THE IMPORTANCE OF HASHING PASSWORDS, PART 4: THE HARDWARE THREAT

Posted Leave a comment

The third part of this series presented PBKDF2 as a modern key derivation and password hashing algorithm. But PBKDF2 has its limitations; for best protection against password cracking the iteration count (defining the computing power needed to hash a password) should be chosen as high as possible. On the other hand, a higher iteration count also means that a login of a […]

THE IMPORTANCE OF HASHING PASSWORDS, PART 3: RAISE THE PRICE

Posted Leave a comment

The last part of this series presented a fairly serious password hashing algorithm using an HMAC and a salt value. However, as this article will show, this construction can be much improved, dramatically raising the “price” for an attacker to crack a password hash. How to Attack a Password Database To improve our salted HMAC construction, we need to know how an adversary […]

THE IMPORTANCE OF HASHING PASSWORDS, PART 1: CRYPTOGRAPHIC HASHES

Posted Leave a comment

Many applications store passwords for user authentication. Using an appropriate password hashing algorithm can efficiently protect the stored passwords even when the persisted password hashes get stolen by an attacker. Unfortunately many developers assigned with the task to implement a persistent password storage lack the necessary cryptographical background knowledge to choose a strong password hashing […]