In the process of building what I would hope is a properly designed authentication mechanism, I found a lot of materials that indicate that:
- user passwords must be salty.
- the salt used should be random enough and generated for each user
- ... therefore salt must be stored with a user record in order to support user password verification.
I completely agree with the first and second points, but it seems that there is an easy workaround for this. Instead of making an equivalent (here's the pseudocode):
salt = random();
hashedPassword = hash(salt . password);
storeUserRecord(username, hashedPassword, salt);
Why not use a username hash as a salt? This gives a salt region that is well distributed (roughly) random, and each individual salt is as complex as your salt function. Even better, you do not need to store salt in the database - just update it during authentication. More pseudo codes:
salt = hash(username);
hashedPassword = hash(salt . password);
storeUserRecord(username, hashedPassword);
(Of course, the hashexamples above should be something reasonable, like SHA-512 or another powerful hash.)
This seems reasonable to me, given that (little) I know about cryptography, but the fact that this simplification by widely recommended practice makes me wonder if there is any obvious reason why I went astray that I didn’t I know.
, , . , . TheRook: , CWE. , : hash (username) - ?
EDIT 2 , ; biffabacon ( , , , , ), .