Friday, January 3, 2014

Why a little bit of salt is not a bad thing ( password )

In most unixes OS, you have seen a shadow password file, and you should know that it contains a user password  that's been hashed. But do you understand the salt+hash structure of the password ? and why do we salt our passwords to begin ?

Okay 1st let's look at a crypt hash that you might find in a typical unix shadow or master  password file;


Okay that  looks cryptic right?

It's actually a very cool strategy, the 1st  characters tells us it's a md5 hash ( $1$ ) and the next  following of jumble up characters between the $ $  is the full salt , and next set of characters upto the : is the hash password provided by the user.

e.g   wKJP1DyH    +      JeCAcEgSnVlD0k3.AMg.0 (  salt+hash )

Okay so why do we salt the password ? isn't salt bad for you ?



Will for unix security,  it's actually the opposite. Salt is really good for you and a lot of it, is even better!

Okay this is  a simple snapshot of me  salting a user password with some random  salt. The password that's being salted and hash  == "mypassword" .

note: I'm using the common  openssl utility  for demostration. The salt is randomly generated by openssl.




Okay that was my  password salted 4 times using a random salt each time during the hash function.

You notice how the hash are not the same? Also the salt has changed? 

But guess what?  that's the same password in all 4  executions.

Okay why do we salt things when it comes to passwords?


  • A random salt makes a password less prune to a dictionary attack. Since the attacker would need to know the random salt that was used & for that password.
  • A salt also ensure that no two users, who happens to use the same password, would generate the same unique hashes in our shadow/master.passwd file
  • make any attacks that uses pre-hash-table ineffective ( e.g rainbow tables )
  • It makes our password security, more  enhanced
NOTE:  Please do NOT use "mypasswd" as a password :)


So if somebody where to use my password of "mypasswd", the hash would be different unless the random salt was the same ( very unlikely  ,  depending on the size of the salt..... I will explain later on )

A good security  consultant wil tell you; " that the salt should randomized,  and as big as the size of data your protecting, or even larger".  This way we ensure a complete random hash for any password combo.

For a live example, I've built the above into a script that dumps our salted password of "mypasswd" into a file.


Okay, let's  execute that script &  directed the  output to a file named  "formyblog". This file contains my salted password.  We will next use some basic unix tools to see if we have any matches;




Okay cool, out of  half million plus entries,  not one duplicate. Even tho, we hash the same old password of "mypasswd".

Now for some fun. We repeat the same, but this time with a smaller value for the salt & still use the same boring  password of;  "mypasswd".

( here's the script modified)



Now here's the final tally, take note of the lesser number of entries and the duplicates that was found due to the smaller random salt size. We barely  generated over 76K executions.



I hope this helps you to understand, "why we salt our passwords".



Ken Felix
Freelance Network / Security Engineer
kfelix  ----a---t---socpuppets ---d---o---t---com

     ^      ^
=(   ^  ^  )=
          o
       /     \

No comments:

Post a Comment