THE IMPORTANCE OF HASHING PASSWORDS, PART 4: THE HARDWARE THREAT

Posted Leave a comment

The third part of this series presented PBKDF2 as a modern key derivation and password hashing algorithm. But PBKDF2 has its limitations; for best protection against password cracking the iteration count (defining the computing power needed to hash a password) should be chosen as high as possible. On the other hand, a higher iteration count also means that a login of a […]

THE IMPORTANCE OF HASHING PASSWORDS, PART 3: RAISE THE PRICE

Posted Leave a comment

The last part of this series presented a fairly serious password hashing algorithm using an HMAC and a salt value. However, as this article will show, this construction can be much improved, dramatically raising the “price” for an attacker to crack a password hash. How to Attack a Password Database To improve our salted HMAC construction, we need to know how an adversary […]