1

I am curious to know two facts regarding MD5 password hashing. As far I know, MD5 is faster and more vulnerable to collision than other hash functions like SHA-1,SHA-3 etc.

To prevent dictionary attack, brute-force attack and rainbow table attack different people have developed different techniques over time.

For example,one of the techniques is adding some random messages with the original passwords to prevent rainbow table attack and using recursive or iterative hashing to make the entire password hashing slower.

Then the hashed values are stored in a database. A user enters his username and password at the login screen and then the client-server system computes the hashed value immediately and match it with the hashed values previously stored in the database.

I present my curiosity in the form of two questions.

  1. Isn't making password hashing slower using recursion or iteration same as making the login slower for the users?

  2. Are password hashing techniques made generally secret or open to others.

OscarAkaElvis
  • 5,225
  • 3
  • 18
  • 49

2 Answers2

4

For example,one of the techniques is adding some random messages with the original passwords to prevent rainbow table attack

Making the hash function slower (increasing the work factor) makes it harder to break, but adding a random salt doesn't doesn't make the hash harder to break at all, that's not what it's supposed to do.

What it does is protect two or more users who all have the same password. A hash of the same input will always have the same output - so all the users with the same hash in the database must have the same password. If you crack one, you get them all.

Adding a random salt to each password makes their hashes different, so the rainbow table cracks only one at a time.

Isn't making password hashing slower using recursion or iteration same as making the login slower for the users?

Yes.

If password verification was a fast hash, attackers can check lots of passwords quickly and find the right one. So hash functions for passwords should be slow to protect against that. And their normal use is a person typing and watching a login screen, waiting half a second, once, is not a bad trade off.

Some are slow by design (bcrypt) and some are slow by doing a fast hash over and over (pbkdf2).

Scrypt is a variant on this idea as well - a hash which makes the calculation take a lot of time, and also makes it take a lot of memory to do - so trying to attack it fast by using multiple computers is expensive.

https://codahale.com/how-to-safely-store-a-password/ discusses this tradeoff with examples.


Are password hashing techniques made generally secret or open to others.

Generally open. An older hash (now deprecated) was RC4, and that was a proprietary development by the company RSA Security, and never officially released, but it leaked, was confirmed, and widely used anyway.

Common password hashing algorithms (slow) are open:

  • bcrypt, which was publically released and is used in OpenBSD, which is open source.

or official standards through the Internet Engineering TaskForce (IETF):

Common fast hashing algorithms (used in SSH, IPSEC, TLS) are open standards too, e.g.

and there's also RFC 6234 which says "The United States of America has adopted a suite of Secure Hash Algorithms (SHAs) [..] namely SHA-224, SHA-256, SHA-384, and SHA-512. This document makes open source code performing these SHA hash functions conveniently available to the Internet community.".

Alternatives to PBKDF2 Argon2 and Lyra2 are open source as well.

That's not to say that people can't make proprietary closed hashing algorithms, or base their password hashes on fast algorithms, but [Microsoft makes use of MD5] in Active Directory password hashes, and lots of companies use PBKDF2.

(In fact, I'd be curious to find proprietary hash functions used in popular systems, I can't think that I know of any)

TessellatingHeckler
  • 2,757
  • 1
  • 15
  • 14
2

Isn't making password hashing slower using recursion or iteration same as making the login slower for the users?

It is. But while a delay of 500 milliseconds when entering a password is acceptable for a user. This also means that a brute force attack is also considerably slowed down and can check only a few passwords per seconds. That's a good trade-off: nearly not noticeable for the legitimate user, but massively slowing down the attacker.

Are password hashing techniques made generally secret or open to others.

It is recommended to use techniques which withstood a deeper analysis which usually means that the technique is open. This is the same with good cryptography: the algorithms are open while the keys are not.

For deeper details on password hashing see How to securely hash passwords?.

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434