There are a lot of questions about salts and best practices, however most of them simply answer very specific questions about them. I have several questions which feed into one another.
Assuming a database is compromised a per user salt prevents the use of generic rainbow tables to crack passwords. A separate rainbow table would have to be generated for each and every user who had a unique salt in order to obtain their password. This would be a time consuming process which is what makes salts effective. This does not help a tremendous amount against dictionary or brute force attacks.
This leads to a number of questions:
Thank you in advance.
Password hash salting is when random data – a salt – is used as an additional input to a hash function that hashes a password. The goal of salting is to defend against dictionary attacks or attacks against hashed passwords using a rainbow table.
What is a Salt? A salt is a random character string that is added to the beginning or the end of a password. This salt is unique to each user, and is stored in the database along with the username and salted-hashed password. An example username-password database using the SHA256 hashing function with a salt.
Using ten different salts increases the security of hashed passwords by increasing the computational power required to generate lookup tables by a factor of ten. If the salt is stored separately from a password, it also makes it challenging for an attacker to reverse engineer a password.
The shadow password system is used to limit access to hashes and salt. The salt is eight characters, the hash is 86 characters, and the password length is unlimited.
If a hacker has access to your database system, you're fsckd. Your system has to have access to both tables to run, so the likelihood of "hiding" one from a hacker who's already compromised the system is nearly zero. Not remotely worth the extra complexity, in my opinion.
Having a "nonce" added (in addition) to a salt for each password is not a great help, but doesn't really hurt anything either.
Even 16 bits of salt is typically enough to make password cracking infeasible, if done correctly. I would probably use 64 or 128 bits, why not?
You should use a "good" source of randomness, but it doesn't need to be perfect. If the random values are somehow visible to an attacker, then they may be able to find a way to predict the next random value, but they would have to do this when the password is created and it would only get them that one password.
In short, you need per-user salt and a good hashing function. MD5 is terrible, and SHA-1 is no longer "good". You should be using a system like bcrypt to force an attacker to spend a considerable fraction of a second on each hash. 0.1s per password check is probably no big deal to you, but it's devastating to any kind of brute-force cracking.
This is required reading for anyone implementing a password security scheme:
http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With