tags:

views:

95

answers:

6
+3  Q: 

using account names as salt

So I'm making a website for a game. Nothing that will get popular :P

Right now I'm thinking about password security, I'm gonna use salting but instead of adding a new column in account table I was thinking about using the account name as salt since it cant be changed, and is "unique". I mean 2 users cant have the same account name.

But I was thinking how safe it would be if lets say someone has the account name banana. I mean that word gotta be popular in these wordlist hackers use.

Lets say the account name is banana and the password is hello (hashed with sha1), that would be pretty easy to reverse am i right?

A: 

There's no risk. The usernames are public knowledge anyway. And the hash is never easy to reverse - that's the whole point of hash.

As for the dictionary attack, you protect against it by having a password complexity policy.

Edit: yeah, to prevent a rainbow attack just prepend the salt with a longish arbitrary string. SHA1("whooooohooomysiteisthebest_bananahello") is not likely to be in a rainbow table.

Seva Alekseyev  2010-01-06 21:29:38
what you mean "public knowledge"? the account names are not shown anywhere on the site for others, its just used for login
José  2010-01-06 21:32:37
Jose, a potential attacker needs to know a valid username in order to initiate any kind of a password-cracking attack.
Adam Crossland  2010-01-06 21:33:49
@Jose: the idea of hashing the passswords is that the attacker gets his hands on your users table, so he can see all user names.
Remus Rusanu  2010-01-06 21:36:38
@Seva: Unsalted hashes are actually very easily reversed, but not by brute force. That's what rainbow tables are all about, http://en.wikipedia.org/wiki/Rainbow_table. Salted hashes are hard to reverse due to the added randomness.
Remus Rusanu  2010-01-06 21:40:40
@Remus: see edit :)
Seva Alekseyev  2010-01-06 21:46:20
Do you provide "username availability" feedback when registering? If so, finding usernames is not very difficult either.
Matt Garrison  2010-01-06 21:54:42
A: 

It would be preferable to not using a salt, but would not be as secure as a random salt.

Mike  2010-01-06 21:29:43
A: 

At least computationally permute the username somehow known only to you to get the salt. While hashes are not easy to reverse, you want to protect yourself against brute-force attacks. If you use the un-permuted username as the salt, you have made it easier to break with a dictionary attack.

Adam Crossland  2010-01-06 21:32:45
+1  A: 

The hacker can lookup the sha digest in the rainbow table and find that it matches the input 'bananahello' (considering that 'bananahello' is something already in the vehiculated rainbow tables). He can see that the user name is 'banana', ergo the password is 'hello'.

I would hash something similar to HTTP Digest HA1 hash: sha1(username . realm . password). Now a rainbow table customized for your realm ('example.com') is pretty hard to come bye. A side benfit is that you can actually implement Digest authentication on your site, which is sooo much better than Basic and forms.

Remus Rusanu  2010-01-06 21:33:28
Don't use SHA1, it's considered too weak now: http://valerieaurora.org/hash.html
Noon Silk  2010-01-06 21:46:31
SHA1 is fine for this use.
GregS  2010-01-09 14:23:24
+3  A: 

No, you should follow standard practice and generate a new unique salt per user, and just store it right along side the other fields in the database, it's not hard to do.

Noon Silk  2010-01-06 21:47:48
yeah i think that will be best
José  2010-01-06 21:48:58
A: 

Salting just prevents pre-calculated attacks. It's possible to have rainbow tables with dictionary salts already calculated, and it still doesn't prevent traditional bruteforcing, which will stumble across Remus's example of "bananahello" example pretty quickly.

By using public usernames verbatim, you've removed the value of the salt, the only task would be to calculate a rainbow table for that known salt. So to answer your question, yes, your implementation would be easy (but maybe not quick) to reverse.

Matt Garrison  2010-01-06 21:51:26

related questions

Is there a standard implementation for Electronic Signatures on fill-in-form web applications?
Best way to handle block ciphers in C++? (Crypto++)
What is the best replacement for Windows' rand_s in Linux/POSIX?
Combination of more than one crypto algorithm
Encryption output always different even with same key
What techniques do you use when writing your own cryptography methods?
Optimize y = x*x in Galois field arithmetic
Best way to prevent duplicate use of credit cards
Enumerating Certificate Fields in C#
I'm using Wincrypt for Diffie-Hellman-- can I export the shared secret in plain text?
Cryptography algorithm
I have P & G-- how do I use the Wincrypt API to generate a Diffie-Hellman keypair?
Good primers on Cryptography
Should I use an initialization vector (IV) along with my encryption?
How do I hash a string with Delphi?
Inter-convertability of asymmetric key containers (eg: X.509, PGP, OpenSSH)
How to implement password protection for individual files?
Is Bouncy Castle API Thread Safe ?
128 bit data encryption using Java
How can I use a key blob generated from Win32 CryptoAPI in my .NET application?
App.config connection string Protection error
Is there a best .NET algorithm for credit card encryption?
How to encrypt one message for multiple recipients?
How can I generate a unique, small, random, and user-friendly key?
Why is an s-box input longer than its output?