Add salt to password hash

Question

Add salt to password hash

Closed this issue 2 years ago · 5 comments

the password is stored as a plain SHA hash. This is not good enough, as it can be easily checked against a known hash database.

For example, the hash of "Muster!":

> echo -n 'Muster!' | sha256sum
2a3a100d193d125752b42e97976963630b9d2d11513df94a235b5c6d3da53e46

Enter it over here and get the plaintext.

Please at least add a salt to the password :)
It would also make sense to hash it several times (eg. 1000 times).

Answer 1 · 2023-02-01T10:05:19.000Z

Hi @dorianim!

It's true, a plain hash isn't secure enough. But do you know a procedure to authenticate with a salted password offline without having also the plain salt stored locally? Hashing several times is not secure as well, as long as you deliver the hashing method together with the password hash in linbofs. To make it really safe we need the server, to do the password check not locally. But we agreed to do the authentication offline.

Answer 2 · 2023-02-01T12:09:15.000Z

What we should do is this:

generate a random salt (s)
hash (password+s) 1000 times
put (final_hash + s) into linbofs

This will make it possible to check the hash, but impossible to brute force the hash in finite time.
We cannot make it completely secure, but we can make it so hard that it is impossible to crack it within a relevant time, and that's what this method does.

Let's do the maths:

we assume, we have a hash-rate of 10GH/s when brute-forcing
our password is 15 characters of [a-zA-Z0-9!"§$%&/)=?] (72 characters)
we have a total of $72^{15}$ possible combinations (7,244,150,201,408,990,671,659,859,968)
we have to calculate up to $7244150201408990671659859968 \cdot 1000$ hashes.
with 10GH/s, this comes to $\frac{7244150201408990671659859968000}{1000000000} = 7244150201408990671659s$
this is $120735836690149844527min = 2012263944835830742h = 83844331034826280d = 229710495985825years$

I hope, I didn't mess up at some point.
So, as you can see, it doesn't matter that the salt is stored in plaintext. The only thing that matters is, that a potential attacker can't use a pre-calculated database of hashes and therefore has to brute-force.

Answer 3 · 2023-02-01T12:38:44.000Z

Ok, thanx. I'll take a look at it.

Answer 4 · 2023-02-01T18:08:55.000Z

Simple example:

#!/bin/bash

if [ -z "$1"  ]
then
  echo "Usage: $0 <password>"
  exit 1
fi

SALT=$(cat /dev/urandom | head -c 5 | base64)
HASH=$(echo -n "$1$SALT" | sha256sum | awk '{ print $1 }')

for i in {0..1000}
do
  HASH=$(echo -n $HASH | sha256sum | awk '{ print $1 }')
done

echo $HASH$SALT

However, we might wanna go with less than 1000 times, it's kinda slow. 100 should also be fine.

Answer 5 · 2023-02-01T18:43:46.000Z

Uses now argon2 for password hashing.