Do we gain security by using multiple slow-hashing functions to safely store a password?
This article was published in 2015, so it doesn’t reflect the current state of things but you can read the 2019 update.
A question has been recently raised to me on password hashing:
Do we gain security by using multiple slow-hashing functions to safely store a password?
While all of these functions are pretty much safe given a proper implementation and good cost parameters (and therefore there’s no need to increase architectural complexity), I wanted to give a wider retrospective on the real security of such a system and I’ll post it here as well.
In 2015, if you’re storing passwords I hope that we’re already assuming that you’re going to store the hashed version of them. The hashing process is a one-way process which given some data it turns that into an unique string of fixed length. And that process will always return that string for that data. This allows a system to check the validity of a password with no knowledge of the original data, at least in theory (plaintext password). (Disclaimer: some hashing functions have collisions which means that different data might result in the same output. This means that the used cryptographic algorithm is broken; this is true for MD5, SHA1 and several others.)
So given a random attacker Mallory that is able to dump/read all user passwords, he would have to:
- Determine the hashing function generating that output
- If he’s lucky enough to have MD5 (or something similar) hashes, you’ll have an happy attacker
- If the System OP used slow-hashing functions things might get slightly more complicated (unless system OP choose too weak cost parameters or bad parameters in general)
- He could run a statistical analysis to find a partial password list He could run a bruteforce on them
So, in theory, if an attacker is up to crack all your passwords by bruteforce, unless he’s insane, he also has the resources to do so (no laptop allowed here :) ) and therefore he would use an ASIC (or GPU rigs) or FPGA hardware…
