tags:

views:

101

answers:

5
Q: 

Hashing passwords for on-disk storage (More details inside)

I need to store hashes of passwords on disk. I am not entirely sure which hash function to use (they all seem somewhat troubled at the moment), but I am leaning towards SHA-256.

My plan is to take the user's password and combine it with their user ID, a random user-specific salt, and a universal site-wide salt. Should I concatenate these values together and then hash the single resulting string, or should I hash each separately, concatenate the hashes, and then hash that? Also, does the order (password, user id, user salt, site salt) matter? Can I rearrange them however I like, or is it a bad idea to have something that doesn't change (site salt) or something completely predictable (user id/user salt) first?

Thanks.

A: 

Previous SO questions about this:

http://stackoverflow.com/questions/1246463/password-handling-best-practices/1246560#1246560

http://stackoverflow.com/questions/116684/what-algorithm-should-i-use-to-hash-passwords-into-my-database

But to provide brief answers to your specific questions:

  • SHA-256 is a viable option.
  • You can hash the single string.
  • Order doesn't matter.
  • You don't need two salts. Just a user-specific salt is fine, the site-wide one is unnecessary and doesn't actually contribute anything.
Amber  2009-08-09 01:35:09
Grr - beat me by 18 Seconds. Sorry for the duplication :D
apocalypse9  2009-08-09 01:36:07
No worries - that's somewhat the nature of StackOverflow. :)
Amber  2009-08-09 01:37:40
+2  A: 

SHA-256 seems to be one of the better options available right now.

Concatenating everything should be fine and order isn't all that important. Just make sure that you are using a significantly long salt value.

This post has some good recommendations- http://stackoverflow.com/questions/116684/what-algorithm-should-i-use-to-hash-passwords-into-my-database

apocalypse9  2009-08-09 01:35:27
+1  A: 

Why not bcrypt? Password hashing should be very slow, but SHA* is designed to be very fast. bcrypt is specifically designed for password hashing.

jrockway  2009-08-09 01:46:47
A: 

Go all the way, SHA-512 FTW!

 2009-08-10 15:42:31
A: 

Never hash hashes!!

Chris Kaminski  2009-08-10 15:46:55
Just curious, why not?
Moshe  2010-10-14 13:39:49
Good question - I have no idea what I thinking at the time... Perhaps simply because if a hash is predictable, so is a hash of a hash - you still want to salt it.
Chris Kaminski  2010-10-22 14:38:45

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security