Salts and Passwords - prefix or postfix
https://stackoverflow.com/questions/855933
-
21-08-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
This is a question about salting phrases that need to be hashed.
I was wondering if it more secure to prefix the salt to a phrase or postfix it? salt + phrase or phrase + salt
My question comes from this comment on this post on MD5s. I am not sure I understand the reasoning behind the author's comment.
Solution
Whether the salt is appended to the front or the back makes no difference.
The following factors will affect security though
- Is your salt private (if so how private is it?). The more private the better. This means that if you can avoid storing your salt in your db you can make your system safe against brute force attacks even if your db is compromised.
- Is your salt random per value salted? This helps defend against rainbow table attacks if say your db is compromised and your salt is stored in the db. Note: if passwords being stored are long enough they can be immune to brute force attacks.
- Is your salt long enough? The longer your salt the more secure you are.
OTHER TIPS
It doesn't matter when you digest the salt: prefix, postfix, infix all produce different hashes, but achieve the same purpose of defeating rainbow tables or other pre-hashed dictionary attacks.
I think that the comment has to do specifically with a vulnerability in MD5, not hashing in general. I don't understand the details, but it has to do with finding two prefixes that produce the same hash.
When someone has a question about the use of salts I fear it is because they are busy (re)inventing things they really shouldn't be in the first place. Based on the question my recommendation is to use an HMAC.
unlike what others said, it does matter! and as @einstein if you care use HMAC.
why prefix is bad, because one can calculate the intermediate state of the checksum up to the given fixed salt prefix. then start calculating the rest in parallel. In summary phrase+salt is more secure than salt+phrase, but HMAC(salt, phrase) is even better.
Technically it doesn't matter, so long as the salt is unique and not easily guessable. Just don't make the mistake of storing the salt, like I did.
The purpose of "salting" a string is to scramble it in a way a bit more personal and unique than an MD5 hash will do. There's no right or wrong way to do it, just so long as you're the only one that knows how it works. It will achieve the result either way, which is to make the MD5 hashes generated not correspond with a rainbow table for easy cracking of passwords.
