Salts and Passwords - prefix or postfix

views:

356

answers:

+1 Q:

Salts and Passwords - prefix or postfix

This is a question about salting phrases that need to be hashed.

I was wondering if it more secure to prefix the salt to a phrase or postfix it? salt + phrase or phrase + salt

My question comes from this comment on this post on MD5s. I am not sure I understand the reasoning behind the author's comment.

+5 A:

Whether the salt is appended to the front or the back makes no difference.

The following factors will affect security though

Is your salt private (if so how private is it?). The more private the better. This means that if you can avoid storing your salt in your db you can make your system safe against brute force attacks even if your db is compromised.
Is your salt random per value salted? This helps defend against rainbow table attacks if say your db is compromised and your salt is stored in the db. Note: if passwords being stored are long enough they can be immune to brute force attacks.
Is your salt long enough? The longer your salt the more secure you are.

Sam Saffron 2009-05-13 03:34:54

whoever downvoted this, please tell me why?

Sam Saffron 2009-05-13 03:51:27

It wasn't me (I upvoted) but I'd guess because of your first bullet. A private salt doesn't really add security. Even if a cracker gains access to the hash and salt, as long as the salt is long enough and random per password, a rainbow table is computationally prohibitive.

Randolpho 2009-05-13 04:02:07

Sure, but brute forcing short password is still very much possible if the salt is public

Sam Saffron 2009-05-13 04:03:11

Technically it doesn't matter, so long as the salt is unique and not easily guessable. Just don't make the mistake of storing the salt, like I did.

The purpose of "salting" a string is to scramble it in a way a bit more personal and unique than an MD5 hash will do. There's no right or wrong way to do it, just so long as you're the only one that knows how it works. It will achieve the result either way, which is to make the MD5 hashes generated not correspond with a rainbow table for easy cracking of passwords.

Nicholas Flynt 2009-05-13 03:42:27

I see no reason to downvote this ...

Sam Saffron 2009-05-13 03:50:56

Well, technically doing it a particular way can prevent against that mindset if a cracker assumes a common way. In other words, prefix and postfix are more/less vulnerable against certain threats, if my research is valid. So the downvote may be appropriate if you're security paranoid, I don't pretend to be the know-all expert on such things. ^_^

Nicholas Flynt 2009-05-13 05:58:41

-1 Salt is stored openly with the encrypted password to defend against amortizing attacks over many encrypted passwords. It shouldn't be confused with a private key.

starblue 2009-05-13 16:30:57

Wha? I was always under the impression that a salt was prefixed/postfixed to a password *before* hashing. Clearly I was mistaken then, I get to go do more research. Yay!

Nicholas Flynt 2009-05-16 06:56:29

+1 A:

It doesn't matter when you digest the salt: prefix, postfix, infix all produce different hashes, but achieve the same purpose of defeating rainbow tables or other pre-hashed dictionary attacks.

I think that the comment has to do specifically with a vulnerability in MD5, not hashing in general. I don't understand the details, but it has to do with finding two prefixes that produce the same hash.

erickson 2009-05-13 03:50:05

Thats not the way collision attacks work. you need to know the full message being hashed to produce collisions. you can not produce collisions from a partial message

Sam Saffron 2009-05-13 03:53:51

You find two different messages that produce a hash collision. Then you append the same suffix to each of these prefixes and you get another collision. I think the cited comment was trying to explain a password crack that used this vulnerability, but I don't understand exactly how he thought it works.

erickson 2009-05-13 06:09:35

Really? The output of MD5 is simply its last intermediate hash value. If you have two different prefixes that collide it means the intermediate hash value is the same—and that value is the entire state of the hash. If two MD5 hashes in an identical state digest the same data, what would you expect the results to be? See http://www.win.tue.nl/hashclash/rogue-ca/

erickson 2009-05-13 14:42:36

comment stricken, true, if you prefix collides and you append the same suffix it will result in a collision as well. I have no idea how this could be exploited though in a password storage scenario

Sam Saffron 2009-05-13 23:30:59

When someone has a question about the use of salts I fear it is because they are busy (re)inventing things they really shouldn't be in the first place. Based on the question my recommendation is to use an HMAC.

Einstein 2009-05-13 03:53:47

if you use HMAC you still need a private key which has to be stored somewhere ... same factors that affect the salt based security affect the choice of key for your hmac algorithm

Sam Saffron 2009-05-13 03:59:15

The question was about the location of salts - NOT key management. HMAC use solves the location issue.

Einstein 2009-05-13 04:33:48

ansaurus

tags:

views:

answers:

Salts and Passwords - prefix or postfix

related questions