SHA-3 is KECCAK
Kagamin
spam at here.lot
Wed Jan 22 07:48:03 PST 2014
On Tuesday, 21 January 2014 at 09:58:34 UTC, Uranuz wrote:
> I don't feel myself confident about crypto and security
> questions, but I need to make password hashing and generating
> of session Id. And make it difficult to pick up password with
> bruto force or dictional with single "usual" computer.
The article linked by John Colvin is comprehensive enough to give
you understanding of the problem, if outlines all mistakes in
password hashing schemes and how to solve them properly. The
dictionary attack is the most dangerous, as indicated by the
article, slow hash like bcrypt can be of some help, it may win
you a little time, but that time can be enough for the
administrator to lock the system. Slow hash makes brute force
slower, because it has to compute hash a lot. So for password
hashing there's no reason to choose md5, because it's the fastest
:)
There's no reason to implement bcrypt on your own (like
repetitive hashing), because it should be well optimized in order
to not let the attacker to compute the hash faster by a more
optimal implementation.
Keyed hash is a very strong protection if you keep the key
secret. The task of protecting the key is more administrative
than cryptographic. If the attacker can't retrieve the key, he
can only brute force the password remotely on your system, but
since he will use your code, you have the chance to detect the
attack. What to do once you detected it is up to you.
Another possibility to consider is two-factor authentication for
the case when the password is indeed stolen.
> About md5 I have read that it's already cracked. It's
> vulnerable to length extension attack.
The length extension attack is used against digital signatures,
it's useless against password hashing (that's why it's not
considered in the article). The attack is prevented by prepending
salt instead of appending.
More information about the Digitalmars-d
mailing list