Re: [glob2-devel] Encryption, security, and a new glob2 dependancy

[Martin Voelkle]

On 5/2/07, Leo Wandersleb <address@hidden> wrote:
> Martin Voelkle wrote:
> >> I have talked to a few computer security gurus on IRC, and have
> >> learned a little bit about security and how I could achieve it.
> >>
> >> First of all, the only data that YOG transfers which could be
> >> considered sensitive is the password for a user.
> >>
> >> First of all, storing the password on the harddisk safely:
> >>
> >> I was informed that I should use a non-reversible transformation on
> >> the password, and store the transformed version. I had learned that
> >> you could use the password as the key to encrypt a string of spaces.
> >> The gurus reccomended SHA1 and/or MD5 and/or other, more difficult
> >> algorithms, and or some combination of them. They also reccomend I add
> >> salt to the password, to make it a given length. One guy jokingly
> >> suggested I use one hash as the salt for another hash, just to
> >> "mindfuck" them. Not a bad idea, thinks me.
> >
> > Since this is supposed to be GPL, there is no security enhancement by
> > using "mindfucking" techniques. The order and combination of the
> > hashes is publicly documented in the code. I'm also not sure about
> > salting, because the salt can also be reconstructed in any brute force
> > attack.
>
> sure. brute force attacks specially designed for glob2 can't be stopped by that.
> but they take years to find passwords as they would have to check passwords on
> every single login. if not salted you simply search md5("test123") in the hashed
> passwords column and find who uses this password.

The password file stored on YOG is not supposed to be public. So there
is no global password column. But I agree that there could be a
leakage of the password, so they'd better be salted.

> >> I will likely use some obscure combination of SHA1, MD5, and maybe
> >> another hash function to store the password. This is almost trivial to
> >> do, and unbreakable to a certain extent. Not that anyone will really
> >> be getting into YOG passwords anyhow.
> >
> > I think the only way to be secure is to chose a good hashing function.
> > MD5 is a bad one. SHA1 seems also flawed. Better use SHA256 or SHA512.
> > http://en.wikipedia.org/wiki/Cryptographic_hash_function
>
> in my eyes salted md5 is absolutly more than sufficient. please don't use
> several algos as this is more lines of code with no extra value.
>
> hash=md5(md5(login)+password)

I'd prefer that to be
sha256(sha256(login)+password)

> and don't take more efford than neccessary. it's only a game. passwords should
> be secured to a certain degree as they might be used elsewhere, too but don't
> put in all your energy.

With gcrypt, it's the same code to use one hash algo or an other
(except for the parameter that selects the algorithm).

Martin