#1
  1. Plays with fire
    Devshed Novice (500 - 999 posts)

    Join Date
    Aug 2003
    Location
    Barsoom
    Posts
    942
    Rep Power
    96

    Conflicting opinions on SALT


    So I'm rebuilding a site that has a login system but doesn't really store anything too secure. No CCs, SSNs, nothing but names and addresses, really.

    Reading up on hashes and salts, I'm getting a lot of conflicting opinions on the best places to store these. Can anyone give me some better direction on this please?

    If I hash everyone's password with a unique salt, is it okay to store the salt in the DB with the encrypted password?

    How secure is it really to store the hash in a file outside the web-browsable folders? I'd still need to include that file to use it and by including it, I'm revealing the location of it. So a hacker could just include that same file with a script of his own and do what he wants, right?

    Really don't want to stir up a hornet's nest here, but could use a straightforward answer.

    Thanks in advance.
    “Be ashamed to die until you have won some victory for humanity.” -- Horace Mann

    "...all men are created equal." -- US Declaration of Independence
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Hi,

    you can store the salt together with the hash. It does not have to be secret. Its sole purpose is to prevent attacks on all hashes at once -- which it does by its mere existence.

    The actual problem is that obviously you're trying to write your own algorithm. That's a bad idea. Use an established algorithm like bcrypt. This will take care of everything and store the hash and the salt in a handy string.

    Storing the hashes in a file is nonsense. The database allows for much finer access control and is obviously easier to handle.
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  4. #3
  5. Plays with fire
    Devshed Novice (500 - 999 posts)

    Join Date
    Aug 2003
    Location
    Barsoom
    Posts
    942
    Rep Power
    96
    I was actually planning to use something like this:

    Code:
    $pw=hash('sha512',$salt.'some password');
    where the $salt would be some long randomly generated string.

    I don't always have access to the server so installing bcrypt isn't always an option. I should be able to in this case, though. Thanks for the pointer.
    “Be ashamed to die until you have won some victory for humanity.” -- Horace Mann

    "...all men are created equal." -- US Declaration of Independence
  6. #4
  7. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Originally Posted by Frank Grimes
    I was actually planning to use something like this:

    Code:
    $pw=hash('sha512',$salt.'some password');
    No, don't use that. General purpose hash algorithms like MD5, SHA etc. are absolutely unsuited for password hashing. They can easily be cracked with stock hardware by simply trying out all possible combinations.

    The problem is that SHA-512 (and the other algorithms) are designed to be fast and efficient. Password hashing algorithms are supposed to be slow and take up a lot of resources to prevent brute force attacks. So obviously you can't interchange one for another.

    There's this myth that MD5 is somehow "bad", while SHA-512 is "good" and secure. That's not the case. SHA-512 is indeed several times slower than MD5, so it will withstand brute force attacks a bit longer. But that hardly makes a difference.

    If you're interested in concrete figures, google for "hashcat". Given the throughput, you can easily calculate how long it takes to, for example, try out all passwords consisting of 6 alphanumerics. You'll be surprised!



    Originally Posted by Frank Grimes
    I don't always have access to the server so installing bcrypt isn't always an option. I should be able to in this case, though. Thanks for the pointer.
    bcrypt is built into PHP. If you have any current version >= 5.3.7, all you need to do is put the above script into the document root.
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  8. #5
  9. Plays with fire
    Devshed Novice (500 - 999 posts)

    Join Date
    Aug 2003
    Location
    Barsoom
    Posts
    942
    Rep Power
    96
    My work sent me a three-day class on web security and one of the things the instructor said was how passwords are useless. Anyone can rent a wall of servers from Amazon for 15 minutes and brute force their way in. That seems easier to do now with GPUs and whatever.

    He suggested, instead, we use passphrases. Something like "You're gonna need a bigger boat" is harder to brute force, but everywhere I read people say this is more open to dictionary attacks. So they say use a good hash with a salt, but I wonder if someone has access to your server it doesn't seem to matter what that is.

    I remember developing websites when the worst thing I had to code for was Mac IE compatibility.
    “Be ashamed to die until you have won some victory for humanity.” -- Horace Mann

    "...all men are created equal." -- US Declaration of Independence
  10. #6
  11. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    I'm very sceptical about that passphrase stuff. The people cracking hashes aren't stupid. They are well aware of this idea, so that's the first thing they'll try -- including "clever" substitutions like "E" -> "3" or "A" -> "4". But end users do tend to be stupid or at least not very creative. So I fear many passphrases aren't much better than "1 l0v3 my w1f3" or something, which is of course no real improvement over "classical" passwords.

    I think the best practical solution at the time is using a password safe like KeePass and generating random passwords within the full range of visible ANSI characters. A strong random password and a strong hash algorithm makes it impossible for an average attacker to simple brute force the whole database -- which is probably the danger most of use face.

    Sure, there is no perfect security. But that doesn't mean we're all helpless. If people actually used the protection that's currently available, "hacking" a website would be much, much harder. But reality is, many "developers" still run around using MD5 (or even plaintext passwords) and inserting raw URL parameters into queries. So that seems to be the actual issue. We have the defenses, but they're still not being used everywhere.
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  12. #7
  13. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,846
    Rep Power
    6351
    My work sent me a three-day class on web security and one of the things the instructor said was how passwords are useless. Anyone can rent a wall of servers from Amazon for 15 minutes and brute force their way in. That seems easier to do now with GPUs and whatever.
    This instructor may be interested to learn that you can rate limit login attempts, use captchas on repeated failed logins, and automatically block IPs which have failed logins too many times.

    Passwords are useless, what a crock.
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  14. #8
  15. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Originally Posted by ManiacDan
    This instructor may be interested to learn that you can rate limit login attempts, use captchas on repeated failed logins, and automatically block IPs which have failed logins too many times.
    Um, I doubt anybody is actually going to use the login form to do a brute force attack.

    The throughput is laughable, you'll be detected immediately (this is more of a DoS attack than a brute force attack), and the webmaster can easily slow down the process so that it's just impossible to "crack" anything beyond "123456".

    Sure, captchas might be helpful to protect extremely weak passwords against naive attacks consisting of someone actually trying out some passwords "by hand". But that's hardly the main danger. If it was, we wouldn't be talking about hashes and salts at all, because those do nothing to protect the form.
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  16. #9
  17. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4123
    a user may use a login form, but the login form still posts to a script somewhere on your server....and this is where the attacks will be directed.

    The idea of banning IPs after multiple failed attempts or the use of a captcha is to prevent access to the script that is the actual gateway to the database (where the login logic is)

    For example, if there are 3 failed logins for a username from the same IP or within a certain time frame then the login logic must first check for the existence of a session variable that shows a captcha was entered correctly...or if the IP was the same ban it for 5 minutes ... or if the IPs are different within a time frame then ..... get creative!
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]
  18. #10
  19. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,846
    Rep Power
    6351
    Maybe the instructor was starting with the assumption that a database has already been fully and entirely compromised. The "rent cloud servers for 4 hours and crack all the passwords" story is sometimes used to describe cracking an entire compromised database full of passwords.

    Either way, passwords are here to stay, at least until we get reliable biometrics on every computer, phone, and terminal in the world. And since you're using a password (or passphrase, depending on what the user chooses to type into the box), current best practices demand that you use a unique salt.
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  20. #11
  21. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4123
    I did something like this once, but could get my head round the maths for if was ok or a blatent hole

    PHP Code:
    //password to store in DB
    $password sha1($_POST['password'].md5($_POST['password']))."-".md5($_POST['password'].sha1($_POST['password'])); 
    ie the salt is a hash of the password using a different hash algo

    At the time I was using a salt to avoid collisions and using both the md5 and sha1 alogos as a collision in both is so much less probable.
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]
  22. #12
  23. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Originally Posted by Northie
    ie the salt is a hash of the password using a different hash algo
    There is no salt at all, this is a fixed scheme. A salt is a random string, which is completely independent from the password.

    So this is a logical error completely voiding the whole concept. As a layman (which we all are), don't try to invent your own algrorithms, protocols etc. It doesn't work. We leave heart surgeries to the doctors, so let's leave cryptography to the cryptographers.

    The problem of security is that even the smallest mistake can break the whole thing. This is not like programming, which (usually) hase a certain error margin.
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  24. #13
  25. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    As a layman (which we all are)
    It's not inconceivable that some people actually do know what they're talking about. Cryptography is both complicated and important, but so are a lot of other things that people can learn to understand. Virtually all cryptographers are programmers, albeit usually programmers with math degrees, since it's virtually impossible to do anything with modern cryptography without writing a computer program to do it.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  26. #14
  27. Mad Scientist
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Oct 2007
    Location
    North Yorkshire, UK
    Posts
    3,661
    Rep Power
    4123
    and I do have a maths-related degree and have played with alternative hashing algorithms. I'm currently I'm working on a principle using matrix multiplications....it produces results for small datasets, but large ones are currently producing rubbish...its a work in progress type thing
    I said I didn't like ORM!!! <?php $this->model->update($this->request->resources[0])->set($this->request->getData())->getData('count'); ?>

    PDO vs mysql_* functions: Find a Migration Guide Here

    [ Xeneco - T'interweb Development ] - [ Are you a Help Vampire? ] - [ Read The manual! ] - [ W3 methods - GET, POST, etc ] - [ Web Design Hell ]
  28. #15
  29. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    No offense, but I don't think any of us has profound crypto knowledge. And even if we had: crypto algorithms require thorough peer-reviews and lots and lots of testing. Have you followed the SHA-3 competition? Have you seen how many submissions have turned out to be broken in the process? And those are actual algorithms developed by actual cryptographers.

    To be honest, I don't understand why everybody needs to write their own hash algorithm. We already have several solid, well-tested and time-proven algorithms. Why not simply use them? Do you really think yours will be better? I doubt that. If you're really, really smart, the best you'll do is reinvent the wheel. If you're averagely smart, you'll invent yet another flawed SHA/MD5/... combination like so many people before you.

    Don't get me wrong: It's great to play with hash algorithms. It's certainly a lot of fun to write your own MD5 implementation of something. But please don't do those experiments on a live website with actual users.
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".

IMN logo majestic logo threadwatch logo seochat tools logo