Do You Store Passwords Securely?
Keep the following information in mind if you develop anything with user- and password-management.
When managing users, one important step is storing their passwords in a secure way. In the following article the main principles to store passwords securely will be explained.
Plain-Text Passwords
The oldest version of storing passwords is the use of the plain-text passwords. The problem about storing passwords in plain-text is, that an attacker that gets access to your database has access to all passwords. The same problem also occurs when your database is leaked. The following example shows that also users with strong passwords like floOwe are exposed to this attack. As many users use the same password for all accounts they have, a single provider storing passwords in plain-text can cause a big security issue.
Hashing
The first step to store passwords more securely is the usage of hashing-algorithms. Hashing-algorithms are used to generate unique and fixed-length strings, called hashes. The most important characteristic of hashing functions is, that the calculation of the hash-value is easy, but the reversal of the calculation, so from the hash to the password very hard. Therefore, hashing-functions are 1-Way-Functions. This results in the fact, that an attacker that has access to the database, cannot calculate the password from the hash-values.
More details about hashing can be found in my last article about cryptography-concepts:
After hashing the passwords from the previous table, the hash-value can be stored (hashing-function: SHA3–256):
This solution seems to be very secure, as the password cannot be calculated from the hash. One problem about only hashing passwords is, that there are so-called rainbow-tables. A rainbow-table is a precomputed list of hashes of common passwords. The following picture shows an example of a rainbow-table for some of the most common passwords and there corresponding hash-values:
This underlines how important strong passwords are, because there are rainbow-tables containing enough entries to cover all easy and short passwords. Therefore password-requirements should at least be:
- ≥ 10 characters
- at least one capital and one small letter
- at least one number
- at least one special character
Salt & Pepper
Everything gets better when you add a bit of salt and pepper. That is also for storing password-hashes the case. Both are character sequences which are added to the password before calculating the hash. The difference is, that the salt is randomly generated for every user and is stored with the user data. Pepper is unique for all users and has to be kept in the configuration file as a secret.
The following example shows the usage of pepper:
Password: 123456
Hash of the password: d7190eb194ff9494625514b6d178c87f99c5973e28c398969d2233f2960a573ePepper: Q&9db&82Y
Value that is hashed: 123456Q&9db&82Y
Hash of the password and pepper:
57a2bed7b1f301dd2a91f409d9b75cbec00203a63c5191b3807700094f299d7e
The advantage of using pepper, is that, the attacker needs to find out the value first as it is not stored at the same location as the user data. After finding out the pepper a new rainbow-table has to be calculated to get the hashes with the pepper.
The salt is generated for each user and has to be stored, to validate the input if the user wants to log-in. The following example shows a table of users with hashed passwords with their salts:
If an attacker gets access to the database containing the user data, he has to generate the rainbow-table for each user.
To get the highest level of security, a combination of salt and pepper can be used as this results in both advantages.
How To Choose the Hashing-Algorithm?
Nowadays there is a long list of hashing-algorithms. Even though all of them can be used to hash passwords, some are better for this use-case. Even though MD5 is not secure any more, it will be used to show why hashing-algorithms like MD5 should not be used for passwords anymore:
import hashlib
import timeNUMBER_OF_HASHES = 1000000
passwords = []
for _ in range(NUMBER_OF_HASHES):
passwords.append(generate_random_password().encode())
start_time = time.time()
for password in passwords:
result = hashlib.md5(password)
duration = (time.time() - start_time)
print("%ss for %s hashes" % (duration, NUMBER_OF_HASHES))
This results in a computing time of 0.414 seconds for one million hashes.
Nowadays when asking for an algorithm for hashing passwords you will mostly likely get the one answer, which is bcrypt . It is a hashing algorithm that is often used for hashing passwords because of the following characteristics:
- Long calculation time
- High RAM-usage
- Work-factor
The last property is a really important one. When hashing an input with bcrypt a work-factor can be defined. If a higher work-factor is chosen, the calculation takes longer and needs more resources. This is very important as there is an attack that is called brute-force. For brute-force the attacker tries all possibilities which is slowed down if the computation takes longer. The following chart shows the computing time for a single bcrypt hash for my system for the work-factors from 4 to 24:
Therefore, the work-factor can be chosen depend on the system that runs the hashing algorithm. The work-factor should always be at least so high, to result in a computing time of >250ms per hash. This would for my system be a work-factor of at least 12.
If you find this article and the series useful share it with your friends, save it for later and leave a 👏 or even 5️⃣0️⃣
Follow me if you are interested in topics around software development and other topics in the area of IT 💯
