John Krasnay wrote:
I see from your later posts that your requirements are not that strict, but if anyone else on the list needs to do password hashing, here's one of the best articles I've seen on it:http://www.matasano.com/log/958/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/ jk
This article is a total rant with lots of stupid inaccurate information. For example:
1. take a “dictionary” —- say, of all combinations of alphanumerics less than 15 characters
2. hash all of them 3. burn the results onto a DVD.The keyspace is size is 62^15-1 = 768909704948766668552634367. That means if you can save a hash in 1 byte you still need about 143220593211942663 DVD's.
Next he goes on to state: "Speed is exactly what you don’t want in a password hash function.""You don’t care if password tests take twice as long, or even ten times as long, because password hashes aren’t in the 80/20 hot spot."
"Now the attacker. This is easy. The attacker cares a lot if password tests take twice as long. If one password test takes twice as long, the total password cracking time takes twice as long."
But if you add 2 characters to your salt you increase your search space by a factor 3844. And that's just 2 characters; this technique is scalable. Add 10 characters to your salt and you increase the time it takes to crack (brute force) by a factor of 839299365868340224. Obviously you can't make a hash function 839299365868340224 times slower because it won't be able to check your password when you log in.
Finally he goes on to assume stupid stuff like this:"So when you inevitably lose your SQL password table, you haven’t exposed all the passwords; just the crappy ones."
Again you've got more to worry about when you lose your SQL database. It's all about risk management. You can change your password hashing from salt + MD5 to a high grade industrial strength solution. But it's wasted effort: because MD5 + a long salt is not even close to the weakest link in your system, and your total security is only as good as your weakest link. And with passwords, the weakest link is always the user; you'll have 1/2 of your password database cracked anyway by a simple dictionary attack if you lose the database. And the users will blame YOU for losing it, so don't.
Regards, Sebastiaan
smime.p7s
Description: S/MIME Cryptographic Signature
