2
votes

Before i start, i know the MD5 is compromised (collision attack and speed of hashing) and shouldn't be used to hash passwords, but just for the sake of it, bear with me.

My questions are: How does the salt position when hashing with md5 affects the "quality" or the "strength" of the hash?

Say i have the the following piece of code, which hashes a users password using parts of his email address as salt:

<?php
    $email = '[email protected]';
    $password = 'RandomPassWithChars';

    $segments = explode('@', $email);
    list($saltPart1, $saltPart2, $saltPart3) = $segments;

    $hash = md5($saltPart1.$password.$saltPart3.$saltPart2);
?>

Is that code going to slow down a brute force / dictionary / rainbow table attack, than say:

<?php
    $password = 'RandomPass';
    $salt     = 'RandomSaltStoredInTheDatabase';
    $hash = md5($password, $salt);
?>

Is it worth trying to salt a password like in the first code or it yelds the same result as the second code? Are there any benefits from that? Does the first code delay cracking a list of passwords hashed that way than the second way of doing it?

Which leads me to a second question: Is it secure storing the salt in the database than obtaining a salt from a user id (say the email address) ? The way i see it, once an attacker has obtained a copy of the database which also cantains the salts it makes his life a little easyer trying to crack the hashes. But if the salts are not stored, the attacker would also need the algorithm that creates the salts. PLEASE CORRECT ME IF I'M WRONG.

I hope i made my self clear. Thanks for any answers in advance.

3
Security through obscurity is rarely a good idea.Wooble
@Wooble that's true, but is there any difference between the two approaches of saltingVlad Balmos
MD5 is NOT compromised when it comes to password hashing, there's no preimage on MD5. It IS, however, compromised when it comes to cryptography because of collision attacks. Having that in mind, I still think I wouldn't use it.Adi
my bad, when i said compromised i was thinking speed of hasing and collisionsVlad Balmos

3 Answers

8
votes

First question:

The position of the salt has no impact on the security of a particular hash. A good hash function has perfect entropy, in that for every input bit that changes, each output bit has a 50% chance of changing.

Any possible security benefit from a certain order would be entirely from the relative slowness of the algorithm used to concatenate the salt with the prospective password (e.g. if "password" . "salt" is slower than "salt" . "password", use the former). However, most programming languages don't have that kind of performance 'issue'.

Second question:

If the salt is stored explicitly in the database, the attacker will know the salt, and be able to launch a brute-force hashing attack. If the salt is unknown, a brute-force password attack can still be used (though this can easily be rendered ineffective by inserting delays between attempts). Also, the attacker may be able to reverse engineer the program and retrieve the hash field.

As for the security of the hash, if the user has the same email and password two different places, this negates one of the benefits of a random salt, in that the same hash will be visible both places.

Personally, I think the best method for hashing is to use:

"password" . "salt" . "internalconstantvalue"

This has the benefit of being simple, and no less secure than most other methods of security.

1
votes

It depends on whether the attacker tries to bypass your security or if he tries to find the password.

If the attacker relies on finding a collision with a given hash of your database thanks to the cryptographic weakness of the hashing algorithm , the salt will not have any effect : I have a bunch of bits and I'd like to find some input to the XXX hash algorithm which give me the same bunch of bits in the output.

If he is trying to bruteforce the password by trying each of the possible combinations then any information he could gather on the original password will help :

  • Length
  • Composition (alpha-numerics characters, special symbols, ...)
  • Salt
  • ...

By creating your own salt algorithm you are in fact trying to do security through obfuscation, which will indeed limit anyone who doesn't know your algorithm from bruteforcing the password, but it doesn't strengthen the hashing algorithm.

0
votes

When you work on password security, always assume that if the attacker has access to your Database then he has access to your code.

So when it comes to salting, just generate a hash of a random value (say, mcirotime()) and use it to salt the password before hashing and store it in the database in a column next to the password.

When it comes to adding the hash to the password, my personal opinion is that it doesn't really matter if you put it first or last or in the middle.

Do you want security? then use a slow hashing algorithm, I highly recommend PHPass as it uses bcrypt (Blowfish-based) as the default hashing algorithm.