Using a salt value

Hi,

I've been reading up on using a salt value when creating a password to make it more secure, what I can't get my head round is how do you remember this salt value?

I'm guessing that when a user logs in to be able to compare the password entered with the one in the database you would need to again add the salt value to the entered password.

Am I missing something really obvious?

Thanks in Advance

Hi,

I guess with "remember the value" you mean storing the value?

Simply create a new column next to the password column. The salt does not have to be hidden or encrypted. But it does have to be unique, long enough and "random enough" (use openssl_random_pseudo_bytes(), for example, not rand() or something).

If you're not absolutely sure what you're doing, then use a ready-made and tested library like phpass. There are a lot of things you can do wrong when implementing your own algorithm.

If you're going to do it in a more secure way, you'd use two salt values. One that's system-wide so if the database is compromised but not the system, they can't compute the password using the one stored in there, and one that's stored in the system so if the system is compromised but not the database, they can't compute it from just that one value. Of course if your system and database are both compromised... you've got bigger things to worry about then password security...

When I've done things like this I'd set it up something close to this:

I would advise you to use your own choice of hashing functions, as I know that MD5 is not secure any more, and I'm pretty sure that SHA1 isn't that far behind it, but there's more available if you look at the manual.

This second secret salt is often called "pepper". But I'm not aware of any expert promoting it, so I'd be rather sceptical about this approach. It probably won't hurt, but don't rely on it as an actual security mechanism.

Actually, when you find yourself adding all kinds of security features, stop there and use a proven algorithm instead. That's definitely more secure than some home-made solution that relies more on a feeling of security rather than actual testing by experts.





Use one of the SHA-2 function (SHA-256, SHA-512 etc.).

So what would you recommend to do instead?

I'd use the phpass library (as suggested in the previous post). It's well tested and is actually better than a standard hashing algorithm, because it uses multiple rounds to slow down the process (the number of rounds can be set).

I think that's pretty much state of the art.

Use of pepper is fine and does increase security a bit but doesn't contribute to a huge increase in security, which is why it doesn't usually get mentioned. Use of pepper without salt is insecure though; use salt or salt+pepper, but never just pepper.

Use of multiple rounds of hashing is a good recommendation as well. A single pass of something like sha256 by itself is theoretically effectively unbreakable at this time, but it's good to use a few thousands of passes instead as it will help future-proof the system.

Says who? Which authority has seriously examined this and recommends using a pepper?

Sure, the idea sounds good. But does the benefit outweigh the problem of giving up proven algorithms and relying on your home-made solution?





What? I have no idea how you came to this conclusion. SHA-2 is certainly harder to "crack" than MD5, but calling it "unbreakable" makes absolutely no sense when fast hardware is available to everybody for little money. It's just a matter of how much effort you're willing to invest. So the only serious approach is to make attacks as expensive as possible by using an algorithm that's slow and difficult to implement (that's what bcrypt, scrypt, PBKDF2 etc. are for).

None of the simple hashing algorithms like MD5, SHA-1, SHA-2 etc. is even remotely "unbreakable". They weren't even made for this kind of attack scenario. At best they're a fallback when you don't want to install an external library.

Yes, you're right about this. My recommendation to use a single pass was not a good one. I was considering the entirety of the SHA-2 keyspace rather than the subset of the keyspace that would be used for normal passwords.



Deciding to use a salt and pepper has nothing to do with giving up a proven algorithm. The algorithm is the mathematical set of steps that transforms a given string into a hash; changing the value of the original string has absolutely no impact on the underlying algorithm. Using a salt is part of the implementation of the algorithm, not part of the algorithm itself.

One of the most critical properties of a secure hashing algorithm is that knowing part of the original string does not provide you with any information about the rest of the original string. Thus mathematically a pepper can only improve the security of your system unless the underlying hashing algorithm that you're using is insecure.