Thursday, February 24, 2011

Are password hashing and salts enough?

Nice blog post from f-secure that explains why using salts to protect our passwords from rainbow tables is not enough.

As a quick resume, the idea behind the blog post is that using salts with hash algorithms like MD5 or SHA* is not enough, because these algorithms are meant for computing speed. Thus, using several GPUs to brute force all the passwords may take only few days.

A possible option to make it more difficult is to use algorithms that are more complex, reducing the number of attempts per second.

The following schemes are recommended:

 •  PBKDF2 http://en.wikipedia.org/wiki/PBKDF2
 •  Bcrypt http://www.openwall.com/crypt/
 •  PBMAC http://www.rsa.com/rsalabs/node.asp?id=2127

Furthermore (I quote):
So if you are working with passwords, pick one of the schemes above, determine the number of iterations it takes your server check the password for the desired length of time (10, 200ms, et cetera) and use that. Have a unique salt value and iteration count for each user — anything that forces the attacker to focus on each account separately rather than being able to try against all accounts on each iteration.


No comments:

Post a Comment