Comments on: Securely store passwords with bcrypt-ruby; now compatible with JRuby and Ruby 1.9 http://blog.phusion.nl/2009/08/13/securely-store-passwords-with-bcrypt-ruby-now-compatible-with-jruby-and-ruby-1-9/ Fri, 12 Mar 2010 16:01:53 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Luca http://blog.phusion.nl/2009/08/13/securely-store-passwords-with-bcrypt-ruby-now-compatible-with-jruby-and-ruby-1-9/comment-page-1/#comment-16052 Luca Tue, 09 Feb 2010 14:07:50 +0000 http://blog.phusion.nl/?p=316#comment-16052 An easier way (and most likely safer), would just to be hand off the authentication to someone else. Use OpenID! An easier way (and most likely safer), would just to be hand off the authentication to someone else. Use OpenID!

]]> By: Caffeine Driven Development » Blog Archive » L33t Links #2 http://blog.phusion.nl/2009/08/13/securely-store-passwords-with-bcrypt-ruby-now-compatible-with-jruby-and-ruby-1-9/comment-page-1/#comment-9832 Caffeine Driven Development » Blog Archive » L33t Links #2 Thu, 03 Sep 2009 07:22:59 +0000 http://blog.phusion.nl/?p=316#comment-9832 [...] How to securely store passwords (using bcrypt-ruby) [...] [...] How to securely store passwords (using bcrypt-ruby) [...]

]]> By: Ian http://blog.phusion.nl/2009/08/13/securely-store-passwords-with-bcrypt-ruby-now-compatible-with-jruby-and-ruby-1-9/comment-page-1/#comment-9807 Ian Wed, 02 Sep 2009 15:58:26 +0000 http://blog.phusion.nl/?p=316#comment-9807 You should think about how the hacker would recreate the hashes not about bruteforcing. As bcrypt is open source and if your hacker had a very large dictionary word or known password list, how hard would it be for him to make a bcrypt version of his list and look for matches? Good salt for sure is always needed no matter what the crypto when you look at this type of attack method. As really the salt is the only strength no matter what algorithm. You should think about how the hacker would recreate the hashes not about bruteforcing. As bcrypt is open source and if your hacker had a very large dictionary word or known password list, how hard would it be for him to make a bcrypt version of his list and look for matches?

Good salt for sure is always needed no matter what the crypto when you look at this type of attack method. As really the salt is the only strength no matter what algorithm.

]]> By: Ruby on Rails: 9 Articles on Rails Authentication http://blog.phusion.nl/2009/08/13/securely-store-passwords-with-bcrypt-ruby-now-compatible-with-jruby-and-ruby-1-9/comment-page-1/#comment-9502 Ruby on Rails: 9 Articles on Rails Authentication Thu, 27 Aug 2009 04:39:43 +0000 http://blog.phusion.nl/?p=316#comment-9502 [...] 3. Securely store passwords with bcrypt-ruby; now compatible with JRuby and Ruby 1.9 [...] [...] 3. Securely store passwords with bcrypt-ruby; now compatible with JRuby and Ruby 1.9 [...]

]]> By: Josh http://blog.phusion.nl/2009/08/13/securely-store-passwords-with-bcrypt-ruby-now-compatible-with-jruby-and-ruby-1-9/comment-page-1/#comment-9241 Josh Wed, 19 Aug 2009 17:25:54 +0000 http://blog.phusion.nl/?p=316#comment-9241 I would simply like to say thanks. Phusion has done so much to help the Ruby community and we are all very grateful. I would simply like to say thanks. Phusion has done so much to help the Ruby community and we are all very grateful.

]]> By: Double Shot #519 « A Fresh Cup http://blog.phusion.nl/2009/08/13/securely-store-passwords-with-bcrypt-ruby-now-compatible-with-jruby-and-ruby-1-9/comment-page-1/#comment-9178 Double Shot #519 « A Fresh Cup Mon, 17 Aug 2009 10:14:04 +0000 http://blog.phusion.nl/?p=316#comment-9178 [...] Securely store passwords with bcrypt-ruby; now compatible with JRuby and Ruby 1.9 – Thanks to Phusion. [...] [...] Securely store passwords with bcrypt-ruby; now compatible with JRuby and Ruby 1.9 – Thanks to Phusion. [...]

]]> By: Rory McCune http://blog.phusion.nl/2009/08/13/securely-store-passwords-with-bcrypt-ruby-now-compatible-with-jruby-and-ruby-1-9/comment-page-1/#comment-9169 Rory McCune Sun, 16 Aug 2009 20:37:24 +0000 http://blog.phusion.nl/?p=316#comment-9169 A couple of points on your article... - The goal of a salted hash is to protect against offline brute-force attacks (attacker has access to the database and the hashes). It's worth noting that the ideally the salt should be different per user. Otherwise the attacker can generate a set of rainbow tables for that combination (@hash + word) for a dictionary, relatively easily. With per-user hashing they need to start from scratch for each user (so no point in creating a rainbow table as it's no faster than a straight brute-force) Also the length of the hash doesn't (IMO) increase the time required to create the rainbow table (assuming that the attacker has access to the hash, which if they've got access to the database is a reasonable assumption). - Also on the point of password strength, it's worth noting that if people choose simple dictionary words for passwords then no matter how slow the algorithm you choose, if the attacker just has to create ~50,000 hashes (a typical large password dictionary) then they'll be able to do that... One option might be to provide some advice to users about creating mnemonic passwords as a good route to create easy to remember passwords that aren't going to fall to a dictionary attack. A couple of points on your article…

– The goal of a salted hash is to protect against offline brute-force attacks (attacker has access to the database and the hashes). It’s worth noting that the ideally the salt should be different per user. Otherwise the attacker can generate a set of rainbow tables for that combination (@hash + word) for a dictionary, relatively easily. With per-user hashing they need to start from scratch for each user (so no point in creating a rainbow table as it’s no faster than a straight brute-force)

Also the length of the hash doesn’t (IMO) increase the time required to create the rainbow table (assuming that the attacker has access to the hash, which if they’ve got access to the database is a reasonable assumption).

– Also on the point of password strength, it’s worth noting that if people choose simple dictionary words for passwords then no matter how slow the algorithm you choose, if the attacker just has to create ~50,000 hashes (a typical large password dictionary) then they’ll be able to do that… One option might be to provide some advice to users about creating mnemonic passwords as a good route to create easy to remember passwords that aren’t going to fall to a dictionary attack.

]]> By: hongli http://blog.phusion.nl/2009/08/13/securely-store-passwords-with-bcrypt-ruby-now-compatible-with-jruby-and-ruby-1-9/comment-page-1/#comment-9131 hongli Fri, 14 Aug 2009 16:48:31 +0000 http://blog.phusion.nl/?p=316#comment-9131 @Randy: I don't think forcing a password strength will work. Some people are lazy, or just not in the mood of coming up with a good password, or whatever. If you make the registration process harder by enforcing a password strength you may lose users. In the end I think users themselves are responsible for their password's strength. @Randy: I don’t think forcing a password strength will work. Some people are lazy, or just not in the mood of coming up with a good password, or whatever. If you make the registration process harder by enforcing a password strength you may lose users. In the end I think users themselves are responsible for their password’s strength.

]]> By: Randy Bias http://blog.phusion.nl/2009/08/13/securely-store-passwords-with-bcrypt-ruby-now-compatible-with-jruby-and-ruby-1-9/comment-page-1/#comment-9130 Randy Bias Fri, 14 Aug 2009 16:40:08 +0000 http://blog.phusion.nl/?p=316#comment-9130 Why are you letting your end users provide trivially guessable dictionary words for passwords? That doesn't make any sense at all. You will probably get more mileage from simply enforcing semi-sane password picking behavior. Why are you letting your end users provide trivially guessable dictionary words for passwords? That doesn’t make any sense at all. You will probably get more mileage from simply enforcing semi-sane password picking behavior.

]]> By: hongli http://blog.phusion.nl/2009/08/13/securely-store-passwords-with-bcrypt-ruby-now-compatible-with-jruby-and-ruby-1-9/comment-page-1/#comment-9129 hongli Fri, 14 Aug 2009 16:36:58 +0000 http://blog.phusion.nl/?p=316#comment-9129 @jeff: someone already answered this for you on Reddit: <blockquote>If an attacker gets hold of your database, he can use a modest GPU to crack SHA1 at about 70 million hashes per second. I'm not aware of any GPU bcrypt crackers; he might manage a few hundred per second with the same resources, and even if he has an FPGA to play with he's not going to do much better than that. Sure, you can make the login delays fake, but why deliberately pick the solution that's a million times weaker for a similar amount of implementation effort? scrypt is an even more secure alternative, since it's not just processing-hard, but memory-hard, thus eating up even more gates on an FPGA and limiting possible concurrency on a GPU (if you can even implement it there).</blockquote> @Dan: That's assuming there are no weaknesses in SHA-1 to exploit. In practice there are, and the exploits will probably become better over time. @jeff: someone already answered this for you on Reddit:

If an attacker gets hold of your database, he can use a modest GPU to crack SHA1 at about 70 million hashes per second. I’m not aware of any GPU bcrypt crackers; he might manage a few hundred per second with the same resources, and even if he has an FPGA to play with he’s not going to do much better than that.

Sure, you can make the login delays fake, but why deliberately pick the solution that’s a million times weaker for a similar amount of implementation effort?

scrypt is an even more secure alternative, since it’s not just processing-hard, but memory-hard, thus eating up even more gates on an FPGA and limiting possible concurrency on a GPU (if you can even implement it there).

@Dan: That’s assuming there are no weaknesses in SHA-1 to exploit. In practice there are, and the exploits will probably become better over time.

]]>