tag:blogger.com,1999:blog-7029605438334875741.post4040947758484748796..comments2024-01-24T22:19:44.224-08:00Comments on Eitan Adler's thoughts: How to safely handle user passwordsEitanhttp://www.blogger.com/profile/17949044170991613871noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-7029605438334875741.post-26895666864901593792012-10-16T07:25:41.126-07:002012-10-16T07:25:41.126-07:00Wow. I did not think of that attack even though it...Wow. I did not think of that attack even though it should have been obvious. Thanks!Eitanhttps://www.blogger.com/profile/17949044170991613871noreply@blogger.comtag:blogger.com,1999:blog-7029605438334875741.post-10593572026930468832012-10-16T06:38:01.990-07:002012-10-16T06:38:01.990-07:00If the attacker has access to both pw-hashes, he c...If the attacker has access to both pw-hashes, he can chose which hash he attacks. Naturally he would chose the one which uses less resources to verify against (if they aren't in the same complexity class) and verify with the second hash to make sure he didn't get another pw which is hashed to the same value. So using two would be less secure in the sense that you would think you are more secure than your strongest hash, while you are only as secure as the weakest link alone. I don't really know, but I think that the fact that the attacker could find a word which doesn't match the PW but computes to the same hash is not that significant from a complexity point of view in this case.<br /><br />Two hashes help (if they are not from the same algorithm family) if you use them as e.g. file checksums (to protect aliasing attacks which try to generate a file with the same hash but different content) instead of password hashes. Here you can be more secure (you could not only detect that a file has changed or not, you could also detect that someone tries to hide that he has changed the file).Alexander Leidingernoreply@blogger.comtag:blogger.com,1999:blog-7029605438334875741.post-89254203198638532842011-12-12T08:05:31.280-08:002011-12-12T08:05:31.280-08:00i really dont know much about hashing before your ...i really dont know much about hashing before your article but your depth is really greatjohnhttp://www.prepjunk.com/wikinoreply@blogger.comtag:blogger.com,1999:blog-7029605438334875741.post-7524343652200737582011-07-06T11:45:26.775-07:002011-07-06T11:45:26.775-07:00The more I think about it the less I value checkin...The more I think about it the less I value checking multiple hashes. It doesn't seem to offer any particular guarantee that checking one hash does not. Furthermore is doesn't have a minimum work guarantee that scrypt (or even bcrypt) offers. It probably does not hurt, but I don't think it helps either.Eitanhttps://www.blogger.com/profile/17949044170991613871noreply@blogger.comtag:blogger.com,1999:blog-7029605438334875741.post-43421903974095495852011-07-02T14:44:27.116-07:002011-07-02T14:44:27.116-07:00that is true, current project working on incorpora...that is true, current project working on incorporates bcrypt, checking two hashes its a good idea. You can have 2 different hashes with two different hash algorithms.Mohamednoreply@blogger.comtag:blogger.com,1999:blog-7029605438334875741.post-57718977258808559032010-03-31T00:15:51.626-07:002010-03-31T00:15:51.626-07:00@Dan
That is an approach I didn't think of and...@Dan<br />That is an approach I didn't think of and it also seems to work.Aton Ahttps://www.blogger.com/profile/11701845319070001405noreply@blogger.comtag:blogger.com,1999:blog-7029605438334875741.post-80433220152291922842010-03-29T15:25:27.055-07:002010-03-29T15:25:27.055-07:00Another method is to simply store multiple hashes ...Another method is to simply store multiple hashes alongside one another and only accept the password if it matches both/all of them, as it becomes increasingly more difficult to generate a valid password to match more than one hash without knowing the password itself.DeFender1031https://www.blogger.com/profile/01768211617800867459noreply@blogger.com