Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Salt and hashing, why not use username?

Tags:

password-encryption

cryptography

hash

encryption

salt

I must confess to being largely ignorant on most of the high-tech security issues relevant for web applications, but there is one thing I at least thought I could ask because it is a direct question with (hopefully) a concrete answer.

Take this website: http://www.15seconds.com/issue/000217.htm

It shows a bit down that they store the salt value in the table, I understand the principles and the math behind using a salt, but I'm wondering this:

Why did they not just use the username as a salt value instead of generating one?

like image 271
Lasse V. Karlsen Avatar asked Apr 06 '11 10:04

Lasse V. Karlsen

People also ask

Can you use username as salt?

Yes a username would be good enough. The point of salting a password is to increase the bruteforce effort by a multiple of however many unique salts there are in the system. Some will insist that salts must be unique, but the point is to increase effort, thus deterring the attacker.

Why are usernames not hashed?

However, once again - an encryption key stored directly in a program is just as good as no key at all. These are the prime reasons usernames are not hashed or encrypted.

Should you encrypt username?

As usual, the answer is "it depends". In general, I'd say that if an attacker has access to your database, your security situation is so badly compromised that encrypting the passwords will likely do you no favours.

What is the most significant security benefit of adding a user specific salt to the password before hashing it?

A cryptographic salt is made up of random bits added to each password instance before its hashing. Salts create unique passwords even in the instance of two users choosing the same passwords. Salts help us mitigate hash table attacks by forcing attackers to re-compute them using the salts for each user.

2 Answers

The point of the salt is to be unique. The salt is meant to prevent attack cost sharing, i.e. an attacker trying to attack two hashed passwords for less than the twice the cost of attacking one.

One solution to ensure uniqueness is to generate a random salt in a wide enough space. Therefore, getting twice the same salt for two distinct password instances is sufficiently improbable that it will not happen in practice.

The user name is not adequately unique:

  • The user name does not change when the user changes his password. An attacker seeing the old hashed password and the new hashed password may attack both at a cost less than twice the cost of attacking one.
  • At a given time, user names are unique system-wide, not world-wide. There are many "bob"s out there (in a Unix system, consider "root"). Using the user name may allow an attacker to attack several systems simultaneously.

Salt entropy is not really important, except in so much as it ensures uniqueness in a random generation setting.

like image 97
Thomas Pornin Avatar answered Sep 29 '22 10:09

Thomas Pornin

Because user names have lower entropy than a random salt, so they spread your hashes around less than a proper salt does.

Not that the example on that page is very spectacular anyway. I always just generate a GUID and use that.

I suspect it's all down in the noise as far as real-life security is concern, and even quite small amounts of per-user salt make a big difference to security, with very small improvements as the salt gets more complex.

like image 31
Will Dean Avatar answered Sep 29 '22 11:09

Will Dean
Sign in to Comment

Related questions

Encrypt with PHP, Decrypt with Javascript (cryptojs)
Make .txt file unreadable / uneditable
Code Golf: XOR Encryption
MongoDB database encryption
Best Way to Encrypt Customer Information in My Company's MySQL DB? [closed]
Is HTTPS the only defense against Session Hijacking in an open network?
Encrypting Passwords
How can I find out if the iPhone user currently has a passcode set and encryption enabled?
RSA implementations in Objective C
Passphrase, Salt and IV, do I need all of these?
Password hashing, salt and storage of hashed values
How to encrypt file from SD card using AES in Android?
Encrypting a string with AES and Base64
InvalidKeyException : Illegal Key Size - Java code throwing exception for encryption class - how to fix?
"Padding is invalid and cannot be removed" using AesManaged
How to make auto trust gpg public key?
Encrypt and decrypt a password in Java [closed]
Should I use an initialization vector (IV) along with my encryption?
How secure is my PHP login system?
Why does a bad password cause "Padding is invalid and cannot be removed"?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!