>>>>><br>>>>><br>>>>> --<br>>>>> Jon Daley<br>>>>> <a href="http://jon.limedaley.com/" target="_blank">http://jon.limedaley.com/</a><br>>>>><br>>>>> We are all made different, but we are all sinners.<br>
>>>> -- Jim Herron<br>>>>> _______________________________________________<br>>>>> pLog-svn mailing list<br>>>>> <a href="mailto:pLog-svn@devel.lifetype.net">pLog-svn@devel.lifetype.net</a><br>
>>>> <a href="http://limedaley.com/mailman/listinfo/plog-svn" target="_blank">http://limedaley.com/mailman/listinfo/plog-svn</a><br>>>><br>>>> _______________________________________________<br>
>>> pLog-svn mailing list<br>>>> <a href="mailto:pLog-svn@devel.lifetype.net">pLog-svn@devel.lifetype.net</a><br>>>> <a href="http://limedaley.com/mailman/listinfo/plog-svn" target="_blank">http://limedaley.com/mailman/listinfo/plog-svn</a><br>
>>><br>>><br>>><br>>> _______________________________________________<br>>> pLog-svn mailing list<br>>> <a href="mailto:pLog-svn@devel.lifetype.net">pLog-svn@devel.lifetype.net</a><br>
>> <a href="http://limedaley.com/mailman/listinfo/plog-svn" target="_blank">http://limedaley.com/mailman/listinfo/plog-svn</a><br>>><br>><br><br></div></div>--<br>
<div class="Ih2E3d">Jon Daley<br><a href="http://jon.limedaley.com/" target="_blank">http://jon.limedaley.com/</a><br><br></div>Our software is not 'released'.<br>It *escapes*, leaving a trail of mangled QA engineers in its path.<br>
<div>
<div></div>
<div class="Wj3C7c">_______________________________________________<br>pLog-svn mailing list<br><a href="mailto:pLog-svn@devel.lifetype.net">pLog-svn@devel.lifetype.net</a><br><a href="http://limedaley.com/mailman/listinfo/plog-svn" target="_blank">http://limedaley.com/mailman/listinfo/plog-svn</a><br>
</div></div></blockquote></div><br>