undefined | Better HN

0 pointsworklogin11y ago0 comments

Whether the salt is secret or not doesn't matter. If it's known that I salt passwords in the USERS database with the `uname` field, hashes for "workloginpa$$word" and "kasey_junkpa$$word" will look different, even though our passwords are the same. There's no easy way to compare passwords when they're salted, and that's the point to understand.

Yes, having a good hash in the first place is more important, but salting is right up there.

0 comments

4 comments · 1 top-level

Locke168911y ago· 3 in thread

No, it's not, because choosing a proper KDF will make your passwords take years to crack, while choosing a standard digest with a salt will turn the time from fractions of a second to days.

The only thing that matters is whether or not your password database ends up on a message board somewhere, not about how you feel about hashing.

davis_m11y ago

A proper KDF is more important if you are trying to break a specific user's password. It will simply take too long to try any reasonable number of attempts. However, in the event that you have a large database leak individual salts become just as important. When looking thousands of users, unsalted hashes allow attackers to start with the most common passwords used and compare them to the entire leaked database in one try.

kasey_junk11y ago

Are there any proper KDFs that don't include a random salt?

1 more reply

workloginOP11y ago

Yes, it is!

Since DDG does it quick, I'll use MD5 as an example, but don't ever use MD5 as your hash!

An attacker already knows a user's plaintext password is "pass123" and no salting has occurred. He can search for "32250170a0dca92d53ec9624f336ca24" in the database and find 5 other users that have the same hash. He now knows that those 5 people have the same password.

Meanwhile:

    Johnpass123: e3445c82086cff25a79dcbbe59b569d1  
    Mattpass123: fd6d563970fd6ead6391a997a5e06d80

Moral: It's not about how hard it is to crack. It's about comparisons of hashed values without cracking necessary.

j / k navigate · click thread line to collapse