tags:

views:

358

answers:

5
+7  Q: 

is a GUID a good salt? is my register/login process got any flaw?

If my table inside the database look like:

 userid uniqueidentifier
 username varchar(20)
 password varbinary(max)

When the user submit(to register), I send the user/pass to a stored procedure.

The stored procedure create a new GUID(Using NEWID()) then I use the HashBytes(sha1) function of SQL Server to create the password based on the GUID+password provided then I insert the values into the table above.

When the user submit(to login), I send the user/pass to a stored procedure.

The stored procedure look for the username and grab the userid to compare the hashbyte(sha1) of guid+password with the password field.

do you see any flaw inside that logic?

+3  A: 

That's pretty standard - a guid would be fine for a salt. The point of a salt is to prevent Rainbow attacks, and pretty much any value that's random (or even if not random, then at the very least, different) for each user will do the trick.

rwmnau  2009-07-28 14:09:26
I think you mean the point of a salt. Also, it would have to be seemingly random but unique and static for each user (otherwise how do you check it?)
firebird84  2009-07-28 14:13:00
The point of a *salt* is to prevent rainbow table attacks. And for that, the value doesn't even have to be random, just different for each user.
Michael Borgwardt  2009-07-28 14:13:06
Ah - that's exactly what I meant. Thanks for the edit.
rwmnau  2009-07-28 15:49:46
+2  A: 

Why are you re-inventing login when you don't understand nonces?

  1. Doing anything crypto-related is hard. Experts make mistakes which are missed by other experts for decades. The rest of us are even worse.
  2. There are a large number of off-the-shelf authentication systems available for free. Nearly all of them will be better implemented and more flexible than something you roll yourself.

Update based on new details of question from comments. For a Windows GUI app talking to SQL Server, my authentication choices would start with:

  1. Domain authentication (easy, but requires domains).
  2. Cardspace. Not hard, very flexible, but requires client infrastructure.
  3. SQL Server mixed mode authentication (easy, but inflexible).
  4. Kerberos via SSPI (harder, but very configurable).
Craig Stuntz  2009-07-28 14:12:14
But can you point out an achtual *flaw* in what the OP writes? I mean, he is not rolling his on hashing function or such, he is salting a password hash. Which is quite a common thing to do, and it's pretty far from the "don't roll your own security function" recommendation.
Tomalak  2009-07-28 14:15:57
Kenny, "nonce" and "nuance" are two *completely* different things. I meant what I said.
Craig Stuntz  2009-07-28 14:16:17
Care to give good examples of the free ones you are talking about? I could look em up I suppose but I'm feeling lazy today ;)
Russell Troywest  2009-07-28 14:16:32
Tomalak, I cannot point out a flaw in code I cannot see. But when an non-expert writes crypto-related code, they will almost certainly make mistakes. Perhaps the non-encrypted password will remain in memory somewhere. Perhaps the use of the hash will not be configured correctly or will have a timing side effect. The point is that there is no good reason to do it yourself.
Craig Stuntz  2009-07-28 14:20:59
@Craig Stuntz: I'm not sure if I see your point (for this question, at least). Salting a password hash is not crypto-related. Other parts of the application were not part of the discussion, and the question was not "how to implement a rock-solid login process".
Tomalak  2009-07-28 14:29:00
If you believe that "salting a password hash is not crypto-related," then you should not be giving advice on the subject.
Craig Stuntz  2009-07-28 14:31:22
@Craig Stuntz: Sure it is related, as in "belongs into the category". But as I said, it is a long shot from hashing/salting a password to actually *writing your own* encryption/hashing function. The former is using existing infrastructure to do something common. Which is okay. The latter should be left to experts.
Tomalak  2009-07-28 14:38:48
You are failing to account for use of the protocol as security-related, as opposed to writing it. Using a protocol correctly is at least as important as having one correctly written. A weakly written protcol may still require a brute force attack. An improperly used protocol may be trivial to attack (read the paper I linked). Click the link I added and for nonce look at the sequence diagram. Notice anything missing in the question? The answer to the question is not "add a cnonce." The answer is "pick a tested implementation."
Craig Stuntz  2009-07-28 14:57:00
@Craig Stuntz, after I quick look on google, I didn't find any "off the shelf" for sql server 2005, could you give me one or more example? thanks
Fredou  2009-07-28 15:01:14
Fredou, for what sort of app? For a web app, e.g., there is ASP.NET membership, which has SQL support built in.
Craig Stuntz  2009-07-28 15:16:06
@Craig Stuntz, windows app.
Fredou  2009-07-28 15:21:36
Is domain authentication not a choice? That would be my first choice. My second choice would be SQL Server mixed mode authentication (easy, but inflexible). Third is Kerberos via SSPI (harder, but very configurable). I'll add this to the answer.
Craig Stuntz  2009-07-28 15:28:11
@Craig Stuntz, Domain is not available and I cannot totally control the client side and I cannot create a new sql user and for #4, it need a domain.
Fredou  2009-07-28 15:42:10
Okaaaaayyy.... What about Client Application Services? http://msdn.microsoft.com/en-us/library/bb384297.aspx
Craig Stuntz  2009-07-28 16:11:04
A: 

As describe, it's not clear how the mechanism works - I assume the userid field contains the generated GUID (otherwise I don't see how you retrieve it for comparison).

There are different types of GUID, not all of them random. But then, randomness is not really required for password salting. All in all, your approach looks fine, though you might consider performing the hashing multiple times ("key strengthening") to improve security further.

Michael Borgwardt  2009-07-28 14:18:20
yes, it would be the generated GUID and I would be using NEWID() from sql server 2005
Fredou  2009-07-28 15:10:34
+1  A: 

As Craig Stuntz noted, you should not be trying to do crypto on your own. The defition of salt is here. As it says, this should be random, and your GUID may not be random, and therefore you may have information leekage, and decreased security. That being said, it depends on how much security you want for your system. If this is not a large application, then you may be able to get away with your current system.

Milhous  2009-07-28 14:24:42
it would use the newid() from sql server 2005
Fredou  2009-07-28 14:43:16
A: 

If security is the primary concern, I'd rather NOT use a GUID for the salt value.

GUID's come in different "types", with some being more "random" than others. However, even the best type of GUID (this would be V4-type GUID's from a "randomness" perspective) are not really suitable for cryptographic functions.

From the Wikipedia article on GUID's:

V4 GUIDs use the later algorithm, which is a pseudo-random number. These have a "4" in the same position, for example {38a52be4-9352-453e-af97-5c3b448652f0}. More specifically, the 'data3' bit pattern would be 0001xxxxxxxxxxxx in the first case, and 0100xxxxxxxxxxxx in the second. Cryptanalysis of the WinAPI GUID generator shows that, since the sequence of V4 GUIDs is pseudo-random, given the initial state one can predict up to next 250 000 GUIDs returned by the function UuidCreate. This is why GUIDs should not be used in cryptography, e. g., as random keys.

CraigTP  2009-07-28 14:49:52
interesting to know that but since the guid is used for the salt value, does it really make unsafe?
Fredou  2009-07-28 14:55:49
The mechanism of generating a salt does not need to be random or unpredictable to accomplish the purpose of a salt.
Rex M  2009-07-28 15:12:26
Well, any predictability of the salt values used will weaken the overall security. Ideally, each salt value should be uniquely random with (ideally) no correlation/predictability to any other salt value with the complete data set of salted values.
CraigTP  2009-07-28 15:12:50
@Rex M - If the same salt value is used for each and every password, then any attacker discovering the salt for one password within a complete set of passwords, can now trivially calculate a "rainbow table" for the entire set of hashed passwords with the known salt.
CraigTP  2009-07-28 15:21:24
@CraigTP no one said anything about using the same salt.
Rex M  2009-07-28 15:44:23

related questions

What is a javascript hash table implementation that avoids object namespace collisions?
Best way to prevent duplicate use of credit cards
Why is '397' used for ReSharper GetHashCode override?
How does c# figure out the hash code for an object?
What's the best hashing algorithm to use on a stl string when using hash_map?
Is there any way to use a "constant" as hash key in Perl?
Unique ID c++
Detect changes in random ordered input (hash function?)
How do I hash a string with Delphi?
Can I depend on the values of GetHashCode() to be consistent?
How to get hashes out of arrays in Perl?
Search by hash?
Given that I have a hash of id(key) and countries(values) sorted alphabetically, what is the best way to bubble up an entry to the top of the stack?
Saving Perl Windows Environment Keys UPCASES them
What is a good Hash Function?
How do I create a SHA1 hash in ruby?
How Do I Create a Hash Table in Java?
How would you implement a hashtable in language x?
why are downloads sometimes tagged md5, sha1 and other hash indicators?
How to find keys of a hash?
How do I generate a hashcode from a byte array in c#
How would a sdbm hash function be implemented in C#?
What is the best way to create a sparse array in C++
What's the safest way to iterate through the keys of a Perl hash?
Decode email address from Gravatar hash?