tags:

views:

103

answers:

4
Q: 

Storing Passwords Encrypted in Database

Hi there guys. Today I came up with a question about the web application conventions.

For the sake of security, if we store passwords of our users, most probably we are encrypting it (with MD5, SHA-1 etc.) and storing digested-hash in order to make them difficult or impossible to reverse.

Today there are many Rainbow Tables that are lookup tables of usual A-Za-z0-9 sequences up to 6 chars or widely used passwords. Let's say you are MD5-ing the user password once and storing the hash as password in database and someday hackers pwned your database and now they have many md5 hashes and e-mail addresses. Surely they'll look up passwords and when they got a preindexed match, they will try to login to that user's e-mail account.

Here this can be easily solved by digesting the message twice or simply reversing it. However I am wondering about what is the convention about this problem and how (as far as you know) enterprise applications or giants (Facebook, Google) solve this?

+5  A: 

You use what is called a salt. Prepend some string that you make up before hashing. Prepend it also when you are checking the password. This is an application-wide string. This makes it much harder to look up via a rainbow table.

So if your salt is "kdi37s!!" save this in the db md5(kdi37s!!P@$$w3rd) and do the same when checking.

Matt Williamson  2010-08-17 06:18:25
Often the salt is generated and saved per user so there is another level of complexity
CRice  2010-08-17 06:50:14
+1 yes, it can even be a hash of the user id ;)
Matt Williamson  2010-08-17 06:51:03
instcode  2010-08-17 06:51:23
+3  A: 

Use a little bit of salt and make a hash using sha1 or so.

Frank Heikens  2010-08-17 06:18:46
+1  A: 

Check out PBKDF2, it is one of the correct way to do it.

tszming  2010-08-17 06:23:35
+1  A: 

If you use an algorithm like BCrypt and salt (which uses the blowfish block cipher), it makes your db pretty safe against brute force attacks. Naturally, you want to require that your users have a reasonable amount of complexity in their password, if a user's password is a its not going to take long to guess it.

If an attacker gets a copy of your db, only being able to try 10 or so passwords a second will mean it will take a real long time to gain any passwords. If you are worried about Moore's law and would like to future proof this, you can specify a cost and make the algorithm even slower.

The trouble with a pure SHA/X or MD5 password hash is that by-design these algorithms are very fast, this makes it very sensitive to brute force attacks. Of course if you don't salt your hashes there are tons of rainbow tables that make cracking all the passwords in your db trivial.

Sam Saffron  2010-08-17 06:41:18

related questions

How to become a better programmer?
Is it ethical/legal to bring your favorite code with you after a job?
What are your weakness points?
How to Crack Google?
Maven or Ant?
How to get prepared for an interview?
What else does one need on top of programming skills to be a good Technical Lead?
Why has XSLT never seen the popularity of many other languages that came out during the internet boom?
Common comment tags
Should my C# .NET team migrate to Windows Presentation Foundation?
The best way to make a new site known?
How to remain employable in the face of constant technological change
Are there benefits to Classic ASP over ASP.net
How to improve problem solving skills?
What programs should I write to truly experience this fancy new language ?
Feasability of GPU as a CPU?
What is the best way to learn recursion?
Do you consider your job evil/neutral/good ?
What "already invented" algorithm did you invent?
Best IDE's for different programming languages
Programmer’s block
Dual vs. Quadcore on a Webserver
SQLite vs MySQL
A little diversion into floating point (im)precision, part 1
Should I learn C?