Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Re: Lesson Four, Part 2 of online CGI course

by mdillon (Priest)
on Jan 06, 2002 at 23:06 UTC ( [id://136698]=note: print w/replies, xml ) Need Help??


in reply to Lesson Four, Part 2 of online CGI course

What you are doing with Digest::MD5 is not actually a crypt-style MD5 digest. It is just a simple MD5 digest with a constant component (what you have erroneously called the "salt") tacked on the end of the digest source. While it is still better than storing the plain text directly, it is not as good as actual MD5 crypt. A good explanation of what MD5 crypt is beyond a simple MD5 hash, go here (read the larger presentation about bcrypt, as well, if you like).

Whether your simple system actually needs to use a crypt-style system is up to you. The idea of crypt and cousins is to increase the computational cost of checking a password. The trade-off is between responsiveness for legitimate users and deterrence of brute-force and dictionary attacks. The simple MD5 hash is almost certainly lower on this scale that traditional, DES-based crypt, and definitely below MD5 crypt. In my case, I would probably choose MD5 crypt (or SHA crypt or bcrypt, if feasible), in most cases, since I like to do whatever simple things I can to make myself feel more secure.

In terms of implementation, there are two possibilities that I'll mention (who knows what others there are):

  1. Your operating system's version of crypt already supports extended variants of crypt (MD5, SHA, or bcrypt). This means that the crypt command built in to Perl already supports these variants. There is a good explanation of using built-in MD5 crypt here. (Read the reply to that node for some good caveats as well.)
  2. Use Crypt::PasswdMD5 for a pure Perl implementation of the MD5 crypt algorithm. (DISCLAIMER: I've never actually used this myself, YMMV)

Other than that complaint, I'd say what I've read of the course is generally quite well written, thought out, and researched.

Replies are listed 'Best First'.
(Ovid) Re: Re: Lesson Four, Part 2 of online CGI course
by Ovid (Cardinal) on Jan 06, 2002 at 23:53 UTC

    Thanks for the information. As is obvious, cryptology is not my strong suit, so if you or anyone else cares to tackle the following question, I'd be grateful.

    From the link you provided regarding the MD5 crypt function:

    The output is the concatenation of the version identifier ``$1$'', the salt, a ``$'' separator, and the 128-bit hash output.

    So, I might get passwords that look like this:

    $1$1PUXLuZE$P.LfclRO9SKqTf2BQK.yD1

    The eight characters after the second dollar sign are the salt. I understand that the salt and the password are repeatedly hashed together in an effort to make make cracking it computationally slow, but how exactly is that different from the constant component that I used, other than the fact that it's kept separate? I'm not sure I understand that point.

    The other point that I am trying to figure out is why the salt is included in the output. Doesn't keeping the salt secret make it more difficult to crack, since the attacker should know the salt in order to crack the password? I can see how having a different salt for each password improves security (lack of salt collisions will mean that each salt will force a different computation of the word list), but if someone has the password file, they can use the included salts at their leisure. Is there something just dead obvious that I am missing here?

    Glancing through the code for Crypt::PasswdMD5, it looks like it would be cross-platform compatible and should slow down an attacker. Once I have a better grasp of these issues, I should post an update to my course.

    Cheers,
    Ovid

    Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

      if the salt were secret, how would you ever check the user's password?

      the salt exists to keep dictionary attacks from being ridiculously efficient. imagine if there were no salt in the unix crypt scheme. i could calculate the hash of every word in the dictionary ahead of time and then simply compare that one list against every /etc/passwd i come across. if i were good, i could probably even remember the hash of a few of the more common passwords and be able to get an account here and there just by glancing at the passwd file. the salt just makes it so i have to run crypt on every word in the dictionary for each password i encounter because it has a different salt. no matter what i've always got to do some work.

      anders pearson

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://136698]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others avoiding work at the Monastery: (5)
As of 2024-03-29 00:03 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found