Password handling best practices?

views:

483

answers:

+3 Q:

Password handling best practices?

We have a number of network services and web-apps authenticating users differently, some with different password requirements for very bad technical reasons. For example, one system refused $ signs until someone "fixed" the string handling in some Perl scripts. Another system appears to parse @ signs in passwords. Another system issues users passwords to them, and the developer was proud to show me that it was a reversible transformation of the username.

I understand that password hashes are preferred; but I wonder how much must necessarily be sacrificed in the transition to browser based software. For my own edification, and to make a case for change, are there authoritative references on the subject of password handling and management that I can show those in my department and those responsible for other services?

+2 A:

Setting short length limits and filtering characters are two mistakes I see frequently that drive me up the wall. Hashing passwords properly should completely eliminate the need to do this and it can be a real pain for end users.

I generate my personal passwords with MD5(Key + Keyword) - for example my bank password is MD5("NotTelling" + "Bank"). A lot of sites seem to thwart users with strong passwords and there is never a good reason for it.

Obviously a good salted hash is the way to go.

http://stackoverflow.com/questions/116684/what-algorithm-should-i-use-to-hash-passwords-into-my-database has a good post on the best practice algorithms to use.

apocalypse9 2009-08-07 19:26:55

Though MD5 is better than nothing, it's not really the best hash algorithm to use for passwords; it was designed more for integrity checking.

Amber 2009-08-07 19:52:06

From what little I understand of Hashing methods MD5 is pretty bad, and I think it can be broken reliably. It may be worse then nothing because it gives a false sense of security. http://md5.rednoize.com/

James McMahon 2009-08-07 20:26:32

I completely agree and, I was in no way advocating MD5s for site security.I just use it to generate my personal account passwords. Md5 Calcs are easy to come by so I can use the scheme without carrying passwords with me. It generates fairly random long passwords with lots of special characters. It also gives me easy to generate passwords that are different for every site I visit. Yes there are some cryptographic flaws but if one site is compromised it isn't going to be worth the effort to reverse and use elsewhere. As an additional precaution i rarely have more than $20 to my name.

apocalypse9 2009-08-07 20:56:37

@nemo - storing your passwords in plaintext is most definitely *not* better than storing them with MD5, "false sense of security" or no. The fact that a hash is being used at all is at least an order of magnitude more secure than plaintext, if not more.

Amber 2009-08-07 21:46:38

+5 A:

The fewer restrictions you can put on what characters are allowed in a password, the better - it increases the search space for someone attempting to brute-force. Ideally, there's no reason to disallow any ASCII character (aside from control characters and things like backspace/newline) within a password.

As far as length limits go, minimum limits are good (to a point - don't piss off your users by setting a minimum length of 10, for instance), maximum limits are bad. If someone wants to have a 50-character password, let them - storage shouldn't be an issue as long as you're hashing, since the hashes are of constant length.

Always store passwords in a non-reversible hash form - ideally, a cryptographically-secure one. There's no reason to store them in a reversible form (if someone forgets their password, just set a new password for them, don't try to "retrieve" it). Don't write your own hashing algorithms - chances are you're not a cryptography expert, and there are plenty of good, proven hashing algorithms out there with implementations (either in code or library form) for just about any mainstream language.

Salt your hashes with a per-user salt of sufficient length to prevent rainbow table cracking.

Chapters 5 & 6 in Pro PHP Security deal with storage and encryption of passwords:

http://books.google.com/books?id=lVXnmsCCd3wC&lpg=PP1&pg=PA55#v=onepage&q=&f=false

Some relevant articles:

Amber 2009-08-07 19:28:59

Where do you draw the line at "store"? In RAM? On disk? Across a network?

jldugger 2009-08-07 19:41:15

Network communications involving passwords should generally use a secure protocol (e.g. HTTPS for web applications). It's generally hard to avoid having a plaintext password in RAM temporarily since the user is sending it to you in plaintext form before you hash it, but that's usually not an issue. The password should definitely be hashed by the time it gets to disk/DB

Amber 2009-08-07 19:44:14

Are there any proven hash algorithms? I'm of the general impression there's a few mature ones in use, but that they slowly fall to either mathematical flaws or simple progress in computing power.

jldugger 2009-08-07 19:47:02

The SO question that apocalypse9 linked in his answer discusses hash algorithms: http://stackoverflow.com/questions/116684/what-algorithm-should-i-use-to-hash-passwords-into-my-database

Amber 2009-08-07 19:49:11

I guess what I'm trying to say is I don't know of any "proofs" of hashes like SHA-256, and I have seen some reduced-round attacks: http://eprint.iacr.org/2008/270.pdfUntil a few months ago, SHA-1 might have been considered a proven technology. After some new attacks were published in June, many people decided to migrate keys away. I feel the phrase "proven", when given extra emphasis, implies that you can pick a safe hash function once and it will continue being safe.

jldugger 2009-08-07 20:06:50

Nothing will be "safe" forever, simply due to increasing computational power. Hashing has always been about simply making reversing the hash as computationally expensive as possible.

Amber 2009-08-07 21:47:36

Amber 2009-08-07 22:43:30

+1 A:

I would recommend looking at sites like OWASP. They deal with the broader topic of web application security, which of course password protection is a key feature. Im sure you'll find more information there.

There are also companies like Foundstone that can teach your development team about best practices and audit your existing applications.

KFro 2009-08-07 22:45:34

Unfortunately, we have no budget for training programmers. These applications arise either because a manager can't say no, or because procurement was more complicated than half-assing it in PHP. We do have substantial access to library resources though, hence the request.

jldugger 2009-08-08 20:03:54

OWASP turns out to have a decent Guide to implementing Secure websites. Very handy, thanks.

jldugger 2009-10-20 20:56:32

+1 A:

If you design a system which handles passwords, and you can use it to acquire a user's password, then the system is not secure.

This is part of a more general necessary condition for security: The designer should not be able to break the system.

Strilanc 2009-08-07 22:46:17

ansaurus

tags:

views:

answers:

Password handling best practices?

related questions