Re: Hash salt (was Re: BCRYPT - Why not using it?)

To: debian-user@lists.debian.org
Subject: Re: Hash salt (was Re: BCRYPT - Why not using it?)
From: Ron Johnson <ron.l.johnson@cox.net>
Date: Wed, 06 Apr 2011 23:52:04 -0500
Message-id: <[🔎] 4D9D42F4.90706@cox.net>
In-reply-to: <[🔎] 201104062240.58526.bss@iguanasuicide.net>
References: <[🔎] 12f2c1f59d1.4865454608629713324.-8332657789241621968@zoho.com> <[🔎] 20110407011939.GP6421@poseidon.cocyt.us> <[🔎] 4D9D1B22.2010608@cox.net> <[🔎] 201104062240.58526.bss@iguanasuicide.net>

On 04/06/2011 10:40 PM, Boyd Stephen Smith Jr. wrote:

In<[🔎] 4D9D1B22.2010608@cox.net>, Ron Johnson wrote:

On 04/06/2011 08:19 PM, Aaron Toponce wrote:

First, if you don't have the salt, but you do have the hash, then a
rainbow table attack is completely pointless.


The OS must store the salt somewhere, in order to correctly authenticate
the user when he logs in.  But I've never heard of /etc/hashsalt so what
am I misunderstanding?


The value stored in /etc/shadow is both the salt + the encrypted
salt+password.  This allows a process with read access to /etc/shadow to
easily read the shadow, encrypt the salt + provided password, and compare the
result to the encrypted salt+password.  The salt is randomly generated each
time the password is set, and it (usually) different for each entry in
/etc/shadow.

Is the salt just bits that are either pre- or suffixed to your passwordbefore being run through the hashing function?

This increases the size of a rainbow table by a factor of 2^(bits in salt),
effectively stopping the attack for all but the most high-profile target with
just an 8-bit salt.  I'm not sure how many bits are used in a modern salt, but
I think it is somewhere between 48-bits and 64-bits.

The first 3 characters of every hash in my /etc/shadow are the same.That's what, 24 bits?


Salted MD5 is still considered secure, even with the known attacks against
MD5.  Salted SHA1 has no attacks more effective than brute-force.  I'd like to
believe that shadow passwords will more to SHA3 within 2-3 releases after SHA3
is finalized.  At the current rate of attack improvements against MD5, that
should be plenty of time.

But if you're machine is rooted then (besides having lots of otherproblems) the attacker has your system-wide salt. (But the rainbowtable would still be unimaginably huge...)


--
"Neither the wisest constitution nor the wisest laws will secure
the liberty and happiness of a people whose manners are universally
corrupt."
Samuel Adams, essay in The Public Advertiser, 1749

Reply to:

Follow-Ups:
- Re: Hash salt (was Re: BCRYPT - Why not using it?)
  - From: Aaron Toponce <aaron.toponce@gmail.com>

References:
- BCRYPT - Why not using it?
  - From: johhny_at_poland77 <johhny_at_poland77@zoho.com>
- Re: BCRYPT - Why not using it?
  - From: Aaron Toponce <aaron.toponce@gmail.com>
- Hash salt (was Re: BCRYPT - Why not using it?)
  - From: Ron Johnson <ron.l.johnson@cox.net>
- Re: Hash salt (was Re: BCRYPT - Why not using it?)
  - From: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>

Prev by Date: Re: Hash salt (was Re: BCRYPT - Why not using it?)
Next by Date: Re: Hash salt (was Re: BCRYPT - Why not using it?)
Previous by thread: Re: Hash salt (was Re: BCRYPT - Why not using it?)
Next by thread: Re: Hash salt (was Re: BCRYPT - Why not using it?)
Index(es):
- Date
- Thread