I have been searching for a preferred location to create a password salt.
For me it makes sense to create the password salt the database level and do the hashing of the entered password + salt at the database level.
But as I am an ultra-noob on login security, I wanted to know which location is best for creating the salt itself.
From what I have read, I have created a stored procedure that takes a userlogin and password and compares the stored salt concatenation to validate if the password entered is correct.
What I need to know now, is where should the password salt be created on a new user account?
My intent is to have a non-refundable password if the user forgets. If they forget it gives them a temp and then requires a change afterwards. As well, if the password changes, I also want to change the salt accordingly.
I have no illusion of total security, only want to mitigate the opportunity.
The place to generate the salt and to hash the password, should be in the code, not in the database.
To hash passwords you need a slow key-derivation function like BCrypt or PBKDF2, but most databases have no implementations of such functions. These functions have a cost factor, which controls the necessary time to calculate the hash-value (the longer the more secure against brute-forcing). The salt as well as the cost factor is usually stored in the same string as the password-hash, so you need only a single field to store the hash.
To verify the password, you first have to search with the username for the password-hash, then the function can extract the used salt and the cost factor, and finally the entered password can be hashed with the same parameters for comparison.
There is another reason to do it in the code, password-systems have to switch to stronger algorithms or have to increase the cost factor in future, then it is much easier to handle backwards compatibility in code, as with SQL statements.
Related
I'm having troubles understanding hashing function used in passwords encryption. Let's say user signs up to a website, password goes through the hash function and a digest lands in a database. So, the actual password isn't stored in a database. Now, when the user wants to log in, he types in the password. How the database know that the password is correct? Does password typed during the login goes through the hash function again? But we'll have two different digests, so how does it proceed?
To elaborate on #ArtjomB.
It is usual to save the salt and iteration count with the hashed password, sometimes concatenated in front of the hash with separator characters.
Then the same salt and iteration count can be applied to the password attempt to produce a matching hash.
Note: Neither the salt nor iteration count need to be secret.
One of the better functions to use is PBKDF2 (Password Based Key Derivation Function 2) instead of a primitive hash function such as SHA256 or HMAC with SHA256. MD5 and SHA1 functions should not be used.
I am using aspnet membership provider and by default HASHED password format were being used behind the scene and recently i got that password retrieval is not possible using that format. so i need to change password format to CLEAR OR ENCRYPTED however after doing this
is there any possible way to change password of existing data through database? OR i need to delete all records and start to create from scratch?
Also how one can handle situation where need to change password format from CLEAR to ENCRYPTED?
No, you will not be able to decrypt a hashed password. Hashing is by definition one-way. The two-way option available is the encrypt option, or clear.
The main function of hashing a password is for one-way encryption. Even internally when values are compared they are compared as hashed values.
[OK, technically one could decrypt a hashed value, but this enters into the realm of hackers, rainbow tables, salt values, and I do not think you wish to go there]
For more please see here
I want to encrypt user's personal data then save them in database .
the encryption must be done in application ( I can't do that in sql server side )
now I wonder if it's possible to use each user's password to encrypt and later decrypt their data ? what are pros and cons of this approach /
One big 'con': what if the user changes his/her password? Then you would need to re-encrypt all data!
You've said that you want to store secure personal data of a user. Doing this unless the personal info. is extremely sensitive is generally NOT recommended for a number of reasons. What is commonly done however is hashing + salting of the user's password.
This page has a good explanation on how hashing and salting works and why it's better than encrypting, and then decrypting the password.
http://net.tutsplus.com/tutorials/php/understanding-hash-functions-and-keeping-passwords-safe/
As for encrypting the user's personal information, just like a password we can use a custom salt + hashing algorithm that's quite simple but effective on our application to use the custom hash equivalent of the userID which is expected to be permanent, static and persistent forever.
Since the uID (or a specialized unique string for every user) can be hidden from normal public and we ensure that our custom shared function cannot be accessed from unauthorized sources, we have a solid secured system.
This means, we hash+salt personal info based on a unique string such as a userID and a hash+salt the user's password aswell. For the personal information to be decrypted, both the userID hash and password hash should match with the database.
A better approach would just be to use known encryption protocols within your program. Data sent via HTTPS TLS for example is quite secure if implemented right.
I need to encrypt content in my web application on a per-user basis.
I, the root user, do not want to have access to users' content, period.
How can I make it so users are the only ones with access to their content? Perhaps I can make it so a hash of their login password acts as an encryption and decryption key (then their password is stored one-way hashed in my database, and the encryption/decryption hash is generated from their raw password on login and stored in a local cookie)? But what if they change their password? Then I have to update all their content which could take a lot of processing power.
Is there an encryption method that would provide this, without having to re-encrypt their content if their password changes? Something similar to ecryptfs on Linux, perhaps? Is researching ecryptfs a good place to start?
Is making it so only the user can access their content on my servers (and not even me) even feasible?
Process:
Generate a random secret to encrypt their content.
Using their provided password encrypt the random secret from #1.
Store their password as a one-way hash (with salt, maybe multi-hash).
Upon Password change:
Re-generate the value from step #2.
Re-generate the hash-cache from step #3.
Upon Login:
Hash password and check against hash generated in step #3.
If password matches - use actual provided password to decrypt random secret from #2.
Use random secret from #2 to unlock data encrypted in #1.
Notes:
No one can decode the data without knowing the random secret (#1). Random secret can only be unlocked with user's actual password (#2) (short of brute-force). User's actual password is only known in one-way hashed form (#3) so you can confirm it's the same, but cannot decode it and recover #2.
A forgotten password process is not possible (you can regenerate #3, but random key in #2 is now lost as is everything locked in their vault).
You don't have to re-encrypt everything in step #1 every time they change their password, only the (simple/quick) random secret from #2.
If you cache their provided password, or the random secret generated at step 1, or their (decrypted) content anywhere you could cause data leaks.
You're spot on that you need to use their password as a key.
I wouldn't monkey with ecryptfs because an encrypted file system isn't the best solution. You wouldn't want one user's data to be encrypted with the same key that another user used.
When you encrypt the data, you should generate a random string to use as salt. This prevents someone from using a pre-generated list of hashes to decrypt your data. It also changes the hash of two people who might use the same password.
When a user changes their password, you'll have to re-encrypt the data and generate a new salt value. This is the level of security I would expect as a customer, knowing that when I change my password, I'm re-encrypting all of my data to prevent someone from trying to brute force my key.
You can store the salt value in your database unencrypted.
Can users request that their password be emailed to themselves if the password is stored as a hash value?
Is there any way to convert a hash value to the clear text value with the proper information (& what information would you need)?
If a user has the same password hash value stored on two sites, would their password be the same for both sites?
If you're only storing a hash of the password, then no. ...and you should only be storing a properly-salted hash of their password, anyway.
Password reset mechanisms are the proper alternative.
Hashed passwords cannot be retrieved in general (this depends on the hashing function, secure hashes cannot be retrieved). If they have the same hash on two sites, they could have the same password, this depends on the hash salt used by the sites, what method etc.
If your password is securely stored in a good hashing system, a provider should never be able to email you your password, you must reset your password if you forget it.
In short, no. With most hashing algorithms, you can have multiple inputs with the same output. It is often better to offer a password reset option.
There are different types of hashing algorithms. Some are more secure than others. MD5 is a popular, but insecure one. The SHA-family is another more secure set of algorithms.
By definition, a hash is a one way function. It can not be reversed.
http://en.wikipedia.org/wiki/Sha-1
If there was a simple way to recover the clear-text password, there would be no point in hashing the passwords to begin with. At that point you might as well just base64 or ROT13 them. (don't do that!)
As others mentioned, use other password recovery methods. There really is never a good reason to have access to clear-text passwords.
If the hash at two sites is the same, the user most likely has the same password at both. Not 100% guaranteed however, there could be a hash collision, but that is hugely improbable.
There is no way to reverse the commonly used hashes. They can be bruteforced (trying every single possible password) or you can use a wordlist (using a list of commonly used passwords) in combination to brute force to speed it up some, but it is still a very slow and CPU intensive process.
The best way, which many sites use, it to create a "Password Reset" button where you enter your username and email, and if they match, it sends you a random password and gives you a link to the login page and you can login with your random password and change your password.
To do this you must have a model with the fields:
Hashed_password
Salt
And you need to know the method user to hash the password( Here I use SHA1)
Then you can define in your controller:
def self.encrypted_password(password, salt)
string_to_hash = password + "wibble" + salt
Digest::SHA1.hexdigest(string_to_hash)
end
Next you can compare:
user.Hashed_password == encrypted_password(password, user.salt)
True means that "password" is the password for the user "user"
The general idea behind storing a hash of a password is to ensure the passwords are secure...even from those who have access to the database. Trust is never implicit. A hash is a one-way algorithm, so there is no way to derive the original password from a hashcode. Usually, when a user needs to recover their password that was stored as a hash, you should ask them their secret question, and either email them their temporary password, or email them a temporary link where they can change their password. This ensures that the password is never stored clear text, and is secure from all prying eyes, even those who might be assumed to be trustworthy.