Salt the passwords
This note is intended to shed light on the use of salt in password hashing. If you look at the comments on this topic habrahabr.ru/post/145642 , then there is a suspicion that some people misunderstand the purpose of salt. On examples I will try to show what this mechanism is used for. All interested in asking under the cat.
Imagine a simple authorization. A bunch of login / password values come to us from the user, we get a password hash and compare this bunch with the data stored in the database. For simplicity, we will use MD5 and PHP code examples.
In this case, if the user has the qwerty password, we will get the following hash: d8578edf8458ce06fbc5bb76a58c5ca4 . If an attacker gains access to our database, he can use ready-made services ( http://wordd.org/D8578EDF8458CE06FBC5BB76A58C5CA4 ) for selecting passwords, which already have values that give the hash, or you can download it yourself.
To protect the already existing hash tables with values, you can use a static salt:
Now with the same qwerty password we get a completely different hash bdadb0330124cda0e8499c9cd118f7bd . Ready-made tables will no longer help the attacker, he will have to use brute force. Here lies the minus of static salt: an attacker can generate his hash table with static salt and get the values of most passwords from the database. To eliminate this disadvantage, a unique salt is used for each hash:
Those. now, in addition to the login / password hash, the database will need to store the value of the generated salt for each user. Let us consider an example: we have two users: user1 and user2. Both use the qwerty password. But the first one generated salt zxcv and the second asdf . As a result, users with the same password will have different hashes: 1d8f3272b013387bbebcbedb4758586d and a192862aa3bf46dffb57b12bdcc4c199 . This gives: now you cannot generate a single hash table, to find the hash value with the dynamic salt you will need to generate All this is aimed at increasing the time of selection of values in the case of a “drain” of the base, when using “good” hashing algorithms, at least a couple of passwords can take a significant amount of time to select. It is important to understand that the generated salt protects not one single user, but all of them from the mass brutus. That's all, I want to remind you that use crypto-resistant hashing algorithms SHA1, SHA512. The MD5 used above is not desirable because declared obsolete.
Kolonist summarized well in his comment habrahabr.ru/post/145648/#comment_4894759 (for which he has a special thank you and a plus):
Again.
1. No salt - use ready-made rainbow tables.
2. There is one salt for all - we generate one rainbow table and “break” all users using it.
3. There is a separate salt for each user - separately brutforsim each user.
Imagine a simple authorization. A bunch of login / password values come to us from the user, we get a password hash and compare this bunch with the data stored in the database. For simplicity, we will use MD5 and PHP code examples.
$password = md5($password); In this case, if the user has the qwerty password, we will get the following hash: d8578edf8458ce06fbc5bb76a58c5ca4 . If an attacker gains access to our database, he can use ready-made services ( http://wordd.org/D8578EDF8458CE06FBC5BB76A58C5CA4 ) for selecting passwords, which already have values that give the hash, or you can download it yourself.
To protect the already existing hash tables with values, you can use a static salt:
$password = md5($password . "MyUniqueSault"); Now with the same qwerty password we get a completely different hash bdadb0330124cda0e8499c9cd118f7bd . Ready-made tables will no longer help the attacker, he will have to use brute force. Here lies the minus of static salt: an attacker can generate his hash table with static salt and get the values of most passwords from the database. To eliminate this disadvantage, a unique salt is used for each hash:
$sault = GenerateRandomString(); $password = md5($password . $sault); Those. now, in addition to the login / password hash, the database will need to store the value of the generated salt for each user. Let us consider an example: we have two users: user1 and user2. Both use the qwerty password. But the first one generated salt zxcv and the second asdf . As a result, users with the same password will have different hashes: 1d8f3272b013387bbebcbedb4758586d and a192862aa3bf46dffb57b12bdcc4c199 . This gives: now you cannot generate a single hash table, to find the hash value with the dynamic salt you will need to generate All this is aimed at increasing the time of selection of values in the case of a “drain” of the base, when using “good” hashing algorithms, at least a couple of passwords can take a significant amount of time to select. It is important to understand that the generated salt protects not one single user, but all of them from the mass brutus. That's all, I want to remind you that use crypto-resistant hashing algorithms SHA1, SHA512. The MD5 used above is not desirable because declared obsolete.
Kolonist summarized well in his comment habrahabr.ru/post/145648/#comment_4894759 (for which he has a special thank you and a plus):
Again.
1. No salt - use ready-made rainbow tables.
2. There is one salt for all - we generate one rainbow table and “break” all users using it.
3. There is a separate salt for each user - separately brutforsim each user.
')
Source: https://habr.com/ru/post/145648/
All Articles