[Cryptography] Zero Knowledge: Have I Been Pwned?
Kevin W. Wall
kevin.w.wall at gmail.com
Mon Sep 11 12:42:32 EDT 2017
On Sun, Sep 10, 2017 at 7:06 PM, Barney Wolff <barney at databus.com> wrote:
> On Sun, Sep 10, 2017 at 11:25:30AM -0700, Henry Baker wrote:
>> I also don't think that it is safe to type a SHA1 hash of a password into the HIBP either. Why? Because the database contains the complete list of pairs (password,SHA1(password)), so inverting these particular hashes is trivial, so this is equivalent to simply typing in the unhashed password.
>
> I don't understand your concern with typing the SHA1 hash. If you get a hit you are going to change the password and never use it again. If you don't get a hit what can an attacker do with the hash? Is there any system so stupid as to store passwords as unsalted SHA1 hashes?
The answer to Barney's last question "is there any system so stupid as
to store passwords unsalted SHA1 hashes" is unfortunately, an
unequivocal "yes". I do secure code reviews and find this a lot in
vendor code we examine, especially in leftover legacy code. It gets
cited and eventually is remediated, but it is more prevalent than it
should be.
-kevin
--
Blog: http://off-the-wall-security.blogspot.com/ | Twitter: @KevinWWall
NSA: All your crypto bit are belong to us.
More information about the cryptography
mailing list