lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <009f01d060d6$ffcc47b0$ff64d710$@acm.org> Date: Tue, 17 Mar 2015 10:22:51 -0700 From: "Dennis E. Hamilton" <dennis.hamilton@....org> To: <discussions@...sword-hashing.net> Subject: RE: [PHC] pre-hashed passwords? -- in reply below to -- From: Jean-Philippe Aumasson [mailto:jeanphilippe.aumasson@...il.com] Sent: Tuesday, March 17, 2015 06:09 To: discussions@...sword-hashing.net Subject: [PHC] pre-hashed passwords? (After reading this nice post about passwords including null bytes: http://blog.ircmaxell.com/2015/03/security-issue-combining-bcrypt-with.html) Has anyone already seen password hashes "pre-hashing" a password, to handle length limitations? Things like password_hash(hash('sha256', $password, true), PASSWORD_DEFAULT) password_hash(hash_hmac('sha256', $password, $key, true), PASSWORD_DEFAULT) <orcmid> PBKDF2 does that when the password length exceeds a block-size limitation. I have also seen deployed usage of PBKDF2 where all passwords are pre-hashed (and therefore within the limitation). (Unfortunately, there is a resulting pass-the-hash attack in the case at hand.) If you are going to do this, it seems to me that an HMAC form should be used, with a likely-unique key (some transform of a crypto-quality IV, for example). </orcmid>
Powered by blists - more mailing lists