5

I read on PHP.net that MD5 is useless, and they suggest using crypt + salt.

So, I went to their function description and read

<?php
$password = crypt('mypassword'); // let the salt be automatically generated

/* You should pass the entire results of crypt() as the salt for comparing a
   password, to avoid problems when different hashing algorithms are used. (As
   it says above, standard DES-based password hashing uses a 2-character salt,
   but MD5-based hashing uses 12.) */
if (crypt($user_input, $password) == $password) {
   echo "Password verified!";
}
?>

or in my case something like :

$stored_password=fetch_password($user);
if (crypt($_REQUEST['password'],$stored_password)===$stored_password) {
// ok
}

So, when I see that the salt is stored in the hashed password and that you use that hashed password as salt, I think Crypt + Salt is not more secure against a brute force on output (hackers who managed to steal hashed passwords). Is it more secure?

Against a dictionary attack, I can understand its power, but for a brute force attack on hashed passwords, I don't see the advantage.

Richard Povinelli
  • 1,419
  • 1
  • 14
  • 28
user1117862
  • 121
  • 3
  • 9

3 Answers3

2

When applying salt to a string (password in the example) before hashing, the hash now becomes another hash than it would without the salt. Without the salt, you could just use a pre-existing dictionary - now instead you need to create a dictionary to the salt. If you use a user specific salt, each user needs to have it's own dictionary when using brute force. This becomes way more time consuming.

MD5 is a broken algoritm because of its collision vulnerabilities.

Zar
  • 6,786
  • 8
  • 54
  • 76
0

Salts impede rainbow tables & hash dictionaries by making your hashed passwords unique.

They also help prevent someone from stealing your list of hashed passwords and using that to gain access to accounts on a different site (by reversing the hash or similar).

It will not help against a traditional brute force attack.

MrGlass
  • 9,094
  • 17
  • 64
  • 89
  • 1
    A salt would help against a traditional brute force attack, since the hacker would have to build a dictionary adjusted to the salt. If a user unique salt would be used, then each user would have to have its own dictionary. – Zar Dec 27 '11 at 15:54
  • Dictionaries are not used in a traditional brute force attack. – MrGlass Dec 27 '11 at 15:58
0

Crypt with hash is simply more expensive than MD5. An attacker would need more compute time, thence this is more secure.

For a password and MD5, an attacker could use precomputed tables for MD5 PLUS have the advantage of MD5 to be very fast.

For a password and salted crypt, precomputed tables would be useless, PLUS crypt needs more horsepowers than MD5

There are specially-crafted algoritms (google bcrypt), that have an intentionally high compute cost to take this even further.

Eugen Rieck
  • 64,175
  • 10
  • 70
  • 92