undefined | Better HN

0 pointsTade01y ago0 comments

There's no hash collision here, just two different hashes, each with its own salt, matching the same original phrase.

If you use only the password to generate the cache key, then this password will match regardless of salt, so users with the same password will generate a cache key matching that password.

0 comments

4 comments · 1 top-level

magicalhippo1y ago· 3 in thread

Yes, that's what I pointed out when you suggested there would be a problem with two different users having the same password.

Tade0OP1y ago

I'm getting the feeling that there's some kind of miscommunication here.

If only the password is used to generate the hash then that password, when used to match against a previously stored hash(cache key here), will also match it, thus producing the exact same vulnerability, but worse because it's enough to have the same password as someone else.

Salting does not help here at all.

magicalhippo1y ago

The whole point of salting is to avoid exactly that scenario, and, as I linked to, bcrypt requires salt.

So when you read "bcrypt(password)", that just means the salt is implicit, not that it isn't salted.

Tade0OP1y ago

The the output of `bcrypt(password)` is:

  $2a$12$R9h/cIPz0gi.URNNX3kh2OPST9/PgBkqquzi.Ss7KIUgO2t0jWMUW
  \__/\/ \____________________/\_____________________________/
  Alg Cost      Salt                        Hash

The Salt part is randomly generated. When you call `bcrypt.compare(output, password)` it uses the salt that's contained in `output`. Two calls of `bcrypt(password)` will generate different outputs(so different salts and thus different hashes), but still if you run `bcrypt.compare(output1, password)` and `bcrypt.compare(output2, password)` they will both match as long `password` was used to generate both.

In short: you can't use just the password as that's going to match a cache key that was generated by whoever typed in this exact password. The salt is only there to prevent offline attacks.

1 more reply

j / k navigate · click thread line to collapse