lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20141212033047.29e503db@lambda>
Date: Fri, 12 Dec 2014 03:30:47 +0000
From: Brandon Enright <bmenrigh@...ndonenright.net>
To: Marsh Ray <maray@...rosoft.com>
Cc: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>,
 bmenrigh@...ndonenright.net
Subject: Re: [PHC] How important is salting really?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 12 Dec 2014 01:21:32 +0000
Marsh Ray <maray@...rosoft.com> wrote:

> C.      Prevents the trivial determination that two accounts chose
> the same password

There are special cases where this point comes into play.  For example,
in the recent Adobe breach an unknown "personalization key" (actually
an encryption key in this case) was used which made cracking
impossible.  But, because of a lack of salting (or in this case CBC +
random IV) it was still possible to determine the password for a large
number of the accounts because the password hints were also leaked.

Salting protects against being able to use information gleaned from
other accounts (like a password hint) from being useful.

I think *everyone* should be using a personalization key with whatever
hashing scheme they pick because without the personalization key a
database leak is nearly harmless.  If the personalization key leaks with
the database then it degrades to as though a key wasn't in use.  That
is, a personalization key is sometimes better, never worse.

But, without password salting a personalization key isn't as effective
due specifically to Marsh's point C.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlSKYX8ACgkQqaGPzAsl94IDFgCeLvAWg8JIyCA92Kr+U4S0MSDD
IIsAnRMbLSJJ1XacfTr2EO2Sq48z7LHx
=FDxg
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists