0

I heard that we shouldn't rely on Adler32 and I want to ask why.

Why shouldn't we trust Adler32 to hash ? Is it reversible ? Or can we just see the real text with ease ?

M. Jack
  • 13
  • 2
  • Magic Hashes -> https://www.whitehatsec.com/blog/magic-hashes/ – DejaVuSansMono Oct 28 '16 at 18:38
  • Bigger question, why use Adler32 and not a SHA2 or SHA3 familily member such as SHA-256 and just take as many/few bits as needed. Adler-32 is a checksum algorithm which trades reliability for speed. But on todays computers SHA-256 is generally fast. On my laptop I can run SHA-256 on 1MB of data in 3 mSec. – zaph Oct 28 '16 at 19:03
  • @zaph I'm just curious about why adler32 is not reliable. Is it reversible ? – M. Jack Oct 28 '16 at 19:08
  • @zaph So, can't we use adler32 for password hashing ? – M. Jack Oct 28 '16 at 19:19
  • @zaph So, attacker can brute-force with keywords to Adler32. Can they reverse it with ease ? The only way to crack it is just brute force ? – M. Jack Oct 28 '16 at 19:27
  • Comments moved to the answer. – zaph Oct 28 '16 at 19:30

2 Answers2

2

One does not "decrypt" a hash, and a hash does not hide the "real text" -- encryption, not hashing, does that. But if you mean, can Adler-32 be used as a cryptographic hash?, then absolutely not. The requirement for a cryptographic hash is that it be extremely hard, effectively impossible, for foreseeable hardware and mathematics to construct a message with a given hash. It is quite easy to do that for an Adler-32, and in fact is easy with any 32-bit hash. 32-bits is simply not enough.

Mark Adler
  • 101,978
  • 13
  • 118
  • 158
  • So, you can easily get the same hash by trying and can't see the clear text because it does not contain it. Did I get correct ? – M. Jack Nov 03 '16 at 23:58
  • 2
    There is no clear text. There is no encryption. For this discussion all there is is a message and its hash. The message could be in plain English. A "cryptographic" hash is designed to make it infeasible to construct another message, any other message, with the exact same hash. – Mark Adler Nov 04 '16 at 02:13
0

Absolutely you can not use Adler32 for password hashing.

For short inputs substantial information can be gained from a 8-bit CRC. Typically for a cryptographic hash a one bit change in the input data 50% of the output bits will change.

It isn't designed to avoid collisions, it is a CRC. Many hash functions are designed for other purposes where collisions are not a problem such as dictionary lookups or the storage bins at a "bottle club" which just uses the last couple of digits of a membership number to achieve somewhat even distribution of bottles across storage bins.

Password security:

Just using a hash function is not sufficient and just adding a salt does little to improve the security. Instead iIterate over an HMAC with a random salt for about a 100ms duration and save the salt with the hash. Use functions such as PBKDF2, password_hash, Bcrypt and similar functions. The point is to make the attacker spend a lot of time finding passwords by brute force.

One reason why SHA-512 with a salt is not sufficient is a laptop (mine) can execute 750,000 per second, this would be applied to a list of 10,000,000 passwords sorted by frequency of usage Then there are special programs that fuzz those. Unless it is spear-fishing an attacker will probably be satisfied with 90% of the passwords cracked. So by lengthening the computer time from <2us to >100ms it takes the attacker 50,000 times as long, he will probably move on the the next site.

Protecting your users is important, please use secure password methods.

Here is why: an attacker hits your site, gets the MD5 passwords, uses brute force with a list of common passwords and has the user's username and password. Now the attacker uses this on another site to gain access to more sensitive data since most users re-use passwords. You have just helped compromise the user. Note: A decent hacker rate could be 1 billion/second. Attacker will love your site and you will not even know it was successfully attacked.

zaph
  • 111,848
  • 21
  • 189
  • 228