Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

In the most likely implementation of reversably encrypted passwords, an attacker who gets read control of the database can trivially brute-force passwords. Encryption isn't magic.

But in the meantime, I'm curious about what web-based attacks relevant to password storage reversably encrypted passwords protect against. Were you thinking SQLI? Because I do not believe this to be the case.

Don't store reversably encrypted passwords.



Let's assume I store base64 encoded versions of encrypted passwords in my database. The key is 128 random bits in a file in the filesystem. How does sqli get you anything useful? Why do you not believe that's "safe"? (let's ignore other attacks or better solutions. Just sqli)

Update: from other posts, I'm guessing you're assuming that anyone with sqli has other problems too, and that's why you don't think it's safe from sqli?


I'm not going to answer this, because I don't want to deal with the 15 counterfactuals someone else is going to come up with for how they'd deal with the way I'd implement this attack (now that they've heard one way to do it). I think you should take my word for it.


Oh well, I had to ask.


I just want to underlay a point here that the previous poster may not have made explicit, i can give you 20 attacks, and you can most definitely think of 20 different ways to prevent whatever it is i'm talking about, the point is, you do not know what i'm going to do in advance as an attacker. Thats why hashed passwords are an important element of security, sure in a theoretically perfectly secure system, it does not matter at all, the problem is, you are not smart enough to get it perfectly right, nobody is, that's why you have the safest "failure modes" you can practically muster.


It's not personal. Sorry!


It's vulnerable to a known-plaintext attack. Eg, you have an account on the system, so you know your own password. You can encrypt your password with different keys until it matches the stored, encrypted version. Then you know the master key.

Edit: Of course you did say 128 bits, which is pretty good. But if you do manage to break it, you do have the master key, which can't happen with hashed passwords.


That's a good idea, but nobody who actually knows how to generate an AES key will be vulnerable to it.


[deleted]


I don't see how rainbow tables are relevant. How would you use a rainbow table to crack passwords encrypted with an unknown key?


You couldn't. It's not possible. If you don't know, then it's not possible to pre-compute. Many people fail to understand that. Rainbow tables (while sounding magical, are not).

Edit: But they are great for standard unsalted hashes. md4, md5, sha1, sha512, etc.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: