Geek Answers Handbook

Should I store password hashes?

User system and passwords: I was looking through MD5 stuff and I am wondering what is the normal / good practice for passwords. Right now, I think people are super encrypting passwords and storing hashes. If so, how does password verification work? I just entered the password again through the encryption process and then checks the hash with the saved one, right?

This question may contradict the foregoing, but should my salt ever be a randomly generated value? If so, when can this be helpful?

Edit: Besides passwords in the user system, what else needs to be encrypted as good practice? Do they spell usernames or something else?

2nd Edit: What is a one-way hash? I mean, technically, can I not reverse engineer my source code? Maybe this is a bad question because I know little about one-way hashing.

+7
php passwords encryption
source share
11 answers

First you create salt.

Sample notes written in PHP

// Setup a salt, this isn't "random" but it doesn't really have to be $salt = sha1(microtime());

Then salt the password

 // First we hash the password, then XOR it with the salt hashing the result $hash = sha1(sha1($password) ^ $salt);

Save $hash and $salt in the database.

When a user enters a password, compare it with a hash

 if(sha1(sha1($entered_password) ^ $salt) == $hash) // Correct password

Never store passwords in a reversible format. I would also recommend using MD5 as a hash.

Edit: besides passwords, the user of the system, what else needs to be encrypted as a good practice? Are they encrypting usernames or something else?

Passwords are not encrypted; they are hashed. Imagine a hash (very simplified) as something that takes a number and multiplies it by ten. Let's say I want to hash the number 30 . I would say 30*10 and get 300 as a "hash" for 30 . Please note that you cannot get 30 out of 300 without knowing how the hash function works.

This is a very simplified hash, and if you know that it is always multiplied by ten, you can easily cancel it. Now take a look at the SHA1 hash function . This is much more complicated. It cannot just be undone.

You will find that rarely is there anything other than a password hash and nothing is encrypted. The amount of overhead you would have when encrypting your database would be huge.

I suppose you could apply a similar salt / hash pattern to the username, but then you have pitfalls. What if you want to use this username in your code? What if you want to check that it is unique to the table?

2nd Edit: What is a one-way hash? I am technically, I can’t cancel the engineer my source code? Maybe this is a bad question because I don't know much about one-way hashing.

See above ( or click here ). One-way hash is easy. One-way display. A => B and nothing more. B !=> A , but A cannot be anything but B

Someone mentioned the performance of an XOR operation. Although I feel that the performance is pretty much negligible, I did a quick test.

 function microtime_float() { list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec); }

Now run

 $start_time = $this->microtime_float(); for($i = 0; $i < 100000; $i++) { $sha = sha1(sha1(microtime()) . sha1(microtime())); } $end_time = $this->microtime_float(); echo "1000 in " . ($end_time-$start_time) . " for CAT\n"; $start_time = $this->microtime_float(); for($i = 0; $i < 100000; $i++) { $sha = sha1(sha1(microtime()) ^ sha1(microtime())); } $end_time = $this->microtime_float(); echo "1000 in " . ($end_time-$start_time) . " for XOR\n";

Repeat as much as you want. The original entry uses the error log, and I got the following results:

 1000 in 0.468002796173 XOR 1000 in 0.465842008591 XOR 1000 in 0.466115951538 XOR 1000 in 0.498080968857 CAT 1000 in 0.506876945496 CAT 1000 in 0.500174045563 CAT
+10
source share

Never store your password in a reversible way; always use unidirectional hashes. Verification is performed by hashing the entered password and checking the two hashes against each other.

+1
source share

The standard practice with passwords is not to store the original password anywhere. Unix passwords were encrypted with a "crypt" that would use random salt. The salt itself was stored in the first two characters of the encrypted password. When the user enters his password, the system will use two characters of the encrypted password as a salt for encrypting the entered password, and if the encrypted result matches the stored encrypted password, it was a coincidence. Similar things can be done with MD5 passwords.

Therefore, good sites will never send you your password, but instead your password will be reset to a one-time value - because they do not know your password.

To expand this a bit: the MD5 hash is a one-way function - if you have the same value, you get the same hash, but you cannot take the hash and somehow turn it into a value. There is a small but finite probability that the two values ​​will produce the same hash (the probability becomes higher the more source lines or the less hash), but they choose hashing algorithms to make the two lines choose because passwords would have a hash with the same value almost infinitesimal. You may think that a hash with one method looks like a meat grinder - you can look at the meat that comes out of your meat grinder and see if there is a cow, a lamb or a pig, but you cannot go through another path and return the cow.

Because of this, no one can recover your password, because it is never stored anywhere on your system, but only its hash.

+1
source share

This question may contradict the above, but if my salt will always be a randomly generated value? If so, when can it be helpful?

Salts should be random. Their only use is to make brute force attacks on hashes much more expensive. Something called the "rainbow table" (which is a fancy name for a database where someone pre-piled a whole bunch of possible passwords and lets you search for passwords if you know the hash) allows you to take unsalted password hashes and turn them into passwords in fractions seconds in many cases.

Moderate-sized salts can increase the complexity of a brute-force campaign attack exponentially. For every single bit of random data in your salt, you double the time it takes for a brute force election attack. For each unique salt value in your database, an attacker must start by attacking a password protected by that salt.

If you had 1 KB of random salt for each user password, precomputed hashes exited the window. You would not affect the amount of time it takes to iterate over one user password.

One way to make an attacker’s life harder is by making the hash process computationally intensive (for example, 5000 rounds of sha1 (salt + sha1 (salt + sha1 (salt + password))). You should only do this for every login attempt. The attacker must do this is for every combination of salt + password that they want to guess. You have to decide if it is worth your needs. The answer is probably no.

Edit: besides passwords, the user of the system, what else needs to be encrypted as a good practice? Are they encrypting usernames or something else?

I am paranoid, but I would say that any information that you, the owner of the site, is not needed until the user is logged in, must be encrypted derived from the user's password. Thus, the attackers do not have access because you do not have access.

An online order processing system, for example, may require their mailing address, their name and last order, not encrypted, but their order history and favorite color can be encrypted using an account password.

Please note that if you do this and they lose their password, protected information will also be lost.

2nd Edit: What is a one-way hash? I am technically, I can’t cancel the engineer my source code? Maybe this is a bad question because I don't know much about one-way hashing.

A hash is a method of systematically extracting information. Say you start with a line and produce "srflcdos", throwing out everyone but every fourth character. The text I “hashed” may be: “spear, if the fish is lying calmly, do not sit!”, Or it could be: “supercalifragilisticexpialidotious”. It is impossible to prove any of the methods.

Cryptographic hashes do a lot more mixing and other transformations along with outlier to make them safer for small amounts of input and to avoid leaking any facts at all about the input. As an example of an insecure hash, if you know that whenever the input contains the letter A, 12 bits of the hash is 1, then you publish information about the source text, and the result is not a cryptographically secure hash.

The principle is that you cannot reverse engineer a process if, between each transformation, you throw out information vital to changing a previous transformation. MD5sum produces 128 bits of output, regardless of whether you put 1 bit or 12 petabytes of information. You obviously cannot compress 12 petabytes per 128 bits, so information is explicitly thrown out during the calculation of the hash.

+1
source share

You should save the hash of your password instead of the actual line being read, also consider using "Salting" for extra protection

0
source share

There are many variations in this thread.

For more information, please read the following: http://en.wikipedia.org/wiki/Digest_access_authentication .

Then read the following: http://tools.ietf.org/html/rfc2617

As a rule: you keep only the digest. Never enter a password.

Following RFC2617, you must save the digest of the username, scope, and password.

The client ("agent") accepts a username, password, realm, etc. and creates a digest that it sends to your server.

The username based server is viewing the digest version.

If their digest == digest stored on the server, you agree with the password (and everything else).

If their digest! = Digest stored on the server, you do not agree with the password (or anything else). This means that they did not receive the right to the kingdom or username, or they did not receive the right to the right, or something else went wrong. They cannot be trusted.

The full RFC2617 includes other data to calculate a digest of other materials and a password digest to ensure that the client is responding.

0
source share

2nd Edit: What is a one-way hash? I mean, technically, can I not reverse engineer my source code? Maybe this is a bad question because I know little about one-way hashing.

"One way" in cryptography means "hard to invert." Simply put, this means that if I give you sha1(password) , you cannot find the password at any reasonable time.

This is called computationally one-way . Many people confuse this for another definition of the one-way (from mathematics) meaning "not one to one" , which is not applied here.

0
source share

I highly recommend using MD5. For more information, read the Wikipedia section [MD5] Security . Instead, I recommend using the SHA-1 hash algorithm.

0
source share

Avoid using MD5 hashes if you can, as this is pretty wrong.

Alternatives are SHA1 or even better SHA256 or SHA512.

0
source share

The reason you store the hashed password is because if someone manages to get the data in your user table, they still cannot log in. A one-way hash cannot be decrypted (not even the person who encrypted it!), So it is very difficult to use a hashed password for anything.

Since you cannot decrypt the password in the database, you need to take the password that was entered and repeat the same process to hash it, and then compare the hashed values ​​to find a match. Because of this, your salt cannot be completely random, since you will get different results.

In addition, you do not want the password to be transmitted unencrypted, so login pages are usually HTTPS pages.

-one
source share

"Correctly?"


If you need a binary answer:

  1
-2
source share

More articles:


All Articles