Re: Salt Storage - web.config or database?

[Steve Barnet <steve.barnet () icecube wisc edu>]

Hi James,

James Pujals wrote:
> steve.barnet () icecube wisc edu wrote:
>
> > This is not necessary, and may well be undesirable. This does
> > very little to improve security and creates more complexity
> > and more failure modes.
> >
> > Salting does nothing more than ensure that identical passwords
> > with different salts hash to different values. This solves a
> > few very narrow attacks:
> >
> > 1) Precomputed dictionary attacks. If an attacker wants to
> >    precompute a list of password hashes for later comparison with
> >    stolen hashes, they must now compute the hashes for the
> >    number of words * number of hash values instead of a single
> >    hash for each password.

This should read "number of words * number of _salt_ values"

My bad.

> > 2) Identical passwords hash to different values. If you break a
> >    particular password hash, you cannot do a trivial comparison
> >    with hashes using a different salt to find other usernames
> >    which use the same password.
> > 3) Same password used on different systems. This is essentially
> >    a special case of the # 2.
> >
> > Salting does very little to mitigate an attack on a single
> > password hash.
>
>
> I'm confused.  Are you suggesting to not salt the passwords at all prior to hashing?

Oops, that's not what I'm suggesting. Passwords should definitely be
salted. What I meant regarding an attack on a single password is
that if an attacker has the hash value for a particular account
and they are attempting to obtain the password by using a dictionary
attack, then the salt increases the time it will take to hash the
dictionary of candidate passwords, but that's it. A bad password
(eg password) will still be found (eventually). So the value is
limited to the amount of time added to the attack.

This is a good thing, but it means that salt won't save you;
just give you enough time to reach a non-extradition country
perhaps. :-)  Or more pragmatically, increases the time window
for you do remedy the problem (close security hole, change passwords).

Probably the biggest win is scenario 2 - the same password hashes
to a different value. If an attacker is able to gain one hash,
they're very likely to be able to get them all. If that's the case
and you don't salt, then you can look for identical passords using
a string comparison (the hashes will be identical).

Best,

---Steve




-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. Change the way you 
think about application security testing - See for yourself. 
Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------