[Cryptography] The proper way to hash password files

[Jerry Leichter]

On May 22, 2014, at 3:06 PM, Hanno Böck <hanno at hboeck.de> wrote:
>> It occurs to me that most of the time, machines do password files
>> wrong. Rather than using a salted hash, a better approach would be to
>> use a MAC with a randomly chosen key that is never disclosed.
> 
> And now how do you guarantee that the key is never disclosed? I mean if
> you can do that you can also just make sure the password database gets
> never disclosed.
> 
> This is the whole point I find annoying about the whole password
> hashing / saving debate: Basically, when your database gets stolen
> that's one of the worst things that can happen. And no amount of
> intelligent storage of passwords will change that.
I'll repeat my (only partially facetious) suggestion:  Require that any company that maintains a password database have entries for pseudo-accounts with fixed, known names like "CEO Bank Account Password" and "CSO Retirement Account Password" contained the hashes - using exactly the same algorithm as used for the rest of the database - of that banking information.  If having the database stolen is going to be bad for all the customers, make sure it's *really, really, really bad* for those in a position to approve or reject efforts to make sure it's kept secure.
                                                        -- Jerry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140522/60b17a09/attachment.bin>