WebAppSec/Secure Coding Guidelines: Difference between revisions

Jump to navigation Jump to search

WebAppSec/Secure Coding Guidelines (view source)

Revision as of 09:59, 12 October 2011

340 bytes removed ,  12 October 2011
Using HMAC + bcrypt has absolutely zero advantage over using plain bcrypt. In fact, it's as stupid as hashing a hash. HMAC is meant for weak algorithms such as the SHA family.
(Using HMAC + bcrypt has absolutely zero advantage over using plain bcrypt. In fact, it's as stupid as hashing a hash. HMAC is meant for weak algorithms such as the SHA family.)
Line 73: Line 73:


===Password Storage===
===Password Storage===
Separate from the password policy, we should have the following standards when it comes to storing passwords:
* Passwords stored in a database should using the hmac+bcrypt function.


The purpose of hmac and bcrypt storage is as follows:
Passwords stored in a database should use [https://en.wikipedia.org/wiki/Bcrypt
* bcrypt provides a hashing mechanism which can be configured to consume sufficient time to prevent brute forcing of hash values even with many computers
bcrypt].Bcrypt is a hashing algorithm designer to keep up with Moore's law.
* bcrypt can be easily adjusted at any time to increase the amount of work and thus provide protection against more powerful systems
General hashing algorithms such as SHA512 can be used to generate hashes very
* The nonce for the hmac value is designed to be stored on the file system and not in the databases storing the password hashes. In the event of a compromise of hash values due to SQL injection, the nonce will still be an unknown value since it would not be compromised from the file system. This significantly increases the complexity of brute forcing the compromised hashes considering both bcrypt and a large unknown nonce value
fast depending on the hardware used. If computer B is 10 times faster than
* The hmac operation is simply used as a secondary defense in the event there is a design weakness with bcrypt that could leak information about the password or aid an attacker
computer A then a SHA512 hash will be generated 10 times faster on computer B
than on computer A. With bcrypt this isn't the case as it introduces a cost
factor. Using this cost factor you can specify how long it should take to
generate a hash regardless of how powerful a computer is.


A sample of this code is here: https://github.com/fwenzel/django-sha2
There are quite a few resources available on the internet on Bcrypt, below are
a few ones that I consider worth reading:
 
* http://codahale.com/how-to-safely-store-a-password/
* http://yorickpeterse.com/articles/use-bcrypt-fool/
* https://en.wikipedia.org/wiki/Bcrypt


==== Old Password Hashes ====
==== Old Password Hashes ====
Retrieved from "https://wiki.allizom.org/Special:MobileDiff/357366"

Navigation menu