Are hashed and salted passwords secure against dictionary attacks?
https://stackoverflow.com/questions/1111494
-
12-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I understand that salts make the same password hash to different values. However, salts are usually stored in the database with the password. So let's say I am attacker, here is how I might use a dictionary attack against a salt (note in this example i don't write out 128 bit hashes or salts for the sake of brevity):
user_pw = 'blowfish'
Given:
email = 'blah@blah.com'
hash = '1234567890'
salt = '0987654321'
function attack(){
for each(word in dictionary)
md5( word * salt ) == hash ? cracked_one(email, word)
}
I understand this prevents hackers from using rainbow tables...but doesn't seem to prevent dictionary attacks. I guess you could add something else to the hash algorithm, but with security we must assume that the method of attack is known.
So it seems that salting prevents hackers from figuring out which passwords are likely to be dictionary passwords (ones that multiple users have) and prevents rainbow attacks...but does not prevent dictionary attacks.
Is this a correct analysis? Any suggestions for better security?
Thanks!
Solution
Salt doesn't prevent dictionary attacks, just precalculated dictionary attacks. In particular, it protects against rainbow tables (http://en.wikipedia.org/wiki/Rainbow_table) and also ensures that cracking one user's password doesn't automatically let you crack any user who shares that password.
The article I linked to mentions some ways to improve upon salting, incudling key strengthening (http://en.wikipedia.org/wiki/Key_strengthening).
OTHER TIPS
Nothing keeps an attacker from just guessing the password.
Salts just make it harder by forcing an attacker to hash the dictionary on a per-user (effectively, per-salt) basis.
To improve security, a tunable hash function is your best bet. Crank the time-per-hash up, making dictionary attacks impractical on whatever hardware your attacker is likely to have available.
Basically, read this.
That's correct. If someone got the password material, a dictionary attack would be effective.
To guard against this:
- Make sure your passwords aren't subject to dictionary attacks.
- Make sure your password file (
/etc/shadow) is readable only by root.
Without salt, the attacker can generate hashes for every word in his dictionnary then run the new dictionnary against your passwords list
With salt, each password is hashed with a random string so even with the prior hashed dictionnary knowledge, he still have to re-create a new hashed dictionnary containing the salt for every different salt in your database.
Just think of dictionnaries tables as a subset (small portion) of the rainbow tables. While rainbow tables can contain billions of entries, dictionnaries contain "known words", so maybe a few million entries at most.
The reason why rainbow tables fail against salt is because the re-creation process would be "billions of entries" of recalculation while dictionnary attacks are still "few millions of entries". The salt just blocks precomputed values
Your logic is sound, but in reality, with enough computing power and time, there is no protection against dictionary/brute-force attacks.
