Proper salting and using PHPass

2019-06-20 05:50发布

问题:

I've been using PHPass to hash my passwords for a long time. I admit that there's still things I don't fully understand (or ignore) to hash a password properly so today I was reviewing all the info I could find about it.

Reviewing PHPass documents, I've steped into this:

Besides the actual hashing, phpass transparently generates random salts when a new password or passphrase is hashed, and it encodes the hash type, the salt, and the password stretching iteration count into the "hash encoding string" that it returns. When phpass authenticates a password or passphrase against a stored hash, it similarly transparently extracts and uses the hash type identifier, the salt, and the iteration count out of the "hash encoding string". Thus, you do not need to bother with salting and stretching on your own - phpass takes care of these for you.

I've bolded the sentence that bothered me.
I always though that the salt should be somewhat secret, in the sense that it should not be known to the attacker. So if a understood correctly, PHPass stores the salt used in the same hash so it is able to use it when comparing passwords and check if valid.
My questions are

  1. Is this secure? If the hash is compromised, the attacker has the salt used to hash the password... There's something I miss here.
  2. I'm here really free to bother about salting passwords? Can I really rely on PHPass?

回答1:

The purpose of a salt is not to be a secret. The purpose is to add a unique component to each hash input, so identical passwords will not hash to identical hashes, thereby making the brute-force process more difficult and time consuming since each hash has to be tried individually.

Yes, it would be marginally more secure if the salt was secret, but that's hard to realize in practice, since your application needs the salt as well, so it needs to be stored somewhere where the password is accessible as well. Therefore, in practice, when the attacker gets the password hash, he's typically also able to get the salt anyway.



回答2:

A little background
A salt is not meant to be secret, instead, a salt 'works' by by making sure the hash result unique to each used instance. This is done by picking a different random salt value for each computed hash.

The intention of the salt is not compromised when it is known; the attacker still needs to attack each hash separately. Therefore, you can simply store the salt alongside the password.

So, is PHPass secure?
YES! PHPass (according to the best practices) generates a strong random salt for you. It is a well reviewed and good quality library.

Links of interest:
How to securely hash passwords?
How to store salt?
Password Hashing add salt + pepper or is salt enough?
Salt Generation and open source software



回答3:

If I understand correctly, salts are primarily used to thwart precomputed hash/rainbow tables attacks. As long as the hash that is used is generated so that it is reasonably globally unique (not hardcoded in PHPass for example), you're OK.