password hashing, salting, bycrpt
TRANSCRIPT
Recommendation on Password Hashing,
Salting, BycrptAhmad Karawash
PhD in Technology of Information, Book Editor,
CCA, Latece, ACM & IEEE member
12/18/2015 1
Overview• Introduction
• Hashing
• Fixed Salting
• Per user Salting
• Bcrypting
• Recommendations
12/18/2015 2
Introduction
• The most important aspect of a user account system is how user passwords are protected.
• User account databases are hacked frequently, so you absolutely must do something to protect your users' passwords if your website is ever breached.
• The best way to protect passwords is to employ salted password hashing.
12/18/2015 3
Hashing
• Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string.
• Fast Hashing Algorithms:• Md5
• Sha1
• sha256
12/18/2015 4
Username sha1(password)
[email protected] 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
[email protected] cbfdac6008f9cab4083784cbd1874f76618d2a97
…. …..
How password hashing works?
• The user creates an account.
• Their password is hashed and stored in the database.
• When the user attempts to login, the hash of the password they entered is checked against the hash of their real password (retrieved from the database).
• If the hashes match, the user is granted access. If not, the user is told they entered invalid login credentials.
• Steps 3 and 4 repeat every time someone tries to login to their account.
12/18/2015 5
Weakness: How password hashing is hacked?The simplest way to crack a hash is to try to guess the password, hashing each guess, and checking if the guess's hash equals the hash being cracked.
The two most common ways of guessing passwords are
• Dictionary Attacks
• Brute Force Attacks
• Lookup Tables
• Reverse Lookup Tables
• Rainbow Tables
12/18/2015 6
Hashing result
• Storing a simple hash is not secure -- if a hacker gains access to your database, they'll be able to figure out the majority of the passwords of the users.
12/18/2015 7
1st Enhancement: Adding Fixed Salt to fast hashing• Randomize the hashes by appending a random long string, called
a salt, to the password before hashing.
• If the hacker gains access to password hashes (but not the salt), it will make it much more difficult for the hacker to guess the passwords because they would also need to know the salt.
12/18/2015 8
Username sha1("salt123456789" + password)
[email protected] 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
[email protected] cbfdac6008f9cab4083784cbd1874f76618d2a97
…. …..
Weakness of fixed salt
• if the hacker has broken into your server, they probably also have access to your source code as well, so they'll learn the salt too.
12/18/2015 9
2nd Enhancement: Add Per_UserSalt to fast hashing• Create a new column in the database and store a different salt for
each user. The salt is randomly created when the user account is first created when the user changes their password.
12/18/2015 10
Username sha1("salt" + password) salt
[email protected] 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 3r3erererwe3
[email protected] cbfdac6008f9cab4083784cbd1874f76618d2a97 effe4f34w3fg3
…. ….. …..
Benefit of Per_User salt
• The hacker can't attack all of your user's passwords at the same time
• So basically, if you have 1 million users, having a per-user-salt makes it 1 million times harder to figure out the passwords of all your users.
• But this still isn't impossible for a hacker to do. Instead of 1 cpu-hour, now they need 1 million cpu-hours, which can easily be rented from Amazon for about $40,000.
12/18/2015 11
3rd enhancement: USE Bcrypt OR PBKDF2 for Slow HAshing• Bcrypt is a cross platform file encryption utility.
• It takes about 100ms to compute, which is about 10,000x slower than sha1(). 100ms is fast enough that the user won't notice when they log in, but slow enough that it becomes less feasible to execute against a long list of likely passwords.
• For instance, if a hacker wants to compute bcrypt() against a list of a billion likely passwords, it will take about 30,000 cpu-hours (in AWS about $1200) -- and that's for a single password.
12/18/2015 12
benefits
• Besides incorporating a salt to protect against rainbow table attacks, Bcrypt & PBKDF2 is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power.
12/18/2015 13
Username $bcrypt_id$Log_rounds$128-bit-salt 184-bit-hash
[email protected] $2a$12$ffdfd5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
[email protected] $3d$12$cbfdac6008f9cab4083784cbd1874f76618d2a97ffdfr
…. …..
Recommendation
• Don’t use any of these Fast Hashing Algorithms:• Md5
• Sha1
• sha256
• Also, the web is full of bad recommendation about using these hashing functions.
12/18/2015 14
Recommendation
• Bcrypt or PBKDF2 are better even if they are slower.
• Slower does not means it will be noticed by the client (only 100 ms).
• You can control the hashing speed easily by providing the log_roundsvalue, because it apply a loop of successive hashing by a maximum of 13 round.
12/18/2015 15
Recommendation
1. USE a slow hashing functions like Bcript
2. Create a new column in different (or same) database to store a different salt for each user.
• The salt is randomly created when the user account is first created when the user changes their password.
• Proposed Result:• Attacker face a slow hashing
• Attacker can’t hack all password once, but one by one in the worst case.
12/18/2015 16
Recommendation
12/18/2015 17
Id_S1 Username $bcrypt_id$Log_rounds$128-bit-salt 184-bit-hash
Id_S2
$5b$12$aa61e4c9b93f3682250b6cf 2
[email protected] $cb$12$fdac6008f9cu4083784cb78u 1
…. …. …..
Id_S2 Different_salt
1 3r3erererwe3
2effe4f34w3fg3
….. ….
Table SaltTable Advanced Salt
DB 2
DB 1