[nycphp-talk] Thoughts on encryption
John Campbell
jcampbell1 at gmail.com
Thu May 6 14:08:24 EDT 2010
On Thu, May 6, 2010 at 1:15 PM, Anthony Papillion <papillion at gmail.com> wrote:
> An attacker could determine an MD5 or SHA1 password through a simple
> dictionary attack. So, in essence, the encryption is useless.
Yes, current CUDA setups can calculate a billion SHA1's per second.
Dictionary attacks against salted hashes are pretty easy these days.
> My current method is to concatenate the username+password+username and
> then either MD5 or SHA1 that and store that as the password in the
> database.
This doesn't do very much. It is little more than a weak salt.
> But, really, is this anymore secure to a sophisticated,
> thinking attacker?
Use bcrypt. It is tunable so can make it so each hash check takes .1
seconds. This makes a dictionary attack a huge pain in the ass, but
your login page will still be plenty responsive.
> Perhaps the only way
> to mitigate the risk is to institute a 3 strikes policy (which pisses
> users off but is secure)
This is a DoS nightmare. I can trash your system by trying to sign in
as every user incorrectly 3 times.
It is also completely orthogonal to the hash choice. Hashing is so
the attacker can't get the passwords if the database is compromised.
> and to them change the users password to some
> absolutely random 50 digit gobbledygook string of characters.
This is fine if you don't want people to use your system.
-John C.
More information about the talk
mailing list