Comments on: More secure passwords ! http://ludopoitou.wordpress.com/2012/06/13/more-secure-passwords/ Ludovic Poitou blog about Identity, Directory and others... Sun, 12 May 2013 11:14:20 +0000 hourly 1 http://wordpress.com/ By: Ludo http://ludopoitou.wordpress.com/2012/06/13/more-secure-passwords/#comment-1084 Thu, 14 Jun 2012 08:34:13 +0000 http://ludopoitou.wordpress.com/?p=1173#comment-1084 Yes, the salt is here to prevent attacks with precomputed hashes (http://en.wikipedia.org/wiki/Rainbow_table), which may correspond to several passwords as well.
The use of Salted SHA 512, over SHA1 reduces the risk of chain collisions.
Now, storing the salt separated from the password would definitely be more secure, but it increases the complexity when distributing the passwords and also consumes much more memory, space or disk IOs. Each time you need to authenticate someone, you will need to read in 2 locations the hashed password and the salt. You also need to associate the hash and the salt using an extra ID which increases the risk of errors.
Overall, the use of stronger and salted hash mechanism is meant to make it harder and longer to run dictionary attacks but it is just one of the steps to secure the use of plain text passwords. The other existing measures are complexity check of the passwords, as well as forcing users to change regularly the password (although this often results in simpler passwords to remember), and not to reuse previous passwords. All of these are available and configurable in OpenDJ, through the Password Policies.

]]> By: Emmanuel Bernard http://ludopoitou.wordpress.com/2012/06/13/more-secure-passwords/#comment-1083 Wed, 13 Jun 2012 21:37:01 +0000 http://ludopoitou.wordpress.com/?p=1173#comment-1083 What surprises me is that the salt is stored in the same table as the password. It means that for a specific user, I can build my salted brute force dictionary and find it if the password is common enough.
Salt is really here to save from massive steal.

I personally would have stored the salt for each user on a different box or at least data store than the hashed password.

]]> By: Ludo http://ludopoitou.wordpress.com/2012/06/13/more-secure-passwords/#comment-1081 Wed, 13 Jun 2012 16:28:30 +0000 http://ludopoitou.wordpress.com/?p=1173#comment-1081 Yes, of course. There is an interface that all password storage schemes are implementing. The encryption algo can be reversible or not, but OpenDJ directory server will not return a cleartext password to the client application. Decrypt (when available) is only used for internal use, for example with authentication mechanisms that passphrases and multiple steps (like Digest-MD5).

]]> By: DD5 http://ludopoitou.wordpress.com/2012/06/13/more-secure-passwords/#comment-1080 Wed, 13 Jun 2012 16:25:07 +0000 http://ludopoitou.wordpress.com/?p=1173#comment-1080 Can other password encryption algorithms be added to OpenDJ, such as bcrypt/scrypt?

]]> By: Ludo http://ludopoitou.wordpress.com/2012/06/13/more-secure-passwords/#comment-1078 Wed, 13 Jun 2012 14:41:50 +0000 http://ludopoitou.wordpress.com/?p=1173#comment-1078 It is a salt per password and the salt is appended to the hashed password in clear.
This is the OWASP recommended way to hash passwords : https://www.owasp.org/index.php/Hashing_Java.
The additional step for very long term passwords storage, would be to iterate on the hash multiple times (I think the recommandation is a minimum of 1000 iterations, which will probably start to become a performance bottleneck for us).

]]> By: Emmanuel Bernard http://ludopoitou.wordpress.com/2012/06/13/more-secure-passwords/#comment-1077 Wed, 13 Jun 2012 14:34:50 +0000 http://ludopoitou.wordpress.com/?p=1173#comment-1077 Is that one salt per password or one global salt?
If per password, where do you keep the salt?

]]>