1

I've been reading about it. This article helped me a lot. But the more I read the more complicated it seems. For example:

Is it better to use bcrypt, or PBKDF2, sha2 or something else for the salt? How do I add HMAC encryption passwords?

Suppose I have to store passwords (all information, hashes, salt .... ) in a single file.

I plan to do it this way:

  1. Obtain password from the end user.
  2. Create a salt.
  3. Create hash = SHA256(salt + password) and store salt together with hash in the file.

But I am not sure how to improve it. I do not understand how to use HMAC

Well the question is: What is the safest way to store a password in a single file? no matter the cost of the algorithm

PD: I am using JAVA.

Rory Alsop
  • 61,474
  • 12
  • 117
  • 321
user60108
  • 177
  • 5
  • Please have a look here, and follow the 3 links at the bottom of the first answer: http://security.stackexchange.com/questions/25585/is-my-developers-home-brew-password-security-right-or-wrong-and-why –  Feb 27 '13 at 09:58

2 Answers2

8

First point, never use SHA256 for hashing your passwords. Use bcrypt or pbkdf2. Here is a link to a Java library for bcrypt.

The library will take care of most of the details, including the generation of salts. Use it, don't roll your own.

What is the purpose of the password? Is it for authentication? If so, just store the hash somewhere you can retrieve later for comparison, be it a text file or a database.

If you want to use the password for encryption, well that's a whole different set of issues you have to consider. Details like key management, the modes of operation you should use will vary depending on your exact scenario. Don't do this unless you are a trained cryptographer, which you clearly are not, as there is a whole lot of stuff that can and will go wrong if you try to roll your own crypto.

  • The user's password is just to auntentificacion, but the data is stored encrypted. The idea was as follows: Asking the user password. Generate a random key based on the password, which will then be used to encrypt data. This point I have still not very clear (but I think it would use some algorithm like PBKDF2 to derive the random key, okay?). Then the data is stored encrypted using the random key with AES128. It stores a hash of the user password. And the random key stored encrypted with the user's password. Was it the right way? Thank you very much for your reply. – user60108 Feb 27 '13 at 13:14
  • 1
    @user60108 Is authentication and encryption separate? In other words, do you need authentication as well as encryption? If you only need encryption, a better way will be to just use `pbkdf2` to derive a key from the password, encrypt using said key and discard the password/key. You can verify if the data is decrypted correctly by appending some predefined characters at the start of the plaintext before encryption and check for said characters after decryption. –  Feb 27 '13 at 13:19
  • 1
    @user60108 If you need both encryption and authentication, I would use a scheme similar to this one: http://security.stackexchange.com/a/30197/10211 –  Feb 27 '13 at 13:21
  • The authentication was only necessary to know that the encryption was right, your idea is good. But I think that way if password change would have to re-encrypt the data. That would not be a way.   The link seems very interesting. Excuse me for my stupidity, but I do not understand from step 3. And the concept of "blocking" not clear to me. Thank you very much. – user60108 Feb 27 '13 at 16:09
  • 3
    As @Terry said - **Do not try to roll your own crypto!** Even cryptographers try and avoid doing it! – Rory Alsop Feb 27 '13 at 16:16
2

Using SHA-256 is a bad idea. This algorithm has not been designed to be used in this situation.

The IETF scrypt algorithm is probably the best out there for password storage, but is not old enough to be widely implemented or intensively tested. PBKDF2, on the other hand, is promoted by the RSA Laboratories' Public-Key Cryptography Standards (PKCS).

In both cases, use Java libraries to do the job for you, and do not implement those functions yourself. Find here a library for scrypt.

user1766244
  • 31
  • 3