[Cryptography] [PHC] Re: The proper way to hash password files

[Phillip Hallam-Baker]

On Mon, May 26, 2014 at 5:13 PM, Hongjun Wu <wuhongjun at gmail.com> wrote:
> I think that a general way to protect password file is to hash passwords
> (like the Password Hashing competition).
>
> But a strong way to protect passwords is to use MAC (much more secure than
> using hash if the MAC operation is done in a separate hardware chip).  I
> have talked about the advantage of using MAC to protect password web
> authentication in my first post in the PHC discussion forum.  My idea is
> similar to that of Phillip Hallam-Baker, except that I think a salt is still
> useful even when MAC is used.

The salt does not affect the difficulty of a brute force attack without a key.

It does however prevent the attacker who knows that they can steal the
password file from using the hashing device as an oracle. One can
imagine an attack where someone creates 1 million accounts with the
top million password values.

Even with a captcha in place, at the current rate of a cent per capcha
solution, thats only $10K to get the passwords entered (though
creating a million accounts from one IP address is still a challenge.

So there is a value to having a salt and it is cheap. But the system
depends on it to a much lesser degree which is a good thing.


If Hongjun or someone can forward a link to the email, I'm happy to
credit them. Though I somewhat suspect that there are earlier claims.

At this point a more important step would be to write a protocol that
allows us to talk to a network based HSM password checker.