Presentation is loading. Please wait.

Presentation is loading. Please wait.

Use of a One-Way Hash without a Salt

Published byTerrence Duell Modified over 9 years ago

Similar presentations

Presentation on theme: "Use of a One-Way Hash without a Salt"— Presentation transcript:

1 Use of a One-Way Hash without a Salt
Năstase George-Daniel MSI2

2 One way function A one-way function is a function that is easy to compute on every input, but hard to invert given the image of a random input. Can also be collision resistant(optional) Example: discrete logarithm: given a prime p and an integer y between 0 and p−1, find x such that 2x = y Other examples: Multiplication and factoring, modular squaring.

3 Hash function A hash function is any function that can be used to map data of arbitrary size to data of fixed size. You don’t need a cryptographic hash function for this.

4 One-way cryptographic hash function
The ideal cryptographic hash function has four main properties: it is easy to compute the hash value for any given message it is infeasible to generate a message that has a given hash(=>one way function) it is infeasible to modify a message without changing the hash it is infeasible to find two different messages with the same hash. Ex: MD5, SHA-1, etc.

5 Rainbow Tables Are a compromise between pre-computing all plaintexts to hashes and looking up through a table of [plaintext, hash]. H-->222f00dc--R--> H-->920ecf5y The table only stores the starting plaintext, and the final hash you choose to end with, and so a chain "containing" millions of hashes can be represented with only a single starting plaintext, and a single finishing hash.

6 Rainbow Tables – How to use
We have a hash and want to find the plaintext, so we search the saved hashes. If we find that hash, we reconstruct the hash-chain and obtain the plaintext. If we don’t find that hash, we start building a new hash-chain and after each new generated hash we search though the saved hashes to see if we already know it.

7 Vulnerabilities Some hash functions have become vulnerable(MD5, SHA-1). Along with the mistake of not using a salt this makes it easier for attackers to pre-compute the hash value using dictionary attack techniques such as rainbow tables. Its should be noted that, despite common perceptions, using a salt with a hash does not sufficiently increase the protection level. An attacker who is targeting an individual password, or who has a large amount of computing resources available can still pre- compute the hash. The use of a salt only slightly increases the computing requirements for an attacker compared to other strategies such as adaptive hash functions.

8 Vulnerabilities (2) The real danger is "offline" cracking. Hackers break into a system to steal the encrypted password file or eavesdrop on an encrypted exchange across the Internet. They are then free to decrypt the passwords without anybody stopping them. If an attacker can obtain the hashes through some other method (such as SQL injection on a database that stores hashes), then the attacker can store the hashes offline and use various techniques to crack the passwords by computing hashes efficiently. (CWE-916: Use of Password Hash With Insufficient Computational Effort)

9 Detection Source code Weakness Analyzer (ex: flawfinder, clang, etc.)
Context-configured Source Code Weakness Analyzer Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies (less efficient)

10 Example 1 A user is logged in if their given password matches a stored password: unsigned char *check_passwd(char *plaintext) { ctext = simple_digest("sha1",plaintext,strlen(plaintext), ... ); //Login if hash matches stored hash if (equal(ctext, secret_password())) { login_user(); } This code does not provide a salt to the hashing function, thus increasing the chances of an attacker being able to reverse the hash and discover the original password.

11 Example 1 fixed unsigned char *check_passwd(char *plaintext) {
strcpy(stext,plaintext); strcat(stext,salt); ctext = simple_digest("sha1",stext,strlen(stext), ... ); //Login if hash matches stored hash if (equal(ctext, secret_password())) { login_user(); }

12 Example 2 In this example, a new user provides a new username and password to create an account. The program hashes the new user's password then stores it in a database. unsigned char *add_db(char *user, char *pass) { cpass = simple_digest("sha1", pass,strlen(pass), ... ); update_db(user,cpass); } Because there is no salt provided to the hashing function, the chances of an attacker being able to reverse the hash and discover the original password if the database is compromised.

13 Example 2 fixed unsigned char *add_db(char *user, char *pass) {
strcpy(spass,pass); strcat(spass,salt); cpass = simple_digest("sha1", spass,strlen(spass), ... ); update_db(user,cpass); }

14 Adaptive hash function
Can be configured change the number of iterations ("stretching"). (md5(md5(“plain”)) Can be configured to randomize the salt. The number of iterations and salt are saved in the database along with the hash. Ex: bcrypt, scrypt, PBKDF2, etc.

15 Adaptive hash function (2)
While there is active debate about which of these functions is the most effective, they are all stronger than using salts with hash functions with very little computing overhead. Note that using these functions can have an impact on performance, so they require special consideration to avoid denial-of-service attacks.

16 References http://cwe.mitre.org/data/definitions/759.html

Download ppt "Use of a One-Way Hash without a Salt"

Similar presentations

Lecture 5: Cryptographic Hashes

Lecture 5: Cryptographic Hashes
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”

Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Information Security Principles & Applications Topic 4: Message Authentication 虞慧群

Information Security Principles & Applications Topic 4: Message Authentication 虞慧群
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.

PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.

Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.

Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptanalysis. The Speaker  Chuck Easttom  

Cryptanalysis. The Speaker  Chuck Easttom  
CS5204 – Fall 2009 1 Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.

Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.

Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.

Similar presentations

Ads by Google