Comments on: Username as password salt http://www.callum-macdonald.com/2008/06/13/username-as-password-salt/ Callum's musings on the world at large... Fri, 21 Nov 2008 10:33:26 +0000 http://wordpress.org/?v=2.6.3 By: Jeremy http://www.callum-macdonald.com/2008/06/13/username-as-password-salt/#comment-31438 Jeremy Wed, 05 Nov 2008 07:16:13 +0000 http://www.callum-macdonald.com/?p=616#comment-31438 Or if you use uniqueidentifiers, use that for the salt Or if you use uniqueidentifiers, use that for the salt

]]> By: Callum http://www.callum-macdonald.com/2008/06/13/username-as-password-salt/#comment-28148 Callum Sun, 15 Jun 2008 02:52:12 +0000 http://www.callum-macdonald.com/?p=616#comment-28148 @<a href="http://www.callum-macdonald.com/2008/06/13/username-as-password-salt/#comment-28147" rel="nofollow">Morgan Tocker</a>: Thanks for chiming in. It's true that you could build your own hash database, but would it not be prohibitively expensive (time and disk wise)? I thought the beauty of rainbow table attacks is that you precompute the rainbow table once, then you can store it indefinitely. Whereas I haven't heard the argument that the principle of hashing in itself is flawed. I understood that passwords were stored as salted hashes so that a rainbow table would be useless. In effect, an attacker would need to generate a new rainbow table for every user, which would be prohibitively expensive. I think I'll go with something like md5( username . password . domain ). It would be possible from that data to break the passwords, but it would require a *huge* amount of work. @Morgan Tocker: Thanks for chiming in.

It’s true that you could build your own hash database, but would it not be prohibitively expensive (time and disk wise)? I thought the beauty of rainbow table attacks is that you precompute the rainbow table once, then you can store it indefinitely. Whereas I haven’t heard the argument that the principle of hashing in itself is flawed.

I understood that passwords were stored as salted hashes so that a rainbow table would be useless. In effect, an attacker would need to generate a new rainbow table for every user, which would be prohibitively expensive.

I think I’ll go with something like md5( username . password . domain ). It would be possible from that data to break the passwords, but it would require a *huge* amount of work.

]]> By: Morgan Tocker http://www.callum-macdonald.com/2008/06/13/username-as-password-salt/#comment-28147 Morgan Tocker Sun, 15 Jun 2008 02:45:18 +0000 http://www.callum-macdonald.com/?p=616#comment-28147 It's not devoid of use, but As Alex pointed out - it's probably better to keep that known constant hidden and treat it like a password in itself. That way nobody else can build their own hash database (easily) by just starting from MD5(salt . 'a') .. MD5(salt . 'b') etc. FWIW, the largest hash database I know of is Gdata (http://gdataonline.com/). Presumably from their homepage they have 670M hashes - which is just a bit less than 64^5. The storage cost for 64^5 is 4G just for the hashes - and for 64^6 it's 256G, so it starts to get expensive quickly. It’s not devoid of use, but As Alex pointed out - it’s probably better to keep that known constant hidden and treat it like a password in itself. That way nobody else can build their own hash database (easily) by just starting from MD5(salt . ‘a’) .. MD5(salt . ‘b’) etc.

FWIW, the largest hash database I know of is Gdata (http://gdataonline.com/). Presumably from their homepage they have 670M hashes - which is just a bit less than 64^5.

The storage cost for 64^5 is 4G just for the hashes - and for 64^6 it’s 256G, so it starts to get expensive quickly.

]]> By: Callum http://www.callum-macdonald.com/2008/06/13/username-as-password-salt/#comment-28140 Callum Fri, 13 Jun 2008 08:43:58 +0000 http://www.callum-macdonald.com/?p=616#comment-28140 An excellent point Alex, I knew you'd chime in with something useful! :) So simply combining the two would not provide adequate protection against rainbow attacks. Very true. But the two combined with a known constant, such as the site URL, would presumably overcome this issue. Each record would be individually unique, and the whole namespace would also be globally unique. An excellent point Alex, I knew you’d chime in with something useful! :)

So simply combining the two would not provide adequate protection against rainbow attacks. Very true. But the two combined with a known constant, such as the site URL, would presumably overcome this issue. Each record would be individually unique, and the whole namespace would also be globally unique.

]]> By: Alex http://www.callum-macdonald.com/2008/06/13/username-as-password-salt/#comment-28139 Alex Fri, 13 Jun 2008 08:40:38 +0000 http://www.callum-macdonald.com/?p=616#comment-28139 ... only that the username is frequently a known quantity, particularly for users such as 'admin' or 'root' that you might reasonably want to attack. Since the point of salt is to eliminate pre-calculated hashes being used in a dictionary attack, it doesn't help when a set of pre-calculated hashes can be created with the salt 'admin' or 'root'. … only that the username is frequently a known quantity, particularly for users such as ‘admin’ or ‘root’ that you might reasonably want to attack. Since the point of salt is to eliminate pre-calculated hashes being used in a dictionary attack, it doesn’t help when a set of pre-calculated hashes can be created with the salt ‘admin’ or ‘root’.

]]>