3

When I choose password encryption, I have found that Rijndael algorithm is one of the best encryption which cannot be cracked through brute force attack.

So I have choosen Rijndael algorithm for user's password encryption.

Now I have identified that, hashing (Irreversible) is more secure than encryption (Reversible) [Please correct me if I am wrong]

Here my question is,

  1. Can I go with the existing implementation Rijndael algorithm
  2. If I should not do encryption, Which one should be a best hashing algorithm.

I have referred the following website when implementing Rijndael algorithm.

http://msdn.microsoft.com/en-us/library/system.security.cryptography.rijndael(v=vs.110).aspx

How to generate Rijndael KEY and IV using a passphrase?

http://www.obviex.com/samples/encryption.aspx

Community
  • 1
  • 1
Jeeva J
  • 3,173
  • 10
  • 38
  • 85
  • 4
    I'm voting to close this question as off-topic because this was discussed at length on [security.se]: [How to securely hash passwords?](http://security.stackexchange.com/q/211/45523) and [Is AES encrypting a password with itself more secure than SHA1?](http://security.stackexchange.com/q/10476/45523) and [Do any security experts recommend bcrypt for password storage?](http://security.stackexchange.com/q/4781/45523) – Artjom B. Jun 20 '16 at 11:32
  • Putting password hashing aside, the sources you linked don't describe secure encryption. – CodesInChaos Jun 21 '16 at 14:13
  • while it is probably possible to implement something safe by abusing Rijndael as a hash, don't roll your own methods, use something that doesn't store the password at all, like a pbkdf or scrypt – dandavis Jun 24 '16 at 08:00

2 Answers2

4

OWASP lists some good practices for password storage.

You basically apply a protection_function to convert the credential to a protected form: [protected form] = [salt] + protect([protection func], [salt] + [credential]);

You also add a salt so two versions of the same credential have a different stored form.

They also list the order in which you should choose hashing functions (yes, hashing is better than encrypting so that the password cannot be reverse engineered, even by the website owner). Argon2 and PBKDF are generally good choices for a protection_function.

Read the rest of the guide too. Also this related Security SE post about why AES (i.e. Rijndael) encrypted password storage is worse than even a not-so-strong hash (@Salvador's comment).

Community
  • 1
  • 1
Jedi
  • 3,088
  • 2
  • 28
  • 47
  • How is your answer related to his question? He asked about Rijindael algorithm and you just gave him owasp link. – Salvador Dali Jun 20 '16 at 06:37
  • 2
    @SalvadorDali OP said: `If I should not do encryption, Which one should be a best hashing algorithm`. OP should not use encryption, OP should hash and OP should use the best practices which I have sourced. – Jedi Jun 20 '16 at 09:22
3

The problem with encryption is, that when an attacker get the key, he can decrypt all passwords of the database in no time, and therefore knows the original passwords which can be tried on other sites.

Since hashing is irreversible (there is no way to get back the original password), an attacker cannot use the hashes, even if he has control over the server. The same goes for the owner of the site.

Today recommended algorithms are BCrypt, PBKDF2 and SCrypt, all of them have a cost factor which controls the necessary time to calculate a single hash. The longer it needs, the more difficult it will be to brute-force.

martinstoeckli
  • 23,430
  • 6
  • 56
  • 87