How to save your password in the correct posture

How to save your password in the correct posture
Summary

In the past few years, many websites have been deprecated, leading to the leakage of plain text passwords of many users. This article does not discuss the pants removal technology, but focuses on how to properly (as secure as possible) Save the user password.

Hash

It should be the consensus that "encrypt plaintext before saving the Database. This process should be irreversible (the original text cannot be obtained through the encrypted string), so the more appropriate name for this "encryption" process is-Hash:

Hash, which is usually translated as "Hash" and is also directly translated as "Hash. The input of any length is converted to a fixed-length output by means of the hash algorithm. The output is the hash value. This type of conversion is a compression ing, that is, the space of hash values is usually much smaller than the input space, and different inputs may be hashed into the same output, therefore, it is impossible to uniquely determine the input value from the hash value. Simply put, a function compresses messages of any length to a fixed-length message digest.

Our common Hash algorithms are MD5 and SHA. In many cases, we use one of them to encrypt user passwords. The above two types of hash algorithms are mainly used to verify the file/digital signature, but are not suitable for protecting the user password. Although it seems to have played a certain security protection effect for us, but in fact the effect is very poor, especially MD5, the collision value can be found in seconds.

Add salt

As we mentioned above, it is not the correct position to directly hash the user's plaintext and save it. After adding salt?

Let's take a look at the problem solved by adding salt: If the passwords of the two users are the same, the hash value is also the same. Attackers can easily crack the original text by using the lookup table method and it is a matter of fact. Because attackers do not know the user's face values and hash algorithms, they are unlikely to crack them.

Adding salt is indeed the correct idea, provided that:

• The length of the salt cannot be too short. The salt value must be updated when the password is updated randomly.

  In addition, the algorithm used after adding salt is very important, but this is precisely what everyone has not done.

  Salt hashing

  Let's make a conclusion:

  • Do not use self-designed algorithms (such as sha1 (sha1 (password + salt), sha1 (md5 (salt) + md5 (password), and so on) parameters ($ 2y $, $5 $, $6 $) of the security algorithm to use the crypt function ). * The nix system uses crypt to protect user passwords. We should use this time-tested posture.

    Example of golang code:

    Package main import ("fmt" "github.com/kless/osutil/user/crypt/sha512_crypt") func main () {// 1. hash string c: = sha512_crypt.New () hash, _: = c. generate ([] byte ("secret"), nil) // The second parameter is salt. If it is set to nil, the salt fmt is automatically generated. println (hash) // 2. save the hash to the database //.... // 3. user login verification userInput: = "secret" inputHash, _: = c. generate ([] byte (userInput), [] byte (hash) // The first parameter is the password entered by the user, the second parameter is the hash string retrieved from the database if inputHash = hash {fmt. println ("Logon successful")} else {fmt. println ("Logon Failed ")}}

    Output Format:

    $6 $ P0pVrLOL89I7Y4. Y $ login. mpGE7dn5. nmxxb9RWkM8o/rNNJCxs3mLKsB5Xl. logon successful

     

    To understand the verification principles in step 1, you must first know the salt format. In the preceding example, we did not specify the salt, but used the auto-generated hash string. The generated hash string also contains the salt value, that is, $6 $ P0pVrLOL89I7Y4. Y $.

     

    Let's specify salt and then call the function to make it clearer:

    hash, _ := c.Generate([]byte("secret"), []byte("$6$rounds=5000$saltstr"))

    Output:

    $6$rounds=5000$saltstr$SH73gRYn1O7I/XTiq3AjDklhcqGvJ9vp65/TuFq2vQOoJEaejlTvsXOfy3dBpHju9v0Vi.VOcFh.79yy/kksl1

    • $6: The crypt algorithm is SHA512 $ rounds = 5000: 5000 iterations are specified. $ saltstr: salt value

      That is to say, the salt parameter actually defines the algorithm and the salt value.

      Return to the logon verification example. In Step 1, we can use the password entered by the user and the hash retrieved from the database as the salt encryption, in fact, the hash extracted from the database only uses salt in this function. Therefore, if the password entered by the user is correct, the calculation result will be consistent with the persistent hash.

      Reference
      • Most of the content mentioned in this article is described in detail. We recommend that you read PHP: crypt-Manual A golang password hashing library.