[go: up one dir, main page]
|
|
Log in / Subscribe / Register

Enforcing password strength

Enforcing password strength

Posted Oct 14, 2011 7:18 UTC (Fri) by Cato (guest, #7643)
In reply to: Enforcing password strength by Trou.fr
Parent article: Enforcing password strength

There are two much more important elements:

* Key stretching - http://en.wikipedia.org/wiki/Key_stretching - repeats the hashing/encryption operation on the plain text password thousands or millions of times to make brute forcing very slow (maybe 0.5 sec per attempt) - this is the single most important element that most systems omit. Even using SHA-512 is poor practice if it's not stretched.

* Salt - this stops the well-known rainbow table cracking attacks which can take just a second or so if the rainbow table covers the type of passwords - can be accelerated with large SSDs, search for the vendor of Ophcrack for an online test that is scarily fast. Bizarrely, even Windows 7 doesn't use salt, unlike *nix.

I find it extraordinary that so many people aren't aware of key stretching when it's so simple to implement. Any password hashing scheme that enables 'billions of operations per second' is extremely dangerous.

The stretching iterations can even be varied for each installation of a web app, making it very hard for the attacker if they are only able to retrieve the passwords via a basic SQL injection.

See http://www.openwall.com/articles/PHP-Users-Passwords for a good introduction to the concepts in the context of the excellent phpass library (adopted by Drupal and others.) It supports bcrypt, but also uses MD5, which can be quite secure with salt and enough stretching.

to post comments

Enforcing password strength

Posted Oct 14, 2011 13:27 UTC (Fri) by erwbgy (subscriber, #4104) [Link]

I hadn't heard of key stretching before so this was very useful info. Thanks.

Enforcing password strength

Posted Oct 14, 2011 15:24 UTC (Fri) by skvidal (guest, #3094) [Link] (2 responses)

Unless I've misread this:
http://stackoverflow.com/questions/6058019/storing-user-a...

it sure looks like anyone using normal crypt with $6$ is going to be key-stretched.

Enforcing password strength

Posted Oct 14, 2011 17:03 UTC (Fri) by jonabbey (guest, #2736) [Link]

Yup, the $6$ password format is about the best thing going right now. The $2a$ bcrypt algorithm is good too, but not as widely supported on Linux.

Enforcing password strength

Posted Oct 14, 2011 19:49 UTC (Fri) by Cato (guest, #7643) [Link]

That's true, but that depends on the version of glibc and whether the high level language such as Python makes it available, and of course the programmer must choose the $6$ format. PHP on some web hosts is still version 5.1 (still the standard version for RHEL 5.x), which means that phpass must use one of bcrypt, extended DES and MD5, depending on what's available.

It's best if everyone checks that the crypto library they are using makes use of key stretching - defending against FPGA attacks is particularly hard as they can be built to be very much faster than CPUs for only a few thousand USD.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds