Rijndael algorithm alternative for password hashing

3
votes

When I choose password encryption, I have found that Rijndael algorithm is one of the best encryption which cannot be cracked through brute force attack.

So I have choosen Rijndael algorithm for user's password encryption.

Now I have identified that, hashing (Irreversible) is more secure than encryption (Reversible) [Please correct me if I am wrong]

Here my question is,

  1. Can I go with the existing implementation Rijndael algorithm
  2. If I should not do encryption, Which one should be a best hashing algorithm.

I have referred the following website when implementing Rijndael algorithm.

http://msdn.microsoft.com/en-us/library/system.security.cryptography.rijndael(v=vs.110).aspx

How to generate Rijndael KEY and IV using a passphrase?

http://www.obviex.com/samples/encryption.aspx

2
c#algorithmsecurityencryptionhash
I'm voting to close this question as off-topic because this was discussed at length on Information Security: How to securely hash passwords? and Is AES encrypting a password with itself more secure than SHA1? and Do any security experts recommend bcrypt for password storage?Artjom B.
Putting password hashing aside, the sources you linked don't describe secure encryption.CodesInChaos
while it is probably possible to implement something safe by abusing Rijndael as a hash, don't roll your own methods, use something that doesn't store the password at all, like a pbkdf or scryptdandavis

2 Answers

4
votes

OWASP lists some good practices for password storage.

You basically apply a protection_function to convert the credential to a protected form: [protected form] = [salt] + protect([protection func], [salt] + [credential]);

You also add a salt so two versions of the same credential have a different stored form.

They also list the order in which you should choose hashing functions (yes, hashing is better than encrypting so that the password cannot be reverse engineered, even by the website owner). Argon2 and PBKDF are generally good choices for a protection_function.

Read the rest of the guide too. Also this related Security SE post about why AES (i.e. Rijndael) encrypted password storage is worse than even a not-so-strong hash (@Salvador's comment).

3
votes

The problem with encryption is, that when an attacker get the key, he can decrypt all passwords of the database in no time, and therefore knows the original passwords which can be tried on other sites.

Since hashing is irreversible (there is no way to get back the original password), an attacker cannot use the hashes, even if he has control over the server. The same goes for the owner of the site.

Today recommended algorithms are BCrypt, PBKDF2 and SCrypt, all of them have a cost factor which controls the necessary time to calculate a single hash. The longer it needs, the more difficult it will be to brute-force.