Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Comprehensive information about hash salts

Tags:

security

database

random

hash

salt

There are a lot of questions about salts and best practices, however most of them simply answer very specific questions about them. I have several questions which feed into one another.

Assuming a database is compromised a per user salt prevents the use of generic rainbow tables to crack passwords. A separate rainbow table would have to be generated for each and every user who had a unique salt in order to obtain their password. This would be a time consuming process which is what makes salts effective. This does not help a tremendous amount against dictionary or brute force attacks.

This leads to a number of questions:

  1. Although a salt is not meant to be security through obscurity wouldn't it still be more secure to place salts in a separate table? That way even if the 'users' table was to become compromised the salts would not.
  2. Would having a 2nd hard-coded application wide salt add a tremendous amount of security? This way even if the database is compromised, the actual application would also have to be compromised or both the salts and hashes would be completely useless.
  3. What is the best length for a salt? Obviously the longer the better, however with larger numbers of users database size does become an issue, so what would be the minimum length for an effective salt be?
  4. Is using a 3rd party source for a "true random salt" (random.org, random.irb.hr) really needed? I understand using a salt based off of server time is "guessable" to some extent however taking a random sub-string of a sha1'd random string seems like an effective salt method.

Thank you in advance.

like image 869
tplaner Avatar asked Nov 16 '09 21:11

tplaner

People also ask

What is the purpose of a salt hash?

Password hash salting is when random data – a salt – is used as an additional input to a hash function that hashes a password. The goal of salting is to defend against dictionary attacks or attacks against hashed passwords using a rainbow table.

What are salted hash example?

What is a Salt? A salt is a random character string that is added to the beginning or the end of a password. This salt is unique to each user, and is stored in the database along with the username and salted-hashed password. An example username-password database using the SHA256 hashing function with a salt.

Why is it more secure to salt hashes?

Using ten different salts increases the security of hashed passwords by increasing the computational power required to generate lookup tables by a factor of ten. If the salt is stored separately from a password, it also makes it challenging for an attacker to reverse engineer a password.

How long is a hash salt?

The shadow password system is used to limit access to hashes and salt. The salt is eight characters, the hash is 86 characters, and the password length is unlimited.

1 Answers

  1. If a hacker has access to your database system, you're fsckd. Your system has to have access to both tables to run, so the likelihood of "hiding" one from a hacker who's already compromised the system is nearly zero. Not remotely worth the extra complexity, in my opinion.

  2. Having a "nonce" added (in addition) to a salt for each password is not a great help, but doesn't really hurt anything either.

  3. Even 16 bits of salt is typically enough to make password cracking infeasible, if done correctly. I would probably use 64 or 128 bits, why not?

  4. You should use a "good" source of randomness, but it doesn't need to be perfect. If the random values are somehow visible to an attacker, then they may be able to find a way to predict the next random value, but they would have to do this when the password is created and it would only get them that one password.

In short, you need per-user salt and a good hashing function. MD5 is terrible, and SHA-1 is no longer "good". You should be using a system like bcrypt to force an attacker to spend a considerable fraction of a second on each hash. 0.1s per password check is probably no big deal to you, but it's devastating to any kind of brute-force cracking.

This is required reading for anyone implementing a password security scheme:

http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html

like image 94
Tim Sylvester Avatar answered Sep 18 '22 19:09

Tim Sylvester
Sign in to Comment

Related questions

Create UserID even though usernames unique?
How to sort a Doctrine DQL Query by the number or members of a relation?
How optimize adding new nodes in `django-mptt`?
How to list all rows from table and display specific column data from wordpress database
What is the difference between SQLAlchemy, PostgreSQL, and SQLite? [closed]
Sql select multiple values from another query
Using JComboBox as a Search
Does any JDBC driver supports LOAD DATA INFILE sql command?
How to get IDs of only checked rows of a datagridview
What is the difference between logical schema and physical schema? [closed]
setting up fake data in mongodb for testing
Optimizing indices for ranking in SQL Server
While importing sql table getting error due to collation
Remote PostgreSQL connection with pgAdmin
Room Database compile error: Field has non-unique column name
Easily check if table exists with python, sqlalchemy on an sql database
What's a good way to encapsulate data access with PHP/MySQL?
Force default value when adding column to table - SQL Server
Does PHP have a built in mechanism to failover from one database server to another?
Database connection pooling datastructure

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!