![]() Now imagine that the attacker already has a bunch of unsalted MD5 hashes from a previous breach, that for whatever reason they haven’t cracked yet. Imagine that an attacker compromises your database and gets hold of this list of bcrypt(md5(password)) password hashes. This is where “hash shucking” (or “password shucking”) enters the picture. After all, if someone gets a copy of your password database they will be faced with a list of hard-to-crack bcrypt hashes, rather than raw unsalted MD5 or SHA-1 or whatever. On the face of it, this seems like a reasonable and safe thing to do. ![]() This was also sometimes done when an old insecure password database using something like unsalted MD5 was upgraded by simply re-hashing the existing hashes with bcrypt: md5(password) -> bcrypt(md5(password)). That is, rather than the stored password hash being bcrypt(password) it was bcrypt(sha256(password)) or something similar. To get around this, it was common advice at one point to “pre-hash” the input using some other fast hash function like SHA-256. ![]() (And some implementations are not binary safe either). As pointed out in the cheat sheet, many implementations cannot handle input passwords longer than 72 bytes. Bcrypt is generally an ok choice, but it has some quirks that make it hard to love. One of the hash functions that OWASP recommend is bcrypt, which should be familiar to anyone who’s ever looked at password hashing. If you’re using a password to encrypt sensitive data then you should be aware of some limitations). (Just bear in mind that the recommendations there are when using password for authentication. The editors do a great job of keeping it up to date and incorporating the latest research from experts. ![]() These cheat sheets are generally pretty good, and the password storage one is particularly good. If you want to learn how to store passwords securely, you could do a lot worse than looking at the OWASP Password Storage Cheat Sheet. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |