ansaurus

Question

Answer 1

+1 A:

As Adam already mentioned, hashing and storing the password each time a user logs in serves no real purpose.

Rather than rolling your own, you might want to look into using BCrypt.NET, a .NET implementation of a proven password hashing algorithm.

Usage is very simple:

// When setting password
string hashedPassword = BCrypt.HashPassword(password, BCrypt.GenerateSalt());

// Upon login
bool validPassword = BCrypt.CheckPassword(password, hashedPassword);

It allows you to vary the computational costs of calculating a password hash if you want to, making it more difficult for someone to do a dictionary attack on a database they might have obtained for example. This is done by adding a parameter to the GenerateSalt method call.

The details of the BCrypt algorithm can be found here.

Thorarin 2010-07-28 15:25:16

Is that salt automatically persisted or does the caller need to store it?

Adam 2010-07-28 15:29:41

@Adam: It only does hashing and checking. You're free to store the hashed value anywhere you like, but salt strength, the salt and hash are packed into a single string. This differs from your existing (?) solution where they are two separate values.

Thorarin 2010-07-28 15:33:26

@Thorarin so are you saying the salt is appended to the hashed value? Most solutions I see append the salt to the password and hash the lot.

Adam 2010-07-28 15:34:51

@Adam: I've added a link that explains the algorithm in detail.

Thorarin 2010-07-28 15:39:20

@Thorarin cheers :-)

Adam 2010-07-28 15:40:13

Answer 2

A:

The real purpose of a salt is to prevent against precomputation attacks, as the salt itself is NOT supposed to be secret (i.e. it is fine to have it accessible from the outside world). It is therefore not intended to provide security against brute forcing since it's (almost) as easy to hash(Salt+Password) as it is hash(Password).

If you believe someone will actually build a precomputed table of your one single salt to a database of passwords, then look up the salted password hashes they found in your database with said table, then you should use a unique salt for each password. Otherwise, don't worry about it.

bowenl2 2010-07-28 15:32:26

The article you cited says: "In some protocols, the salt is transmitted as cleartext with the encrypted data, " -- doesn't that contradict it not being public?

bowenl2 2010-07-28 15:44:03

@Adam: The use of salt is to protect the password hash against pre-computed rainbow tables, not to be a secondary password. For public salt, you have to compute each possible password with the salt, which is a lot more work than getting a table from somewhere else and doing a simple search. Since this only applies if the attacker has gotten the password hashes, which should be secret, it seems pointless to assume that the salt will be kept secret.

David Thornley 2010-07-28 15:58:42

Answer 3

+3 A:

Storing a unique salt per user is a good idea in my opinion. Re-generating the salt/hash combination every time the user logs in is a bit pointless unless you've got CPU cycles to burn. I'd recommend using something like the Rfc2898DeriveBytes class to generate a secure salt/hash combo:

Simple example of generating a hash from a password:

string password = GetPasswordFromInput();

using (var deriveBytes = new Rfc2898DeriveBytes(password, 32))  // 32-byte salt
{
    byte[] salt = deriveBytes.Salt;
    byte[] hash = deriveBytes.GetBytes(32);  // 32-byte hash
    SaveToDatabase(salt, hash);
}

And the corresponding checking of a password:

string password = GetPasswordFromInput();
byte[] salt = GetSaltFromDatabase();
byte[] hash = GetHashFromDatabase();

using (var deriveBytes = new Rfc2898DeriveBytes(password, salt))
{
    if (deriveBytes.GetBytes(32).SequenceEqual(hash))
        Console.WriteLine("Password matches");
    else
        throw new Exception("Bad password");
}

LukeH 2010-07-28 15:46:15

Minor quibble: Having CPU cycles to burn doesn't change the pointlessness. :)

Craig Stuntz 2010-07-28 16:16:50

Very cool stuff.

Andy Evans 2010-07-28 19:44:58

Answer 4

+3 A:

Each user should have their own unique salt.
There's no point updating the salt each time a user logs in, this serves no real purpose with regards to security.
The salt should be randomly generated and not linked to the password in any way.

The purpose of a salt is to protect against pre-computation attacks (such as rainbow tables). So if two users have the same password, they won't have the same final hash. If the salt is system wide and not per user, then this wouldn't be the case and an attacker only need to pre-compute all of the passwords for your system once. If each user has their own salt, then a pre-computation attack would need to be done on each user individually, making the attack infeasible.

Using a salted hash does not protect against brute force dictionary attacks. You would need to use other methods to protect against those.

Rich Adams 2010-07-28 15:49:12

ansaurus

tags:

views:

answers:

Sanity Check: Salt and hashed passwords

related questions