Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Salt, passwords and security

I've read through many of the questions on SO about this, but many answers contradict each other or I don't understand.

You should always store a password as a hash, never as plain text. But should you store the salt (unique for each user) next to the hashed password+salt in the database. This doesn't seem very clever to me as couldn't someone gain access to the database, look for says the account called Admin or whatever and then work out the password from that?

like image 913
Jonathan. Avatar asked Apr 06 '10 07:04

Jonathan.


People also ask

Why does adding salt make passwords more secure?

A cryptographic salt is made up of random bits added to each password instance before its hashing. Salts create unique passwords even in the instance of two users choosing the same passwords. Salts help us mitigate hash table attacks by forcing attackers to re-compute them using the salts for each user.

Is salt encryption secure?

Using ten different salts increases the security of hashed passwords by increasing the computational power required to generate lookup tables by a factor of ten. If the salt is stored separately from a password, it also makes it challenging for an attacker to reverse engineer a password.

Does salting protect weak password?

So when a salt is present, the attacker is reduced to a brute force attack on the specific set of password hashes that have been obtained. However: for weak passwords, a brute force attack will succeed in relatively little time.

What is salts in security?

A salt is a piece of random data added to a password before it is hashed and stored. Adding a salt to stored passwords is a security process used alongside the hashing of passwords before they are stored.


1 Answers

A lot of people are saying "to stop rainbow tables" without explaining what rainbow tables do or why this stops them.

Rainbow tables are a clever way of precomputing a large number of hashes and storing them in less memory than would naively be required, and you can use them to very quickly reverse a hash. Tables for bare functions such as hash = md5(password) and hash = sha1(password) are common.

However, they can be generated for ANY hash function which can be described as output = f(input). If you use a site-wide salt for all user passwords, for example hash = md5(salt+password), you could construct a function f, f(password) = md5(salt+password). Therefore you could generate rainbow tables for this function, which would take a long time, but would then let you crack every single password in the database very rapidly.

If the salt is different for each password, you can't generate a rainbow table that will crack all passwords in the database. You could generate a new one for every user but that would be pointless - naive brute-forcing would be no slower. So having a seperate salt for each user stops the rainbow tables attack.

There are several ways to do accomplish this. Popular ways include:

  • A separate salt for each user, stored alongside their other details in the database: hash = hashfunction(salt + password)
  • A global salt and some unique value per user: hash = hashfunction(salt + password + user_id) for example
  • A global salt and a per-user salt: hash = hashfunction(global_salt + user_salt + password)

Having a global salt could add a little extra complexity to cracking the passwords, as it could be stored outside of the database (in the code, for example) which attackers may not gain access to in the event of a database breach. Cryptographically I don't think it adds much, but in practice it could slow them down.

Finally, to answer your actual question:

Storing the salt alongside the user data does not weaken the hash. Hash functions are one-way: Given the hash of a password, even an unsalted one, it is very difficult to find that password. The motivation behind salting is not to make an individual hash more secure, but to make the collection of multiple hashes more secure. There are several vectors of attack for a collection of unsalted hashes:

  • Rainbow tables
  • Hashing common passwords (123, password, god) and seeing if any exist in the database, and then compromise those accounts
  • Look for identical hashes in the database, which means identical passwords (probably)
like image 65
ZoFreX Avatar answered Sep 24 '22 20:09

ZoFreX