0

According to Wikipedia:

A rainbow table is ineffective against one-way hashes that include large salts. For example, consider a password hash that is generated using the following function (where "||" is the concatenation operator):
saltedhash(password) = hash(password || salt)
Or
saltedhash(password) = hash(hash(password) || salt)

Say I'm using Argon2(di) to store passwords. Should I use the second method or first method to hash passwords?
And as a more general question, which hash method is typically better in password storage situations? (What about other situations like HMACS?)

1 Answers1

2

Say I'm using Argon2(di) to store passwords. Should I use the second method or first method to hash passwords?

No. Argon2 takes the salt as a separate argument from the password, and takes responsibility internally about how to incorporate them both into the computation. As any specialized password hashing function should.

Ideally, though, you should use a higher-level API that takes care of salt generation and management internally, by encapsulating the use of the password hash with:

  • An "enrollment" function that takes a password, generates a salt, and outputs a verification string that encapsulates choice of hashing algorithm, algorithm parameters, salt and hash. See for example the password_hash() in PHP.
  • A "verification" function that takes a password and verification string, parses the latter to recover all those parameters, and verifies that the password matches. See, e.g., password_verify() in PHP.

Basically, if you're manually concatenating salts and passwords like your quote from Wikipedia suggests, you're doing it wrong.

Luis Casillas
  • 10,361
  • 2
  • 28
  • 42
  • I'm definitely not. I'm using Argon2's salt parameter for security. As a separate question: what should I do if I have two salts? Since Argon2 only has one salt input, we get back to the concatenation problem again. –  Oct 12 '19 at 03:11
  • It should be OK to concatenate the two salts into a composite one. If just one of them is unpredictable to an attacker before they see it, so will be the composite. – Luis Casillas Oct 14 '19 at 17:08