1

I need to store password in Database. I m on windows and the only algorithm given by that platform is pbkdf2 (as far as I know). So is it OK so store my password as hash of pbkdf2? Or is their a better algorithm available via Windows API (Cryptography API or similar api available on Windows?). I also learn that PBKDF2+SHA512 is not so different than BCrypt

zeus
  • 12,173
  • 9
  • 63
  • 184
  • 1
    There are many posts on the web that compare the different algorithms, including PBKDF2, e.g. [here](https://medium.com/analytics-vidhya/password-hashing-pbkdf2-scrypt-bcrypt-and-argon2-e25aaf41598e). If you exclude third parties, probably only PBKDF2 remains (see [this answer](https://stackoverflow.com/a/66627189/9014097) to your own question) and you have to accept the disadvantages. – Topaco Mar 20 '21 at 18:03
  • Nowadays, Argon2 is mostly recommended. You should describe in more detail what you plan to do and what your requirements are, e.g. it is easily possible to use Argon2 via a third party library in a .NET application, e.g. [here](https://www.twelve21.io/how-to-use-argon2-for-password-hashing-in-csharp/). – Topaco Mar 20 '21 at 18:06
  • @Topaco : I m under delphi and I don't think their is any implementation of Argon2 under Delphi :( – zeus Mar 20 '21 at 21:19

1 Answers1

2

PBKDF2 is indeed a password hash and therefore designed for this kind of operation. That doesn't mean it doesn't have any drawbacks. As usual it has a salt and work factor (a more generic term than iteration count that PBKDF2 uses).

However it doesn't provide any memory hardness, so it is easier to create specialized hardware to attack it. Furthermore, a smart implementation can speedup the HMAC algorithm that is used for the designated hash function by performing pre-calculation. And finally it is super inefficient if you ask more bits than the output of the hash function - but that's not really a topic if you just use it as a password hash instead of (multi-)key derivation.

So PBKDF2 is old, but it is still a million times better than the idiotic amounts of hash(pasword) or hash(salt | password) schemes out there without salt and/or work factor. Literally, because you'd at least use a 1000000 as iteration count.

Note that using a password hash still allows for weak passwords; you should always add additional measures where possible, e.g. password guess limitations, password strength indicators and whatnot. It is mainly useful to protect your users passwords in case the login DB gets stolen.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • Note that the memory hard `scrypt` is based on PBKDF2, you could have a look if you can create an `scrypt` from PBKDF2. – Maarten Bodewes Mar 21 '21 at 12:37
  • thanks, But I want to use the PBKDF2 implementation available in Windows. I don't think I can build sCrypt on the top of it no ? – zeus Mar 21 '21 at 14:41
  • @loki I think that should be possible, but I don't really have the time to verify that :| – Maarten Bodewes Mar 21 '21 at 15:32
  • thanks anyway :) it's interesting to know ! I need to find an implementation of scrypt to see it how I can do – zeus Mar 21 '21 at 16:39