Want to be a web developer? You'll need to know HTML. Prepare for HTML5 certification by enrolling in July's Course of the Month! It's free for Premium Members, Team Accounts, and Qualified Experts.
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Using random iterations in password hashing. Good or Bad?
Posted on 2016-08-10
Hi there,
I am currently using individual salts per password in my hashing solution.
My understanding is that using salts helps to prevent people from using lookup and rainbow tables to crack the passwords.
Due to legacy issues I am using the PBKDF2 algorithm inside the .NET Rfc2898DeriveBytes cryptology class which I believe uses HMAC based on SHA1. With this in mind I am looking at alterative ways to strengthen my password hashes.
I read a comment in an article that if you randomise the number of iterations for each password (iterations are stored with the salt for use when verifying password) that this also helps with beating rainbow table attacks.
As I can't find anywhere else that seems to mention this method I was wondering if anyone knew whether the randomising of iterations was actually a good idea or simply an unnecessary step? Could it in fact be a bad idea?
My thoughts are that even a matching hash at a different iteration count wouldn't result in the hacker knowing the actual password.
I am currently using individual salts per password in my hashing solution.
My understanding is that using salts helps to prevent people from using lookup and rainbow tables to crack the passwords.
Due to legacy issues I am using the PBKDF2 algorithm inside the .NET Rfc2898DeriveBytes cryptology class which I believe uses HMAC based on SHA1. With this in mind I am looking at alterative ways to strengthen my password hashes.
I read a comment in an article that if you randomise the number of iterations for each password (iterations are stored with the salt for use when verifying password) that this also helps with beating rainbow table attacks.
As I can't find anywhere else that seems to mention this method I was wondering if anyone knew whether the randomising of iterations was actually a good idea or simply an unnecessary step? Could it in fact be a bad idea?
My thoughts are that even a matching hash at a different iteration count wouldn't result in the hacker knowing the actual password.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
4 Comments
Active today
* You would still need a maximum hash iteration
* A cracker can check for a match in all intermediary hash iterations
* A cracker can check for a match in all intermediary hash iterations
If that was the case then wouldn't that be true for any algorithm that has iterations?
Correct me if I'm wrong but a match at an intermediary iteration wouldn't result in them finding the actual password though. Wouldn't they need to find a match at the final iteration in order to determine the password?
Correct me if I'm wrong but a match at an intermediary iteration wouldn't result in them finding the actual password though. Wouldn't they need to find a match at the final iteration in order to determine the password?
Active today
"Randomisation" of the iteration counts just add to the complexity and security via obscurity is not going to make it a great leap in deterring the attacker eventual brute force attempts to break the secret derived from the PKCS#5 PBKDF2 scheme. It is also shared that PBKDF2 may be slow in computing on a CPU system but is much faster for a GPU system.
The "randomness" will not help if weak password is used and password is also predicative. If you are using PBKDF2 for deriving a key to further perform other encryption needs, it is more to make the password "random" (like from form some strong PRNG) and not predicative like human derivable (or susceptible to dictionary attacks).
In fact, NIST has a paper on "Recommendation for Key Derivation Using Pseudorandom Functions", specifically it advise on security strengthen that we need to be cognizant of which I doubt it is about making it further ambiguous with random iteration count
The "randomness" will not help if weak password is used and password is also predicative. If you are using PBKDF2 for deriving a key to further perform other encryption needs, it is more to make the password "random" (like from form some strong PRNG) and not predicative like human derivable (or susceptible to dictionary attacks).
In fact, NIST has a paper on "Recommendation for Key Derivation Using Pseudorandom Functions", specifically it advise on security strengthen that we need to be cognizant of which I doubt it is about making it further ambiguous with random iteration count
The encoding method shall be designed for unambiguous conversion of the combined input information to a unique binary string.(pdf) http://csrc.nist.gov/publications/nistpubs/800-108/sp800-108.pdf
Unambiguous encoding for input data is required to deter attacks on the KDF that depend on manipulating the input data.
In this Recommendation, key separation is a security requirement for the cryptographic keys derived from the same key derivation key. The keys shall be separate in the sense that the compromise of some keys will not degrade the security strength of any of the other keys.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
The Email Laundry PDF encryption service allows companies to send confidential encrypted emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
- Document Management
- Printers and Scanners
- Document Imaging
- Software-Other
- Images and Photos
- Adobe Acrobat, Photos / Graphics Software, Security, OCR, *PDF
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month4 days, 7 hours left to enroll
635 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.