Password validation security issue

Christian Heimes christian at python.org
Sat Mar 1 20:54:24 CET 2014


On 01.03.2014 19:45, Chris Angelico wrote:
> On Sun, Mar 2, 2014 at 5:31 AM, Christian Heimes <christian at python.org> wrote:
>>>>>> encrypted = hashlib.sha256(login+'NaCl protects your passwords'+password).hexdigest()
>>>>>> encrypted
>>> 'b329f2674af4d8d873e264d23713ace4505c211410eb46779c27e02d5a50466c'
>>
>> Please don't do that. It's insecure and not the proper way to handle
>> passwords. In fact it's insecure on so many levels that I don't know
>> where to start...
> 
> Please do start. This is an extremely common practice; are you able,
> from just the information above, to figure out the password using
> anything better than brute force?

I'm aware that it's still a common technique. It makes me sad everytime
I see code that uses SHA256 for password hashing. :( Why haven't people
learnt from mistakes like LinkedIn's and Adobe's password disaster?

Yes, for most applications brute force is still the best option to crack
the password. Passwords are usually rather short, have a low entropy and
modern hardware is insanely fast. With software like [1] and a fast GPU
it is possible to do more than 10*10^9 checks/second for SHA-256.

Clever and very capable people have come up with algorithms like [2] to
make it much harder to crack passwords. The Wikipedia articles on KDF
and KSA explain both algorithm much better than I could. The PHC [3] is
a recent attempt to come up with an even more secure algorithm.

Please don't implement PBKDF2 on your own. Django, several other Python
libraries and OpenSSL did and made a really bad error that lead to a DoS
vulnerability.

Christian

[1] http://hashcat.net/oclhashcat/
[2] http://en.wikipedia.org/wiki/Key_derivation_function
[3] https://password-hashing.net/




More information about the Python-list mailing list