SHA1 cracked .... What are the chances this will be addressed in LC?
Peter TB Brett
peter.brett at livecode.com
Wed Mar 1 11:01:40 EST 2017
On 01/03/2017 15:37, Bob Sneidar via use-livecode wrote:
> Hi Peter. Very informative thank you. In the example,
>
> [protected form] = [salt] + protect([protection func], [salt] +
> [credential]);
>
> It looks like they are saying to prepent the salt prior to the
> protect function (in the case of LC that would be encrypt) but if
> someone got access to the SQL database, wouldn't that give part of
> the secret away? Isn't the salt value a way to further obscure the
> credential, making something like a hash table more difficult?
>
> I use a salt value that only I know, and I password protect the stack
> that uses it. Seems to me that prepending the salt to the protected
> form is like giving someone my user name but not my password. The
> other team is starting on the 50 yard line (in American sports
> vernacular).
The idea of a password storage scheme is to make it extremely costly for
an attacker to recover the original passwords, even given _total_
information about the scheme. When evaluating a scheme, you should
always assume that if someone has got access to your password database,
they have also got access to anything else on that server or any server
connected to it -- potentially including your secret salt.
By appending the salt to the front of the protected form, you can use a
different salt for every single password in your database. Even if
someone knows a password already (e.g. because they have an account on
your server), they gain no information about any of the other passwords
in the database.
Password storage schemes like Argon2 go one step further and put all of
the parameters for the protected form into the protected string. This
allows the parameters to be modified for newly-stored passwords while
still being able to verify old passwords. They are also tuned to ensure
that it takes a long time to compute the protected form (usually around
0.1 to 0.5 ms). That's long enough that knowing _all_ the parameters
still makes it infeasible to figure out what the original password was.
In summary: salt values shouldn't need to be secret.
Peter
--
Dr Peter Brett <peter.brett at livecode.com>
LiveCode Technical Project Manager
lcb-mode for Emacs: https://github.com/peter-b/lcb-mode
More information about the use-livecode
mailing list