44

When you have a password stored in a database that has been strongly hashed and salted does it really matter if the underlying user password is weak?

If you setup features like limiting login guessing and use captchas to stop automated guessing can you effectively make up for a weak password such as "password"?

I guess my question is does using a password like "password" make the salted hash any weaker than using a longer password such as "fish&*n0d1cTionaRYatt@ck"? - Are all salted hashes equally as secure or does it depend upon the password being a good one?

Crizly
  • 2,607
  • 4
  • 18
  • 29
  • 34
    I think you're confusing the threat models. – schroeder Oct 27 '14 at 21:23
  • 2
    @schroeder I assume your point is that captchas and salts are used to protect against two completely distinct threat scenarios. – kasperd Oct 28 '14 at 07:58
  • 3
    Weak passwords will be the first ones that an attacker will use when he try to guess your password... Salt/hash doesn't matter here. – Gudradain Oct 28 '14 at 14:02
  • 1
    We're setting aside the fact that while "fish&*n0d1cTionaRYatt@ck" is a *longer* password, it's arguably just as bad or worse than "password" I take it? – corsiKa Oct 28 '14 at 22:22
  • 2
    Well -- they're *almost* orthogonal, but not quite: Weak passwords are more likely to be found in rainbow tables incorporating the salt values. – Charles Duffy Oct 29 '14 at 19:21

7 Answers7

87

Salted hashes are designed to protect against attackers being able to attack multiple hashes simultaneously or build rainbow tables of pre-calculated hash values. That is all. They do nothing to improve the underlying strength of the password itself, weak or strong.

This also means that they're not designed to defend against online attacks, so they have no impact on an attackers ability to manipulate your login form, where the salt is irrelevant, because an attacker isn't computing hashes directly, but entering candidate passwords into a form that may be (as you said) rate limited or protected by a captcha.

Weak passwords are weak. Strong passwords are strong. Salts don't affect this equation in any way.

Xander
  • 35,616
  • 27
  • 114
  • 141
38

You have to consider two attack vectors:

  • Online attack
  • Offline attack

Limiting login guessing helps against Online attacks.
Let's say it's three times, this means that an attacker can test ALL accounts for the three most common passwords that fit your password policy (how about "password", "12345678" and "12345"?).

Salting helps against Offline attacks
Same unsalted hashes are the same cleartext password. So every hash has to be computed once, not once for each salt. Even with a salt, the attacker can still try a dictionary attack, and no one (except his limit of computing power) will stop him, because your "three strikes" rule won't apply here.

Weak passwords reduce security in both cases
Online attack: If you allow common passwords (like "password" or "12345"), attackers will be able to break into 5% of your accounts in three guesses.
Offline attack: Here, they will also try the most common passwords first, of course. So if they compute 3 hashes per user, they have already broken 5% of the accounts...

Alexander
  • 2,143
  • 2
  • 17
  • 22
7

Salting/hashing is great if your database gets stolen, but it has nothing to do with dictionary attacks that might take place through the normal login procedure.

As you mentioned limiting the number login attempts and using CAPTCHA can make dictionary attacks that take place through the normal login procedure ineffective, but salting (or not) won't have any effect on that type of attack.

Even with the limited logins attempts and CAPTCHA in place, allowing super weak passwords is not a good idea, and if a malicious user is determined enough or sees enough value, they can find ways to exploit that weakness.

Abe Miessler
  • 8,165
  • 10
  • 45
  • 72
4

No, one point of salted hashing is to get good randomness in the hash regardless of the starting material.

However, this does not free us to use bad passwords. Good hashing only protects against one attack vector: that where the intruder steals the file with the hashes. So many other attack vectors on passwords exist... shoulder surfing, brute forcing, modified brute forcing (with intelligent starting guesses and so on)... that good passwords are still important.

Salted hashing will protect good passwords but won't rescue you from bad ones.

DavidF
  • 41
  • 3
1

Generally, the most important thing is password length. But it is true that an easy password could be broken down easier than a random one. For example, when you are trying to guess a hash using rainbow tables. If it is a normally used word like "cat" it is more likely that you can have it in this table than "07OFmy3HOY3l9e1gCNww7nNpd5lQ8I9an" ;D

Peter Mortensen
  • 885
  • 5
  • 10
1

In theory:

If the attacker has not built a rainbow table, if a password of some strength can be hacked in 1 unit of time, then N passwords of that strength can be hacked in O(1) time without salt and O(N) time with salt. That's what salt does. No advantage on a fixed password; shows advantage over multiple passwords.

If the attacker has a rainbow table, without salt, a weak password - in this case "weak" means "already in the rainbow table" - is as good as naked. With salt it will still need to be cracked in however many seconds that might take.

In practice: Password strength is way more important than any of this. Sometimes rainbow tables are mere convenience; if you have a million passwords that weak, they're permeable even salted.

djechlin
  • 288
  • 2
  • 9
1

If you picked one of the three weak passwords "love", "dog" and "cow", and a password database was lost: Without salts, I can try these three passwords and find immediately everybody in the whole database using these three weak password. With salting, I have to try love+your salt, dog+your salt, cow+your salt to crack your password if it was ridiculously weak, then repeat the same with everybody in the database.

If a hacker attacks you specifically, then salting doesn't help. It only helps by making it impossible to attack the whole database, instead requiring an attack against each individual user in the database.

gnasher729
  • 2,107
  • 11
  • 16
  • 4
    -1 for use of the word "impossible" in a security/cryptography context. – Shadur Oct 29 '14 at 07:59
  • 1
    This is plain wrong. If a hacker has a rainbow table already - which they probably do - your password may be one hash lookup to break unsalted but as strong as its entropy salted. – djechlin Oct 29 '14 at 14:38