Best IT Recipes

What is the most secure one-way encryption algorithm currently?

As many people know, one-way encryption is a convenient way to encrypt user passwords in databases. Thus, even the database administrator cannot know the user's password, but will have to guess the password, encrypt it using the same algorithm, and then compare the result with the encrypted password in the database. This means that the process of determining a password requires enormous guesswork and great processing power.

Seeing that computers are continuing faster and that mathematicians are still developing these algorithms, I wonder which one is the most secure, given modern computing power and encryption methods.

I have been using MD5 almost exclusively for years, and I wonder if there is anything else that I should do. Should I consider a different algorithm?

Another related question: how long should there be a field for such an encrypted password? I must admit that I know almost nothing about encryption, but I assume that the MD5 hash (as an example) can be longer and, presumably, will require more computing power to crack. Or the length of the field does not matter at all, provided that the encrypted password in it is primarily included?

+49
security algorithm passwords encryption md5
Feb 24 '10 at 21:14
source share
7 answers

Warning:. Since this post was written in 2010, GPUs have been widely deployed for brute force password hashes. Reasonably priced GPUs can run ten billion MD5 per second. This means that even a completely random 8-character alphanumeric password (possibly 62 characters) can be mournful for 6 hours. SHA-1 is only a little slower, it will take one day. Your user passwords are much weaker, and (even with salinization) will drop at the speed of thousands of passwords in the second. Hash functions are designed to work quickly. You do not want this for passwords. Use scrypt, bcrypt or PBKDF-2.

MD5 was found weak back in 1996, and should no longer be used for cryptographic purposes. SHA-1 is a commonly used replacement, but the SHA-2 hash family is the current SHA-1 replacement . Members of SHA-2 are individually named SHA-224, SHA-256, SHA-384, and SHA-512.

Currently, several hash functions are competing to become SHA-3 , the next standardized cryptography hash algorithm. Winner will be selected in 2012. None of them should be used so far!

For password hashing, you can also use something like bcrypt . It is designed to be slow enough to make large-scale brute force attacks impossible. You can adjust the slowness yourself so that it can be slower when computers get faster.

Warning: bcrypt is based on the earlier Blowfish two-way encryption algorithm, for which there are better alternatives today. I do not think that the cryptographic properties of bcrypt hashing are fully understood. Someone will correct me if I am wrong; I have never found a reliable source that discusses the properties of bcrypt (other than its slowness) from a cryptographic point of view.

Perhaps it is somewhat reassuring that the risk of conflict is less important for password hashing than for public-key cryptography or digital signatures. Using MD5 today is a terrible idea for SSL, but not as disastrous for password hashing. But if you have a choice, just choose a stronger one.

Using a good hash function is not enough to protect your passwords. You must use passwords along with salt , which are long and cryptographically random . You should also help your users choose stronger passwords or pass phrases if possible. Longer is always better.

+52
Feb 24 '10 at 21:34
source share

Great question! This page is well read. In particular, the author claims that MD5 is not suitable for password hashing:

The problem is that MD5 is fast. So are its modern competitors such as SHA1 and SHA256. Speed ​​is the design goal of a modern secure hash, as hashes are the building block of almost every cryptosystem and usually receive a request on demand for every packet or for every message.

Speed ​​is exactly what you don't want in the password hash function.

The rest of the article explains some alternatives and recommends Bcrypt as the “right choice” (his words, not mine).

Disclaimer: I have not tried Bcrypt at all. Consider this friendly recommendation, but I cannot support my own technical experience.

+10
Feb 24 2018-10-21
source share

To increase the strength of the password, you should use a wider range of characters. If you have 8-10 characters in a password, it becomes quite difficult to crack. Although doing it longer, it will only make it safer if you use numeric / alphabetic / other characters.

SHA1 is another hashing algorithm (one-way encryption), it is slower but has a longer digest. (encoded messsage) (160 bits), where MD5 has only 128 bits.

Then SHA2 is even more secure, but it is used less.

+6
Feb 24 2018-10-21
source share

password sticking is always an additional level of protection

$salt = 'asfasdfasdf0a8sdflkjasdfapsdufp'; $hashed = md5( $userPassword . $salt );
+3
Feb 24 '10 at 21:26
source share

Seeing that computers go on faster and that mathematicians are still developing these algorithms

RSA encryption is secure in that it relies on a really large number that is hard to question. In the end, computers will be fast enough to multiply the number in a reasonable amount of time. To stay ahead of the curve, you use a larger number.

However, for most websites, the purpose of password hashing is to make it inconvenient for someone with access to the database to read the password, and not to provide security. For this purpose MD5 is excellent 1 .

This implies that if an attacker gains access to your entire database, they do not need a password. (The lock on the front door will not stop me from entering the window.)



1 Just because MD5 is “broken” does not mean you can just cancel it whenever you want.

+3
Feb 24 '10 at 21:53
source share

Besides a cryptographically secure one-way function, a good hash function for password protection should be difficult for brute force, i.e. slow in design. scrypt is one of the best in this area. On the home page:

We estimate that on modern (2009) equipment, if it takes 5 seconds to calculate the derivative key, the cost of a brute-force hardware attack against scrypt is about 4000 times higher than the cost of a similar attack against bcrypt (before finding the same password) and 20,000 times more than a similar attack on PBKDF2.

However, out of the public hash functions, performing several thousand iterations of something from the SHA family, a pretty reasonable protection for non-critical passwords.

Also, always add salt to make it impossible to share efforts to force many hashes at a time.

+1
Feb 24 '10 at 21:55
source share

NIST is currently running a contest to select a new hashing algorithm, as well as to select an AES encryption algorithm. Thus, the answer to this question is likely to differ in a couple of years.

You can look through the materials and study them for yourself to see if there is one that you would like to use.

0
Feb 24 '10 at 21:31
source share


More articles:


All Articles