0

I'm a rookie when it comes to Information Security so I've been reading a lot of the top questions on this stackexchange for the sake of learning. I came across this question that discusses hashing. In criticism of a home-brew security algorithm, people repeatedly say that shuffling a hash adds no security.

A comment that I can't find an answer for:

$nt = substr($pass,0,8); // <--- BAD BAD BAD - why shuffle an MD5 hash?!?!?

and here:

Again hash = sha1($salt+md5'($password)). Rearranging the MD5 adds no security (swap(00112233445566778899aabbccddeeff) becomes ccddeeff8899aabb0011223344556677) the swap does not prevent you from using md5 rainbow tables after (e.g., look at the code and reverse the swap). However, the presence of the unique salt makes the rainbow tables infeasible.

There must be something I don't understand about hashing. It seems to me rearranging the characters in the hash randomly would offer a sort of security? Clearly that's not the case, but What mistake am I making? I'm ignorant of my own ignorance right now.

bbenz
  • 15
  • 5
  • Could you explain why you think that adds security? – domen Mar 14 '18 at 11:58
  • The important detail here is **"look at the code"**. If you know the code base, you know that and how the hashes are shuffled. And following Kerckhoff's principle we have to assume an attacker knows the code that is used. – Tom K. Mar 14 '18 at 12:02
  • If the attacker had for example, a rainbow table to compare common passwords with these hashes, rearranging the hash would mean it doesn't represent the corresponding value. That's what I thought at least, but I'm expecting that to be wrong now. I guess I was assuming the attacker had the hashes, but not the code that made them. – bbenz Mar 14 '18 at 12:56
  • because the way hashes are cracked is by guessing and checking, and your derivation process can be quickly integrated into the guess. – dandavis Mar 15 '18 at 03:45

2 Answers2

3

First of all, based on Kerckhoffs's principle, you must assume that an attacker knows the algorithm you used to hash the passwords, so doing things differently than others won't make you secure by default.

While your algorithm is based on MD5, it's a entirely different algorithm. How do you make sure that you didn't reduce its strength by performing your own calculations on top of it?

Finally, this question seems to be about password hashing. In this context, hash algorithms are expected to be slow. MD5 is fast. Shuffling an MD5 is fast. Your algorithm is fast. So you shouldn't use it for password hashing.

Tom K.
  • 7,965
  • 3
  • 30
  • 53
Benoit Esnard
  • 13,979
  • 7
  • 65
  • 65
2

It's security by obscurity. Shuffling the hash DOES improve your security, because if the individual who is trying to crack the passwords does not realize you have shuffled the hashes then they will not find the proper passwords, unless they somehow manage to find a completely separate password that hashes to the rearranged hash (known as a hash collision).

The reason most people say this doesn't improve security is because most people assume that if someone managed to get access to your database, they most likely have access to the login function that rearranged the hash in the first place. This function is routinely checked because this is where the malicious individual would identify any non-standard hashing techniques you used. So rearranging the hash is not a great method for improving security as its significantly less effective than using a standard salt.

Tom K.
  • 7,965
  • 3
  • 30
  • 53
Nick W.
  • 214
  • 1
  • 3