Talking about the security of password storage

Objective

User information leaked events, Baidu or Google input "password leaked", search out the leak door is let people stunned: from small companies to large companies, from plaintext storage to ordinary hash encryption. As an IT practitioner, I have a deep sense of "the user has the world", especially in the Internet + prevailing trend. As an integral part of the software service system infrastructure, password storage is being paid more and more attention by developers. For a service, if the information security part of the problem, I think there is no need to further improve the user experience, performance optimization. In turn, it is impossible to gain the favor of big users. Or that sentence: Out of the mix, sooner or later.

I am not a cryptography born, this article is not used to describe the various cryptographic algorithms themselves. The purpose of writing this article, combined with the first-hand experience of a large-scale password-encrypted migration in the work project, mainly introduces some common methods of password storage in software development.

1. User Information authentication

There is a system where the user information authentication services. User information authentication has also experienced the beginning of each system to provide its own user information authentication, to multiple systems using unified user information authentication (such as LDAP), and then to the current more popular third-party licensing certification (such as OAuth 2.0 authorized Open Network standards).

Authentication of user information an end-to-end process, from a security point of view, is an end-to-end security authentication process:

• Front-end user information input security: such as password length requirements, special character combination requirements, recent similarity matching requirements, etc.

• Transmission End user Information security: such as the HTTPS transmission process will use symmetric encryption, asymmetric encryption and hashing algorithms and other means to ensure that the data is safe to transmit as much as possible

• Back-end user information storage security: such as user password in the backend database using MD5, SHA1, SHA256, Bcrypt and other storage

This paper discusses the security of sensitive information password in "Back-end user information storage security".

2. Password encryption
2.1 Hashing algorithm

Some of the commonly used algorithms for cryptographic encryption include MD5, SHA1, SHA256, SHA512, and so on. These cryptographic algorithms have an irreversible character (cannot be reversed from the ciphertext) and have idempotent (the same value is obtained by the same plaintext multiple hashes). Small changes in input produce completely dissimilar ciphertext. The algorithm is computationally fast. In some typical password breaches, we have found that many of these algorithms are used to encrypt passwords. Hackers often use a dictionary or brute force method to crack.

The cryptographic processing of a single hashing algorithm is relatively simple, and some systems use multiple hashes: such as MD5 (SHA1 (password) +md5 (password)).

2.2 Add salt (salt)

What is salt?

Salt is a randomly generated string. Because the above hashing algorithm is too simple for password plaintext processing. It then adds salt to the cipher plaintext and then processes it with a hashing algorithm. Salt can be loaded in the front or back of the plaintext, or in a different position based on a certain algorithm in clear text. Because the user's password is treated with a randomly generated salt, the same plaintext also produces different ciphertext. From the point of view of hacker attack, further increase the difficulty of cracking.

How is salt stored?

For salt-added hashing algorithms, salt is also stored as a field in the data table. And for a better security algorithm, salt can also be hidden in the ciphertext, such as Bcrypt.

3. Password decoding

In the 2 chapters, we learned that in general, password encryption consists of two parts: encryption algorithm and salt. And for password deciphering, the commonly used methods are:

• Dictionary method: Create a password plaintext dictionary for the plaintext password in the dictionary one by one matches

• Brute force law: exhaustive password for a certain length

• Tabular method: Establish the Password Mievenhahi table, and then the table Chamivan

• Reverse Table method: Hash Different password plaintext, matching the user with the password plaintext

• ...

For an in-depth understanding of these commonly used deciphering methods, please refer to: https://crackstation.net/hashing-security.htm

In fact, no matter what method to encrypt the password, in a long enough time, can be deciphered. Therefore, the password is stored securely and is only relatively secure. The cost of security is performance.

Let's look at an example (from online data):

Suppose the password consists of lowercase letters and numbers. For a password with a length of 6 with MD5 encryption, depending on the computing performance of the computer, the use of brute force is usually between a few seconds and a few 10 seconds. But if you use Bcrypt (work factor set to 12) encryption, the use of brute force will take about 12 years.

Here, we can see, why password encryption strongly recommend the use of Bcrypt, encryption algorithm is not slow unpleasant (can be adjusted by factor), if the use of the above password decoding method to decipher, it takes time to pay. relatively safe. and the ordinary hashing algorithm, the encryption speed is too fast. For a computer with a modern computing power, a simple password can be very easy to brute force.

4. Password migration process

In this case, the migration of the cipher algorithm refers to the migration from one existing cipher encryption algorithm to another cipher encryption algorithm for the online system.

The password migration process, combining with the actual project, introduces a method of password migration, which is suitable for: for an already large online system, the password store uses a relatively less secure salt-adding hashing algorithm. The need now is to change the password storage strategy to a relatively more secure Bcrypt algorithm.

• Data table pre-processing: We will add two fields (such as Hashfunc, Bcrypthash) to the ciphertext data sheet, respectively, to represent the encryption algorithm type and encrypted ciphertext, note that the original ciphertext in the table is stored as a field passwordhash.

• Old user processing: The first round we will do a round of online data sheet migration, the old user's passwordhash migration to Bcrypthash. The method of migration can be done with bcrypt (PasswordHash) because we do not know the plaintext of the password. Can only rely on ciphertext further encryption to fill the Bcrypthash.

• New user and update user processing: For components that can create users, update user information, and verify user information, changes are required. For new user creation and update, Bcrypthash is populated directly by Bcrypt (password). The user information verification aspect, according to the Hashfunc category, carries on the corresponding calculation.

• Data Sheet post-processing: Finally, we will do another round of the data table migration, the no longer need to delete the field PasswordHash.

The entire migration process is not complex, the difficulty lies in the process control, in addition to the database itself, with the user information processing components may also have to do the corresponding processing. Throughout the migration process, we need to ensure that at any stage, for old users, new users, users who update passwords can work correctly.

Summarize

This paper discusses some common sense in the security of password storage. It is because the security of password storage is relative, so what algorithm encryption we take in the actual project should be based on actual needs, relative security is built on performance.

Talking about the security of password storage