RE: Password encryption

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Hi Nick,

1. I don't want the caller to have to supply a salt value. However, I
would
like to make it more secure. Can I just have a static salt value in my
implementation and provide the same secureness assuming anyone trying to
decrypt the data doesn't have access to my code?

If the salt is a randomly generated 256 bit value then stored statically in
your code, the total number of possible keys an attacker needs to try (with
a dictionary of 200,000 English words) would be 2^256 * 200000 =
2.3158417847463239084714197001738e+82, theoretically.

I believe it will take an attacker *some time* to deal with this number of
possible keys.

But just like you said, this is based on the assumption that your code
(both source code and the compiled binary) is safe from the attackers.

2. I though the salt value was supposed to be added at the end of the
phrase
before generating the hash? From the docs:
"This attack is made much more difficult by the introduction of salt, or
random bytes, at the end of the password before the key derivation."

Based on the nature of the hash function, I don't think adding the salt at
the end of the password is the only way to go. The salt here is to mess up
the hash output of the original password for the attacker, making the
number of hashes to guess extend from 200,000 to 2^256, so add it in front
of the password, to the end of the password, or even do an Xor calculation
with the password will all do it.

3. I see that you set the IV to the has of the password + salt. Can I
just
use the salt as the IV? My salt is 32 bytes which matches the block size
I'm
using. Will using the salt as the IV make it any less secure?

As long as your salt is safe from the attacker, I don't think it will be
less secure. Or you may want to use another randomly generated 256bit value
and hard coded just like the salt value as the IV. This will make another
2^256 times to guess for IV and it causes you only one more line of code.

My biggest concern is the security of the code itself, because we made
assumption that the attacker will never know get hands on it, otherwise the
hard coded salt and IV will be compromised, so the dictionary attack might
be working easily again.

Making the data secure is not easy and it is actually a chain to secure
rather than just a single spot. We did our part on algorithm, and we also
need to make the users to do their parts, like using a complex password
instead of a simple phrase.

Please kindly let me know if this addresses your concerns.

Best regards,

Jie Wang (jiewan@xxxxxxxxxxxxxxxxxxxx, remove 'online.')

Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 2 business days is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions. Issues of this
nature are best handled working with a dedicated Microsoft Support Engineer
by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

.

Relevant Pages

  • RE: Password encryption
    ... With respect to the IV and salt being hardcoded in my library and the ... the total number of possible keys an attacker needs to try (with ... Microsoft Online Community Support ... nature are best handled working with a dedicated Microsoft Support Engineer ...
    (microsoft.public.dotnet.framework)
  • Re: Importance of salt
    ... generate a key which is then used for encryption. ... The salt is used on ... The attacker really couldn't use his ... As for the iteration count... ...
    (microsoft.public.dotnet.security)
  • Re: Importance of salt
    ... That is the problem with using one-way hash ... The salt is used on ... The attacker really couldn't use his ... > even knows the correct iteration count used. ...
    (microsoft.public.dotnet.security)
  • Re: Iterative Password Hashing vs Strong Salt
    ... my salts are not known by the attacker. ... I cannot use the word "salt". ... The purpose of hashing is to help in situations where the attacker has ... You are combining secret client data and secret server data to form an encryption key which is then used to encrypt and store some data on the server. ...
    (sci.crypt)
  • Re: password salting
    ... For attacker, I assume pre-computed hash tables are just not that helpful ... You can only add so many iterations to ... |> If you have the salt and the hash, the salt does not make attacking ...
    (microsoft.public.dotnet.security)