Crypt For Passwords
Let’s talk about password hashing. Whenever I review code, I’m always surpised to see that many developers still hash secrets with SHA-1 or SHA-256 to generate encryption keys or to store passwords. Overall, these hashing methods are fast, and are thus prone to brute force analysis with GPU cracking.
In OpenSSL, we have support for a number of hashed password options [here]:
In Linux, there is support for a range legacy hashing, such as with SHA-256 crypt, HMAC-SHA1, MD5 crypt, BSDi crypt and DES crypt, but for new passwords, we should use either bcrypt or SHA-512 crypt. So let’s go from worst to best.
DES crypt
DES crypt was the first password hashing method and used a modified version of the DES symmetric key method. Unfortunately, the password was truncated to eight characters, and then further reduced to 7-bits per character. This gives a 56-bit DES key (and which forms the basis of 64-bit DES). This key is then used to encrypt a data block with all zeros. Next, we go though 25 DES encryption rounds with the same key. A 12-bit salt value is also used modify the output of the rounds — this is only two characters of salt (and where the last four bits are…
