1

In a web application I am reading some bytes from /dev/urandom to get a random salt for hashing the passwords.

Is it good to base64 the salt before hashing? Because base64 encoding sometimes appends some = at the end, which could then result in a known plaintext attack. But it may be no problem, because the salt is nevertheless stored in db, or am I wrong?

Does this have an effect on the security of the application?

Hendrik
  • 131
  • 1
  • 10

4 Answers4

2

It depends on the used hash algorithm, which alphabet of characters is accepted as salt. BCrypt for example will accept following characters, which is nearly but not exactly the same as a base64 encoded text: ./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz.

A known plain text attack is no problem here, since we do not encrypt anything, especially not the salt.

martinstoeckli
  • 23,430
  • 6
  • 56
  • 87
  • I think I was using sha512. – Hendrik Dec 21 '14 at 22:46
  • Sha512 accepts every type of salt, even a binary string. As others already mentioned SHA512 is not appropriate for hashing passwords because it is ways too fast, instead one should use an algorithm like BCrypt or PBKDF2 with a cost factor. – martinstoeckli Dec 22 '14 at 10:36
2

For the most part, probably not. Your salt has to be known in order to decrypt the password, so we can assume that any attacker will be able to gain both the hashed password and the salt used. All that your salt is now protecting against is rainbow table-based attacks and increasing the amount of work (since each plaintext now needs to be hashed n times instead of once to compare against n passwords).

As long as your salt is of a reasonable length, you're probably fine.

slugonamission
  • 9,562
  • 1
  • 34
  • 41
2

No it's not secure.

You shouldn't use any hash function for user passwords. Instead you should use a password-based key derivation function such as PBKDF2 or scrypt with an appropriate number of iterations so as to slow down hashing, which mitigates the risk of bruteforce attacks.

What's the difference between a Key Derivation Function and a Password-Hash?

If you are using PHP for your web application:

Do I need base64 encode my salt (for hashing passwords)?

Secure hash and salt for PHP passwords

Community
  • 1
  • 1
gj13
  • 1,314
  • 9
  • 23
  • Very often people do not know the difference between encryption and hashing, so telling them not to use a hash for passwords may be confusing. The PBKDF2 is commonly refered to as hash algorithm, internally it uses SHA-* after all. – martinstoeckli Dec 22 '14 at 09:55
1

The purpose of a salt is to make sure that each password is stored differently. i.e. so if two people use the same password, the storage of the two passwords is not identical. This protects against rainbow and hashtable attacks if an attacker manages to extract the password table data.

Although there is no reason to Base64 it - the hash should be a sequence of bytes rather than ASCII text - this should not affect the security of your hashed passwords. Yes, there are limited byte sequences that will be used (just ones that represent valid ASCII characters), however your hash will be longer and it is representing the same range of possible values.

SilverlightFox
  • 32,436
  • 11
  • 76
  • 145