Archive for January, 2012

SALT

Posted in Application, Encryption, JAVA on January 26, 2012 by keizer

salt

Hashing – Using SALT properly

Technically, the salt should be unique. The point of the salt is to be individual for each hashed password. The best way to do it is using a random selection with an unpredictable random generator, preferably within a salt space large enough to make collisions improbable (two instances using the same salt value).

Well, sometime it is tempting to try to create a salt from some data which is “presumably unique”, such as the user ID, but it is WRONG! here is why:

1. If you use for example the user ID, an attacker can just pre create a tables for user IDs 1 to 9999 – since a user ID is unique only per system but not worldwide.

2. The same applies to the username: there is one “root” per Unix system, but there are many roots in the world – a rainbow table for “root” could be applied to millions of systems and thus probably have been generated already. Worse yet, there are also many “bob”s and “john”s, and their passwords could be quite weak.

3. Sometimes, users change their password. For each new password, a new salt must be selected – otherwise, an attacker obtained the hash of the old password and the hash of the new could try to attack both simultaneously.

Here is an example for how to use salt:

import java.security.MessageDigest;

public byte[] getHash(String password, byte[] salt) {
MessageDigest digest = MessageDigest.getInstance(“SHA-256”);
digest.reset();
digest.update(salt);
return digest.digest(password.getBytes(“UTF-8”));
}

To slow down the computation it is recommended to iterate the hash operation n times. While hashing the password n times does slow down hashing for both attackers and typical users, typical users don’t really notice it being that hashing is such a small percentage of their total time interacting with the system. On the other hand, an attacker trying to crack passwords spends nearly 100% of their time hashing so hashing n times gives the appearance of slowing the attacker down by a factor of n while not noticeably affecting the typical user.
The stored password looks like this : Hash(hash(hash(hash(……….hash(password||salt)))))))))))))))

and the implementations should be as follows:


import java.security.*;

public byte[] getHash(int iterationNb, String password, byte[] salt) {
MessageDigest digest = MessageDigest.getInstance(“SHA-1”);
digest.reset();
digest.update(salt);
byte[] input = digest.digest(password.getBytes(“UTF-8”));
for (int i = 0; i < iterationNb; i++) {
digest.reset();
input = digest.digest(input);
}
return input;
}

Thanks also to: OWASP

Advertisements