| SPDX-FileCopyrightText | SPDX-License-Identifier | title | author | footer | description | keywords | color | class | style | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
© 2024 Menacit AB <[email protected]> |
CC-BY-SA-4.0 |
Practical cryptography course: Hashing for password storage |
Joel Rangsmo <[email protected]> |
© Course authors (CC BY-SA 4.0) |
Usage of cryptographic hashing for password storage |
|
#ffffff |
|
section.center {
text-align: center;
}
table strong {
color: #d63030;
}
table em {
color: #2ce172;
}
|
What happens when we login to a website?
- Client submit their username and password
- Server checks if the submitted password matches the one stored for the user
Okay, so the server must store all passwords.
Can't we just symmetrically encrypt them?
Server needs plaintext of passwords to enable comparison.
Encrypted data must be "unlocked", which means that the key is typically stored in memory.
Sounds scary.
The same hash function input data should always result in the same output, right?
Wasn't a nick-name for hashing "one-way encryption"?
if (
sha256($submitted_password) ==
$stored_password_hash) {
accept_login()
} else {
deny_login()
}
Boom! Let's call it day, shall we?
Not quite.
Users using the same password will have the generated same hash.
Hashes can be pre-calculated ("rainbow tables").
Users using the same password will have the same hash.
Hashes can be pre-calculated ("rainbow tables").
Let me introduce you to salting!
Random data mixed into the password hashing.
if (
sha256($stored_salt + $submitted_password) ==
$stored_password_hash) {
accept_login()
} else {
deny_login()
}
- Quite random
- Unique per user
- Accessible to application in plaintext
$ sudo head --lines 1 /etc/shadow
root:$y$j9T$P.lVRC/J.KNiBHMob7uli[...]
Guessing the password that matches a hash ("hash cracking") should require lots of compute.
The same hash function can be used multiple times ("rounds") to increase cost.
Consider using a purpose built solution like bcrypt.
Doesn't fully mitigate the risks of password theft.
An attacker with system access may be able to modify the application to log password input.
Effectively turns generated hash into a password.
Allows server to never gain access to plaintext password, minimizing consequences of breach.
Beware that the client-side code can be modified by a compromised server in web apps.
