On Tuesday, 21 January 2014 at 09:58:34 UTC, Uranuz wrote:
I don't feel myself confident about crypto and security questions, but I need to make password hashing and generating of session Id. And make it difficult to pick up password with bruto force or dictional with single "usual" computer.
The article linked by John Colvin is comprehensive enough to give you understanding of the problem, if outlines all mistakes in password hashing schemes and how to solve them properly. The dictionary attack is the most dangerous, as indicated by the article, slow hash like bcrypt can be of some help, it may win you a little time, but that time can be enough for the administrator to lock the system. Slow hash makes brute force slower, because it has to compute hash a lot. So for password hashing there's no reason to choose md5, because it's the fastest :) There's no reason to implement bcrypt on your own (like repetitive hashing), because it should be well optimized in order to not let the attacker to compute the hash faster by a more optimal implementation. Keyed hash is a very strong protection if you keep the key secret. The task of protecting the key is more administrative than cryptographic. If the attacker can't retrieve the key, he can only brute force the password remotely on your system, but since he will use your code, you have the chance to detect the attack. What to do once you detected it is up to you. Another possibility to consider is two-factor authentication for the case when the password is indeed stolen.
About md5 I have read that it's already cracked. It's vulnerable to length extension attack.
The length extension attack is used against digital signatures, it's useless against password hashing (that's why it's not considered in the article). The attack is prevented by prepending salt instead of appending.
