0

Salts are stored in the plain text and readily available with the hashed passwords if the password database is compromised. What if we encrypt the salt using password itself? Doesn't it make offline dictionary attack more difficult as the attacker now has to identify the salt to break the password and break the password to identify the salt?

With this scheme, password is hashed with a random salt and random salt is not stored in plain but encrypted with the password.

Curious
  • 21
  • 5
  • http://security.stackexchange.com/questions/66801/is-encrypting-salt-with-given-users-password-more-secure/66803#66803 – thexacre Sep 16 '14 at 06:56

1 Answers1

1

A common attack is to check hashes against common passwords. In that case your solution would add only one more round of decryption:

  1. choose a common password (for example "password123")
  2. decrypt the salt with the chosen password
  3. hash the chosen password with the decrypted salt

Therefore you're only making attacks slower and introduce more complexity to your solution. I would use a higher cost parameter for your hashing algorithm.

Christian Strempfer
  • 474
  • 1
  • 4
  • 16
  • Please correct me if I am wrong. The proposed scheme basically adds just 1 more step for the attacker, the step being of decryption of the salt. Even if the password is random and therefore not common, then the brute force search attack will try every candidate password first to decrypt the salt and then hash the same candidate password with the decrypted salt. – Curious Sep 16 '14 at 07:26
  • @Curious just use a good hashing algorithm like scrypt, bcrypt or pbkdf2 and increase the cost in a way provided by that hashing algorithm instead of rolling your own. Salts are meant to be unique, not to be secret. Don't start misusing them to increase the cost. – Darsstar Sep 16 '14 at 07:47
  • @Curious, there's no way for the attacker to know that he successfully decrypted the salt. Hence, a brute force attack will follow the steps outlined in the answer. First the attacker will choose a random password, and then decrypt the salt and then hash the password with the decrypted salt. You're not actually adding any security by encrypting the salt. – Chris Murray Sep 16 '14 at 07:49
  • @Curious: Correct. A random password would just decrease the chance for match, so it's unlikely that an attacker would try random passwords. – Christian Strempfer Sep 16 '14 at 07:51
  • @Chris Murray, hashing the decrypted salt with the guessed password can be verified against the hash of a password in the database. So attacker will know that he has successfully decrypted the salt. Successful decryption of salt implies successful guessing the password. Isn't it? – Curious Sep 16 '14 at 08:41
  • @Curious, precisely. You can't decrypt the salt first, as the only way to validate it's correct is to get the correct password. And if you have the correct password, you don't have to brute force the hash. Hence, the hash and the encrypted salt are both protected by the same thing, the password. You're not increasing the amount of knowledge the attacker needs to know, they still only need one thing to break your security. – Chris Murray Sep 16 '14 at 08:45
  • @Chris By the random password, I meant that if the password hashed in the database was randomly generated by its user, then the attacker has to resort to brute force search to break it. – Curious Sep 16 '14 at 08:47
  • @ChrisMurray: I think you understood Curious' comment different than me. You understood "(try every candidate password to decrypt salt) THEN (hash the same candidate password with the decrypted salt)", while I understood "try every candidate password (to decrypt salt AND hash the same candidate password with the decrypted salt)". – Christian Strempfer Sep 16 '14 at 08:48
  • @Chris your understanding is correct, I am not good with English :) – Curious Sep 16 '14 at 08:50
  • @Chris, yes, seems that way. Either way though, the steps you outlined in the answer is correct, and your comments correct for Curious' followup. – Chris Murray Sep 16 '14 at 08:51