Geek Answers Handbook

What is the purpose of salt?

On a Linux system, passwords are stored using the MD5 hash. Why does using salt protect the system more? In particular, I want to clarify the following two

  • They say that salt is stored in a hash text, how can it prevent an attacker if the attacker knows the meaning of the salt. (The attacker may be the system of the administrator himself, who can check /etc/shadow .
  • If salt is randomly generated each time, how can the system compare the hash for user authentication?

For example, user A has user salt s1 and generates h1; h1 = md5(password.s1); . Next time it uses the s2 salt, and the system should generate another hash, h2 = md5(password.s2) . Since h1 is not equal to h2, how can a system authenticate a user?

+8
security salt md5
source share
4 answers

MD5 is a hash, as you know, so if you give it an input, for example "PASSWORD", you will get a unique one (I hope, however, MD5 has a collision these days), for example, "3DE2AF ...".

Now, as you know, itโ€™s quite difficult to directly reverse this until someone thinks ... wait, why don't I create all possible combinations of hash values โ€‹โ€‹until I can change the hash. This is called a rainbow table .

The purpose of the salt is to add arbitrary random data to the hashed string to increase the length of the input to the hash. This means that shared rainbow tables that expect to cancel the password hash will not work. Of course, rainbow tables just turn in the opposite order, you can simply create a rainbow table to compensate for all possible outputs with a password + salt. This is where the increase in length comes to life; due to the nature of reversible hashes, the disk space for generating feedback signals for very long hash inputs is soon becoming impossible. Rainbow alphanumeric tables for 6-8 characters are already a couple of gigabytes; increase the length and character classes and you will begin to speak tenfold.

Of course, if you put in a "PASSWORD" and you have a "PASSWORD", you haveh the "PASSWORDPASSWORD", which is not much safer, so choosing a salt is also important. Ideally, you should use a random salt with each hashed line, but of course you need to know what it is. A common technique is to get salt from a username or other property unique to this case. Adding arbitrary data is not useful in itself; the presence of custom salt data now adds an additional level of complexity, that is, rainbow tables are needed with specialized searches for each user. The more you make it harder, the more processing power is needed. This is where the battle is.

However, there are some modern methods. I am not an expert, so I canโ€™t tell you how safe it is, but they are worth mentioning. The concept is slow hashing. Basically, through complex hash functions, you should spend some time figuring out each hash. Thus, the ability of each user to verify the password now has a constant amount of time added for each password that you want to verify. If you're rude, this is Bad News (tm). Similarly, if the system is well designed, if there are no shortcuts (which probably equate to weaknesses), then generating a rainbow table for a slow hash function should also take some time.

Change details here. See crypt() for a first example of this. @CodeInChaos refers to PBKDF2 , which is part of PKCS # 5 . Newer scrypt development.

As I said, I'm not an expert cryptanalyst. In the last example, I donโ€™t have specific specific knowledge about its suitability, I just show you where everything is going.

Edit 2 Refined my salt - I think I used to dance around a key disk space problem.

+13
source share

You can flip a simple hash algorithm with brute force.

If you use a common word for passwords, some pre-build tables (such as rainbow) may contain them. This is why most algorithms call a hash function several times:

 md5(md5(md5(password)));

Using salt gives a lot more randomness to the generated password and, thus, makes it less valid. It consists of adding a random line fragment in the process

 md5(md5(md5(password+string)+string)+string);
+5
source share

One reason might be that if two people use the same password, unknowingly, they will generate the same MD5. One of them can just see / etc / shadow and guess the password of other guys.

Now that salt is added to each password, the same passwords generate different hashes.

+2
source share

When you encrypt data, it can be attacked by bruce-force and rainbow attacks . When stuffing at the end of encrypted data, you add extra bits. Therefore, an attacker cannot correctly obtain the source data.

0
source share

More articles:


All Articles