[Owasp-leaders] Stepping through password hashing options

William Stranathan will at thestranathans.com
Mon Jun 11 14:01:59 UTC 2012


As the Mozilla document says, the point of BCrypt is to be slow to
reduce the possibility of brute-forcing. I'm with you, however, and
think there are downsides to this (DoS, login timing check attacks,
etc.) that are generally mitigated by:
1) Use TWO salts - one in the db specific to the one credential and
one in the application (in configuration, never in the code). As the
Mozilla document states, the point of this is that if the attacker
gets the DB, they don't get the salt. My approach has always been to
keep two salts and use them concurrently on each round or on
alternating rounds
2) Use a large-ish number of encryption rounds (depending on the
algorithm). The way the salt is appended/prepended/injected should
change each round.

But again - you're spot-on in the summary - passwords are dead (at
least I hope). As much as possible, I personally use passphrases and

-- coleslaw

More information about the OWASP-Leaders mailing list