0

The password salt for SHA1 Hashing is generated with the following function :

(new RNGCryptoServiceProvider()).GetBytes(buf);

What is used as the seed of RNGCryptoServiceProvider?

Can the values of passwordsalt for the registered users in asp.net 4.0 Membership provider be reconstructed with somehow feeding the same seed to the RNGCryptoServiceProvider?

EngelbertCoder
  • 777
  • 2
  • 9
  • 29
  • The salt is combined with the hash to make it less susceptible to rainbow table attacks. As long as the hash is different with the nth registered user, the salt being the same wouldn't be as big a concern, I would think. – Tim Jan 26 '16 at 23:37
  • Typically cryptographic random number generators are continuously updated with random information from clock skew, hard drive perturbations, keyboard timings and such. They are not initially seeded with the same value on each instantiation. That said I did not find the low level information for .net. – zaph Jan 26 '16 at 23:46
  • @Tim : The salt is not combined with the hash, it is combined with the cleartext. So, I think, an attack based on iterating through a dictionary and combining the salt and hashing it and checking with the hash would be susceptible. – EngelbertCoder Jan 26 '16 at 23:49
  • @EngelbertCoder Correct, a HMAC seems to be what the OP is alluding to, for reference see [Hash-based message authentication code](https://en.wikipedia.org/wiki/Hash-based_message_authentication_code). – zaph Jan 26 '16 at 23:51
  • @EngelbertCoder - You are correct, the salt and plain text are combined and then hashed (not sure why I thought it was the other way...been a long day). Still, I think the susceptibility would be lower than without salt at all. Perhaps not though. – Tim Jan 26 '16 at 23:52

1 Answers1

0

The RNGCryptoServiceProvider has qualified through FIPS 140-2 so one should be able to assume it does not have a initial bias nor need to be seeded by a user.

If the what is needed is a hash of a password consider using something such as PBKDF2, bcrypt or similar. These additionally add an iteration count to make the calculation tine longer. The idea is to increase the work factor for the attacker.

zaph
  • 111,848
  • 21
  • 189
  • 228