0

I was wondering if the next thing is possible:

When we use hash function to encrypt a login password the hash can't be decrypted to find the original password.

But is it possible to find that hash value and send it straight to the server, instead of entering a password that the hash function will encrypt to the hash value and then send it?

yoni0505
  • 349
  • 2
  • 4
  • 8
  • [Hashing and encrypting are not the same.](http://stackoverflow.com/q/326699/53114) – Gumbo Mar 03 '12 at 10:57
  • As a side note: You should use a salt, and a deliberately slow hash (bcrypt, pbkdf2, scrypt) and not a fast hash (sha-1/2/3, md5,...) – CodesInChaos Mar 03 '12 at 11:03
  • Your question is basically, whether the hash of a password can be used for authentication instead of the original password, right? – Gumbo Mar 03 '12 at 11:04

5 Answers5

3

When you receive a password on the server side, you will always have to apply the same hash function before comparing it with stored hashed passwords. Having said so, sending a hashed password to the server will have no effect as:

hash(hash(password)) != hash(password)

In other words, if this is your server-side password-checking function in pseudo-code:

function check(password) {
  return hash(password) == storedPassword;
}

And storedPassword was previously calculated as hash(password), then calling

check(storedPassword)

will always return false

Lukas Eder
  • 211,314
  • 129
  • 689
  • 1,509
1

See also http://en.wikipedia.org/wiki/Pass_the_hash for a technique that sends a hash value directly to a server.

Pifanjr
  • 11
  • 1
1

Not if you do server side hashing, which you should.

The server stored salt+hash(pass, salt) now if you send hash(pass, salt) the server calculates salt+hash(hash(pass, salt), salt) which is obviously not the same as salt+hash(pass, salt), and the login fails.

Your attack only works if you use a scheme where the hashing happens on the client side. i.e. you expect to send the hash to the server to "avoid sending the password in the clear". I've seen many beginners suggest such a scheme, but they suck for the reason you noticed.

CodesInChaos
  • 106,488
  • 23
  • 218
  • 262
0

Hash function does not really encrypt, it hashes. It is a one way function, meaning that, having a hash, we can not determine the input we used, to create the hash. As an example to understand (it really does not reflect reality of hashing, it is simplified)

Imagine function that removes every 3rd letter, and substitutes other letters to its succesors (a->b, b->c, z->a).

Imagine input

Hello World!

Then the output will be 

f('Hello World!') = IfmpXpme

As you see, letters 'l' ' ' 'r' '!' were removed. Now because they were removed, even knowing the function, you can not recreate input.

So the only way to get the input is to try all possible input strings.

So, hash can not be decrypted. Hash function is hashing, not enrypting. (well if we close eyes, hashing could be special case of enrypting...)

Jan Glaser
  • 364
  • 2
  • 14
0

My idea for the hash function bypass is to store a copy of the original file and have code that modifies the copy. make a hash of the original and then find a way to send that hash to the host effectively disguising the modified message as the original!