2

I'm sure its obvious, but I was wondering, what is the primary reason 3DES encryption is not used for storing passwords in the database?

My understanding is that 3DES is a strong encryption? So I can only think that the reason it is not used is because its encrypted not hashed, so that if the system was compromised the hacker could find the key used to encrypt and use it to decrypt?

The other reason being in privacy of information, even the database owner should not have the ability to see the users passwords, as they are often the same password used everywhere.

Is there any other reasons why it isn't used? Is it easier to brute then SHA?

NOTE: I am not using 3DES, but my company previously did. It was just a question out of curiousity.

Cyassin
  • 503
  • 2
  • 6
  • 12

2 Answers2

3

Site owners should not have the ability to instantly see every single user's password (and possible every password they've ever used on your site) - many users share passwords, and you don't need to get into their bank account.

  • Nor do you need to be accused of getting into their bank account based on having their password.

Should an attacker get your database password list somehow, the only thing they need them is your encryption key to get 100% of all passwords, nearly instantly, regardless of password strength - "12345" and "abDPZJg2$f3e4^po6aB]s67Kbfd;:vIr4}52Fqa\~Rep`,>ioNuJ" will be found in the same time (and at the same time, for practical purposes). With properly hashed passwords, "12345" remains worthless. However, with even the weakest cryptographic hashing algorithm, that long, random password will be an incredible challenge.

Even if an attacker does get your database password list but not your encryption key, you'll be on major security sites who tell you that your methodology is a giant disaster, just like Adobe when they leaked over a hundred million 3DES encrypted passwords.

Don't encrypt passwords. Hash them, using a password hashing function like PBKDF2, BCrypt, or SCrypt with a random 8-16 byte salt and as high an interation count or cost/work factor as you can afford during expected peak times. Wee How to securely hash passwords? for more detail.

Anti-weakpasswords
  • 9,850
  • 2
  • 24
  • 52
  • Cool, thanks for confirming my understanding. We currently use PBKDF2 hasing with a 32byte unique salt and 10,000 iteration. (would be higher but some clients have some older servers). I have recently changed it from 3DES since I joined. – Cyassin Apr 10 '14 at 05:24
  • 1
    One point you missed: DES and other block cyphers can be used as pseudo-hash functions by using the password as the encryption key to encrypt a standard block of data. This has a number of problems that make it a bad idea, but it's more secure than using a fixed key to encrypt the passwords. – Mark Apr 10 '14 at 09:56
  • @Mark However; given that we have the SHA-X algorithms which were specifically designed/vetted/tested to produce irreversible message digests of variable-length inputs without requiring a key, why even consider using a symmetric cipher with a key to do that job? ;-) – Craig Tullis Jan 04 '15 at 21:29
0

3DES exists because of a need for an encryption algorithm stronger than DES that could be implemented using hardware optimized for the computations involved in DES. It is considerably weaker than cyphers such as AES (which was standardized at the same time as 3DES) and hash algorithms such as SHA-1 (several years earlier), and should not be used if other cyphers are an option.

Mark
  • 34,513
  • 9
  • 86
  • 135