Recommendation on Password Hashing,

Salting, BycrptAhmad Karawash

PhD in Technology of Information, Book Editor,

CCA, Latece, ACM & IEEE member

12/18/2015 1

Overview• Introduction

• Hashing

• Fixed Salting

• Per user Salting

• Bcrypting

• Recommendations

12/18/2015 2

Introduction

• The most important aspect of a user account system is how user passwords are protected.

• User account databases are hacked frequently, so you absolutely must do something to protect your users' passwords if your website is ever breached.

• The best way to protect passwords is to employ salted password hashing.

12/18/2015 3

Hashing

• Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string.

• Fast Hashing Algorithms:• Md5

• Sha1

• sha256

12/18/2015 4

Username sha1(password)

john@hotmail.com 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8

betty@gmail.com cbfdac6008f9cab4083784cbd1874f76618d2a97

…. …..

How password hashing works?

• The user creates an account.

• Their password is hashed and stored in the database.

• When the user attempts to login, the hash of the password they entered is checked against the hash of their real password (retrieved from the database).

• If the hashes match, the user is granted access. If not, the user is told they entered invalid login credentials.

• Steps 3 and 4 repeat every time someone tries to login to their account.

12/18/2015 5

Weakness: How password hashing is hacked?The simplest way to crack a hash is to try to guess the password, hashing each guess, and checking if the guess's hash equals the hash being cracked.

The two most common ways of guessing passwords are

• Dictionary Attacks

• Brute Force Attacks

• Lookup Tables

• Reverse Lookup Tables

• Rainbow Tables

12/18/2015 6

Hashing result

• Storing a simple hash is not secure -- if a hacker gains access to your database, they'll be able to figure out the majority of the passwords of the users.

12/18/2015 7

1st Enhancement: Adding Fixed Salt to fast hashing• Randomize the hashes by appending a random long string, called

a salt, to the password before hashing.

• If the hacker gains access to password hashes (but not the salt), it will make it much more difficult for the hacker to guess the passwords because they would also need to know the salt.

12/18/2015 8

Username sha1("salt123456789" + password)

john@hotmail.com 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8

betty@gmail.com cbfdac6008f9cab4083784cbd1874f76618d2a97

…. …..

Weakness of fixed salt

• if the hacker has broken into your server, they probably also have access to your source code as well, so they'll learn the salt too.

12/18/2015 9

2nd Enhancement: Add Per_UserSalt to fast hashing• Create a new column in the database and store a different salt for

each user. The salt is randomly created when the user account is first created when the user changes their password.

12/18/2015 10

Username sha1("salt" + password) salt

john@hotmail.com 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 3r3erererwe3

betty@gmail.com cbfdac6008f9cab4083784cbd1874f76618d2a97 effe4f34w3fg3

…. ….. …..

Benefit of Per_User salt

• The hacker can't attack all of your user's passwords at the same time

• So basically, if you have 1 million users, having a per-user-salt makes it 1 million times harder to figure out the passwords of all your users.

• But this still isn't impossible for a hacker to do. Instead of 1 cpu-hour, now they need 1 million cpu-hours, which can easily be rented from Amazon for about $40,000.

12/18/2015 11

3rd enhancement: USE Bcrypt OR PBKDF2 for Slow HAshing• Bcrypt is a cross platform file encryption utility.

• It takes about 100ms to compute, which is about 10,000x slower than sha1(). 100ms is fast enough that the user won't notice when they log in, but slow enough that it becomes less feasible to execute against a long list of likely passwords.

• For instance, if a hacker wants to compute bcrypt() against a list of a billion likely passwords, it will take about 30,000 cpu-hours (in AWS about $1200) -- and that's for a single password.

12/18/2015 12

benefits

• Besides incorporating a salt to protect against rainbow table attacks, Bcrypt & PBKDF2 is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power.

12/18/2015 13

Username $bcrypt_id$Log_rounds$128-bit-salt 184-bit-hash

john@hotmail.com $2a$12$ffdfd5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8

betty@gmail.com $3d$12$cbfdac6008f9cab4083784cbd1874f76618d2a97ffdfr

…. …..

Recommendation

• Don’t use any of these Fast Hashing Algorithms:• Md5

• Sha1

• sha256

• Also, the web is full of bad recommendation about using these hashing functions.

12/18/2015 14

Recommendation

• Bcrypt or PBKDF2 are better even if they are slower.

• Slower does not means it will be noticed by the client (only 100 ms).

• You can control the hashing speed easily by providing the log_roundsvalue, because it apply a loop of successive hashing by a maximum of 13 round.

12/18/2015 15

Recommendation

1. USE a slow hashing functions like Bcript

2. Create a new column in different (or same) database to store a different salt for each user.

• The salt is randomly created when the user account is first created when the user changes their password.

• Proposed Result:• Attacker face a slow hashing

• Attacker can’t hack all password once, but one by one in the worst case.

12/18/2015 16

Recommendation

12/18/2015 17

Id_S1 Username $bcrypt_id$Log_rounds$128-bit-salt 184-bit-hash

Id_S2

1john@hotmail.com

$5b$12$aa61e4c9b93f3682250b6cf 2

2betty@gmail.com $cb$12$fdac6008f9cu4083784cb78u 1

…. …. …..

Id_S2 Different_salt

1 3r3erererwe3

2effe4f34w3fg3

….. ….

Table SaltTable Advanced Salt

DB 2

DB 1

?? @:

Ahmad.Karawash@gmail.com

12/18/2015 18