Hashing password to increase entropyClient side password hashingHashing length for storing passwordMD5 collision attacks: are they relevant in password hashing?Hashing a key: less entropy than the key itselfDoes it make sense to choose a longer password than the output of a hash?comparing password hashing algorithms - PoC ideas?Do you need more than 128-bit entropy?Is there a threshold of bits of entropy below which hashing becomes meaningless?Convert SHA-256 to SHA-1 and MD5 - Increase bit length/entropy?How do user get access to login when passwords are stored in MD5?Are passwords longer than 128 bits useless if hashed with MD5?

Does the Large evolution retroactively increase the cost of Ability Increase evolutions?

What is this type of notehead called?

Is there enough fresh water in the world to eradicate the drinking water crisis?

Are taller landing gear bad for aircraft, particulary large airliners?

Why is .bash_history periodically wiped?

Is camera lens focus an exact point or a range?

Generators of the mapping class group for surfaces with punctures and boundaries

Left multiplication is homeomorphism of topological groups

Why isn't KTEX's runway designation 10/28 instead of 9/27?

In Star Trek IV, why did the Bounty go back to a time when whales were already rare?

What linear sensor for a keyboard?

Fast sudoku solver

Would it be legal for a US State to ban exports of a natural resource?

Can an armblade require double attunement if it integrates a magic weapon that normally requires attunement?

How can "mimic phobia" be cured or prevented?

Indicating multiple different modes of speech (fantasy language or telepathy)

How to deal with loss of decision making power over a change?

Can an arcane focus boost spell attack or damage rolls?

Bob has never been a M before

The verb "to prioritize"

What is the term when two people sing in harmony, but they aren't singing the same notes?

NIntegrate: How can I solve this integral numerically? NIntegrate fails while Integrate works

What would you call a finite collection of unordered objects that are not necessarily distinct?

A social experiment. What is the worst that can happen?



Hashing password to increase entropy


Client side password hashingHashing length for storing passwordMD5 collision attacks: are they relevant in password hashing?Hashing a key: less entropy than the key itselfDoes it make sense to choose a longer password than the output of a hash?comparing password hashing algorithms - PoC ideas?Do you need more than 128-bit entropy?Is there a threshold of bits of entropy below which hashing becomes meaningless?Convert SHA-256 to SHA-1 and MD5 - Increase bit length/entropy?How do user get access to login when passwords are stored in MD5?Are passwords longer than 128 bits useless if hashed with MD5?













12















Is it secure to hash a password before using it in an application to increase password entropy?



Does this practice increase entropy when a PBKDF is used in the application itself or does the PBKDF itself increase the password entropy?



If a random password is hashed with md5 will the output provide a 128 bit entropy?



EDIT: It is meant to use the result of the hash function as a password for cryptographic functions and applications like AES-256, email and access to computer systems.



The procedure used will be password -> hash of password -> application



EDIT 2: E.g if an email application requests a password during registration, the intended password will be hashed locally before being provided to it.






passwords hash entropy







share|improve this question
























  • For what do you want to use it in your application?

    – Sjoerd
    Mar 19 at 8:00











  • i edited my question with more information on the application of the password

    – AXANO
    Mar 19 at 8:04











  • Do you mean Client side password hashing?

    – Sjoerd
    Mar 19 at 8:23






  • 10





    "If a random password is hashed with md5 will the output provide a 128 bit entropy?" - if the passwords consists of 8 random upper-case characters there are at most 26^8 possibilities which is far from 2^128. Putting some hash behind this will not magically add entropy since a hash is deterministic.

    – Steffen Ullrich
    Mar 19 at 8:24







  • 6





    Again, a hash is a deterministic algorithm. At most you will loose entropy with this (for example when using MD5 on a password with 10000 characters) but never have entropy added.

    – Steffen Ullrich
    Mar 19 at 8:27
















12















Is it secure to hash a password before using it in an application to increase password entropy?



Does this practice increase entropy when a PBKDF is used in the application itself or does the PBKDF itself increase the password entropy?



If a random password is hashed with md5 will the output provide a 128 bit entropy?



EDIT: It is meant to use the result of the hash function as a password for cryptographic functions and applications like AES-256, email and access to computer systems.



The procedure used will be password -> hash of password -> application



EDIT 2: E.g if an email application requests a password during registration, the intended password will be hashed locally before being provided to it.






passwords hash entropy







share|improve this question
























  • For what do you want to use it in your application?

    – Sjoerd
    Mar 19 at 8:00











  • i edited my question with more information on the application of the password

    – AXANO
    Mar 19 at 8:04











  • Do you mean Client side password hashing?

    – Sjoerd
    Mar 19 at 8:23






  • 10





    "If a random password is hashed with md5 will the output provide a 128 bit entropy?" - if the passwords consists of 8 random upper-case characters there are at most 26^8 possibilities which is far from 2^128. Putting some hash behind this will not magically add entropy since a hash is deterministic.

    – Steffen Ullrich
    Mar 19 at 8:24







  • 6





    Again, a hash is a deterministic algorithm. At most you will loose entropy with this (for example when using MD5 on a password with 10000 characters) but never have entropy added.

    – Steffen Ullrich
    Mar 19 at 8:27














12












12








12


1






Is it secure to hash a password before using it in an application to increase password entropy?



Does this practice increase entropy when a PBKDF is used in the application itself or does the PBKDF itself increase the password entropy?



If a random password is hashed with md5 will the output provide a 128 bit entropy?



EDIT: It is meant to use the result of the hash function as a password for cryptographic functions and applications like AES-256, email and access to computer systems.



The procedure used will be password -> hash of password -> application



EDIT 2: E.g if an email application requests a password during registration, the intended password will be hashed locally before being provided to it.






passwords hash entropy







share|improve this question
















Is it secure to hash a password before using it in an application to increase password entropy?



Does this practice increase entropy when a PBKDF is used in the application itself or does the PBKDF itself increase the password entropy?



If a random password is hashed with md5 will the output provide a 128 bit entropy?



EDIT: It is meant to use the result of the hash function as a password for cryptographic functions and applications like AES-256, email and access to computer systems.



The procedure used will be password -> hash of password -> application



EDIT 2: E.g if an email application requests a password during registration, the intended password will be hashed locally before being provided to it.






passwords hash entropy




passwords hash entropy






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Mar 19 at 8:45







AXANO

















asked Mar 19 at 7:56









AXANOAXANO

633520




633520












  • For what do you want to use it in your application?

    – Sjoerd
    Mar 19 at 8:00











  • i edited my question with more information on the application of the password

    – AXANO
    Mar 19 at 8:04











  • Do you mean Client side password hashing?

    – Sjoerd
    Mar 19 at 8:23






  • 10





    "If a random password is hashed with md5 will the output provide a 128 bit entropy?" - if the passwords consists of 8 random upper-case characters there are at most 26^8 possibilities which is far from 2^128. Putting some hash behind this will not magically add entropy since a hash is deterministic.

    – Steffen Ullrich
    Mar 19 at 8:24







  • 6





    Again, a hash is a deterministic algorithm. At most you will loose entropy with this (for example when using MD5 on a password with 10000 characters) but never have entropy added.

    – Steffen Ullrich
    Mar 19 at 8:27


















  • For what do you want to use it in your application?

    – Sjoerd
    Mar 19 at 8:00











  • i edited my question with more information on the application of the password

    – AXANO
    Mar 19 at 8:04











  • Do you mean Client side password hashing?

    – Sjoerd
    Mar 19 at 8:23






  • 10





    "If a random password is hashed with md5 will the output provide a 128 bit entropy?" - if the passwords consists of 8 random upper-case characters there are at most 26^8 possibilities which is far from 2^128. Putting some hash behind this will not magically add entropy since a hash is deterministic.

    – Steffen Ullrich
    Mar 19 at 8:24







  • 6





    Again, a hash is a deterministic algorithm. At most you will loose entropy with this (for example when using MD5 on a password with 10000 characters) but never have entropy added.

    – Steffen Ullrich
    Mar 19 at 8:27

















For what do you want to use it in your application?

– Sjoerd
Mar 19 at 8:00





For what do you want to use it in your application?

– Sjoerd
Mar 19 at 8:00













i edited my question with more information on the application of the password

– AXANO
Mar 19 at 8:04





i edited my question with more information on the application of the password

– AXANO
Mar 19 at 8:04













Do you mean Client side password hashing?

– Sjoerd
Mar 19 at 8:23





Do you mean Client side password hashing?

– Sjoerd
Mar 19 at 8:23




10




10





"If a random password is hashed with md5 will the output provide a 128 bit entropy?" - if the passwords consists of 8 random upper-case characters there are at most 26^8 possibilities which is far from 2^128. Putting some hash behind this will not magically add entropy since a hash is deterministic.

– Steffen Ullrich
Mar 19 at 8:24






"If a random password is hashed with md5 will the output provide a 128 bit entropy?" - if the passwords consists of 8 random upper-case characters there are at most 26^8 possibilities which is far from 2^128. Putting some hash behind this will not magically add entropy since a hash is deterministic.

– Steffen Ullrich
Mar 19 at 8:24





6




6





Again, a hash is a deterministic algorithm. At most you will loose entropy with this (for example when using MD5 on a password with 10000 characters) but never have entropy added.

– Steffen Ullrich
Mar 19 at 8:27






Again, a hash is a deterministic algorithm. At most you will loose entropy with this (for example when using MD5 on a password with 10000 characters) but never have entropy added.

– Steffen Ullrich
Mar 19 at 8:27











3 Answers
3






active

oldest

votes


















27














No, you don't increase entropy by hashing it once, or twice, or ten times. Consider entropy as it is seem from the input, not the output. You cannot add entropy using a deterministic process, as the entropy of the result does not count.



Even if you have some code like this:



$password = "123456";
$result = md5($password) . sha1($password) . hash('gost', $password);
echo $result; // e10adc3949ba59abbe56e057f20f
// 8941b84cdecc9c273927ff6d9cca1ae75945990a2cb1f
// 81e5daab52a987f6d788c372


And you end up with a scary looking 136-byte string, the password is still 123456, and any attacker bruteforcing your hashed password will have to try, on average, only once, as 123456 is the top worst password on almost every single list.




If a random password is hashed with md5 will the output provide a 128 bit entropy?




No, MD5 is deterministic, so if the attacker knows the string is a MD5 hash, the entropy of it is the entropy of the random password you supplied.



To make the password more secure, use a proper key derivation (PBKDF2 is a good one), ask the user for a longer password, and check if the user is following basic password rules (no chars repeated in a row, proper length, mixed digits and chars, mixed case, things like that).






share|improve this answer




















  • 1





    The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).

    – Serverfrog
    Mar 19 at 13:44







  • 1





    This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..

    – Monty Harder
    Mar 19 at 14:58






  • 7





    en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.

    – ThoriumBR
    Mar 19 at 15:03






  • 4





    "Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For example argon2(salt, password) . md5(salt, password) is as easy to brute force as md5(salt, password).

    – Future Security
    Mar 19 at 22:43






  • 3





    @ThoriumBR A good reason to forbid a list of common passwords, as opposed to trying to use arbitrary rules that cover them. ;)

    – jpmc26
    Mar 19 at 22:56



















4














A key derivation function will not increase the entropy, but it does make things more secure. A KDF has the following functions:



  • It creates a key of the correct length. Many encryption algorithms take a fixed size length, such as 16 bytes. By using a KDF you can use a password of any length.

  • It distributes the entropy of the password over the whole key. Encryption algorithms are meant to work with random-looking keys. If you use 1000000000000000 as key, this can introduce security issues in the encryption algorithm. A KDF scrambles the password into a random-looking key.

  • It takes time. To slow down brute-force attacks, key derivation can be made slow so that attempting many passwords takes an unreasonable amount of time.





share|improve this answer


















  • 1





    Nice answer but it does not cover the part concerning hashing prior to password usage

    – AXANO
    Mar 19 at 8:21











  • Your second point doesn't seem like a pertinent security point to me - a hash is just as likely to end up as 1000000000000000 by chance as it is to be CE8227D9AC87DD92 and I don't believe that a good encryption system is supposed to become any more transparent when using a uniform-looking key as opposed to a random-looking key.

    – thomasrutter
    Mar 20 at 2:16



















3














TL;DR



Hashing a Bad Password before sending it to some Server as Password is more time intensive, uncomfortable and less secure than a simple Password manager.



The Question seems to aim to misuse a Hashing Algorithm as a very simple Password Manager.



Use a real one or any real Password manager.



I will use your example to show why it will be a bad idea:



  • You have the not so "entropy-rich" password 1111111111111

  • it will have the hash 9DCBF642C78137F656BA7C24381AC25B

Now a Attacker get somehow a Database where the Passwords are in clear text (happend to often in the past). And why ever he will accidentally search there for hashes that have know plaintext (the not so "entropy-rich" password is one of it). Now he knows that the user with your username/email uses "1111111111111" and then MD5 it, as Password. What is then the benefit you have? One step more someone must take, but security wise there is no real difference.



Here the Difference what could happend in the Real World:



Your way:



ClearText -- MD5 --> HashedClearText -- sent to Server(HTTP(S))-->| |-- MD5/SHA*/... --> HashedHashedClearText



Normal Way:



ClearText -- sent to Server(HTTP(S)) -->| | -- MD5/SHA*/... --> HashedClearText






share|improve this answer























  • The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems

    – AXANO
    Mar 19 at 13:22











  • avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well

    – Serverfrog
    Mar 19 at 13:24











  • you can be forced to decrypt "portable secure devices"

    – AXANO
    Mar 19 at 13:29






  • 2





    as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)

    – Serverfrog
    Mar 19 at 13:33











Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f205680%2fhashing-password-to-increase-entropy%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























3 Answers
3






active

oldest

votes








3 Answers
3






active

oldest

votes









active

oldest

votes






active

oldest

votes









27














No, you don't increase entropy by hashing it once, or twice, or ten times. Consider entropy as it is seem from the input, not the output. You cannot add entropy using a deterministic process, as the entropy of the result does not count.



Even if you have some code like this:



$password = "123456";
$result = md5($password) . sha1($password) . hash('gost', $password);
echo $result; // e10adc3949ba59abbe56e057f20f
// 8941b84cdecc9c273927ff6d9cca1ae75945990a2cb1f
// 81e5daab52a987f6d788c372


And you end up with a scary looking 136-byte string, the password is still 123456, and any attacker bruteforcing your hashed password will have to try, on average, only once, as 123456 is the top worst password on almost every single list.




If a random password is hashed with md5 will the output provide a 128 bit entropy?




No, MD5 is deterministic, so if the attacker knows the string is a MD5 hash, the entropy of it is the entropy of the random password you supplied.



To make the password more secure, use a proper key derivation (PBKDF2 is a good one), ask the user for a longer password, and check if the user is following basic password rules (no chars repeated in a row, proper length, mixed digits and chars, mixed case, things like that).






share|improve this answer




















  • 1





    The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).

    – Serverfrog
    Mar 19 at 13:44







  • 1





    This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..

    – Monty Harder
    Mar 19 at 14:58






  • 7





    en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.

    – ThoriumBR
    Mar 19 at 15:03






  • 4





    "Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For example argon2(salt, password) . md5(salt, password) is as easy to brute force as md5(salt, password).

    – Future Security
    Mar 19 at 22:43






  • 3





    @ThoriumBR A good reason to forbid a list of common passwords, as opposed to trying to use arbitrary rules that cover them. ;)

    – jpmc26
    Mar 19 at 22:56
















27














No, you don't increase entropy by hashing it once, or twice, or ten times. Consider entropy as it is seem from the input, not the output. You cannot add entropy using a deterministic process, as the entropy of the result does not count.



Even if you have some code like this:



$password = "123456";
$result = md5($password) . sha1($password) . hash('gost', $password);
echo $result; // e10adc3949ba59abbe56e057f20f
// 8941b84cdecc9c273927ff6d9cca1ae75945990a2cb1f
// 81e5daab52a987f6d788c372


And you end up with a scary looking 136-byte string, the password is still 123456, and any attacker bruteforcing your hashed password will have to try, on average, only once, as 123456 is the top worst password on almost every single list.




If a random password is hashed with md5 will the output provide a 128 bit entropy?




No, MD5 is deterministic, so if the attacker knows the string is a MD5 hash, the entropy of it is the entropy of the random password you supplied.



To make the password more secure, use a proper key derivation (PBKDF2 is a good one), ask the user for a longer password, and check if the user is following basic password rules (no chars repeated in a row, proper length, mixed digits and chars, mixed case, things like that).






share|improve this answer




















  • 1





    The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).

    – Serverfrog
    Mar 19 at 13:44







  • 1





    This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..

    – Monty Harder
    Mar 19 at 14:58






  • 7





    en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.

    – ThoriumBR
    Mar 19 at 15:03






  • 4





    "Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For example argon2(salt, password) . md5(salt, password) is as easy to brute force as md5(salt, password).

    – Future Security
    Mar 19 at 22:43






  • 3





    @ThoriumBR A good reason to forbid a list of common passwords, as opposed to trying to use arbitrary rules that cover them. ;)

    – jpmc26
    Mar 19 at 22:56














27












27








27







No, you don't increase entropy by hashing it once, or twice, or ten times. Consider entropy as it is seem from the input, not the output. You cannot add entropy using a deterministic process, as the entropy of the result does not count.



Even if you have some code like this:



$password = "123456";
$result = md5($password) . sha1($password) . hash('gost', $password);
echo $result; // e10adc3949ba59abbe56e057f20f
// 8941b84cdecc9c273927ff6d9cca1ae75945990a2cb1f
// 81e5daab52a987f6d788c372


And you end up with a scary looking 136-byte string, the password is still 123456, and any attacker bruteforcing your hashed password will have to try, on average, only once, as 123456 is the top worst password on almost every single list.




If a random password is hashed with md5 will the output provide a 128 bit entropy?




No, MD5 is deterministic, so if the attacker knows the string is a MD5 hash, the entropy of it is the entropy of the random password you supplied.



To make the password more secure, use a proper key derivation (PBKDF2 is a good one), ask the user for a longer password, and check if the user is following basic password rules (no chars repeated in a row, proper length, mixed digits and chars, mixed case, things like that).






share|improve this answer















No, you don't increase entropy by hashing it once, or twice, or ten times. Consider entropy as it is seem from the input, not the output. You cannot add entropy using a deterministic process, as the entropy of the result does not count.



Even if you have some code like this:



$password = "123456";
$result = md5($password) . sha1($password) . hash('gost', $password);
echo $result; // e10adc3949ba59abbe56e057f20f
// 8941b84cdecc9c273927ff6d9cca1ae75945990a2cb1f
// 81e5daab52a987f6d788c372


And you end up with a scary looking 136-byte string, the password is still 123456, and any attacker bruteforcing your hashed password will have to try, on average, only once, as 123456 is the top worst password on almost every single list.




If a random password is hashed with md5 will the output provide a 128 bit entropy?




No, MD5 is deterministic, so if the attacker knows the string is a MD5 hash, the entropy of it is the entropy of the random password you supplied.



To make the password more secure, use a proper key derivation (PBKDF2 is a good one), ask the user for a longer password, and check if the user is following basic password rules (no chars repeated in a row, proper length, mixed digits and chars, mixed case, things like that).







share|improve this answer














share|improve this answer



share|improve this answer








edited Mar 19 at 13:46

























answered Mar 19 at 13:35









ThoriumBRThoriumBR

23.7k75772




23.7k75772







  • 1





    The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).

    – Serverfrog
    Mar 19 at 13:44







  • 1





    This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..

    – Monty Harder
    Mar 19 at 14:58






  • 7





    en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.

    – ThoriumBR
    Mar 19 at 15:03






  • 4





    "Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For example argon2(salt, password) . md5(salt, password) is as easy to brute force as md5(salt, password).

    – Future Security
    Mar 19 at 22:43






  • 3





    @ThoriumBR A good reason to forbid a list of common passwords, as opposed to trying to use arbitrary rules that cover them. ;)

    – jpmc26
    Mar 19 at 22:56













  • 1





    The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).

    – Serverfrog
    Mar 19 at 13:44







  • 1





    This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..

    – Monty Harder
    Mar 19 at 14:58






  • 7





    en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.

    – ThoriumBR
    Mar 19 at 15:03






  • 4





    "Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For example argon2(salt, password) . md5(salt, password) is as easy to brute force as md5(salt, password).

    – Future Security
    Mar 19 at 22:43






  • 3





    @ThoriumBR A good reason to forbid a list of common passwords, as opposed to trying to use arbitrary rules that cover them. ;)

    – jpmc26
    Mar 19 at 22:56








1




1





The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).

– Serverfrog
Mar 19 at 13:44






The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).

– Serverfrog
Mar 19 at 13:44





1




1





This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..

– Monty Harder
Mar 19 at 14:58





This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..

– Monty Harder
Mar 19 at 14:58




7




7





en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.

– ThoriumBR
Mar 19 at 15:03





en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.

– ThoriumBR
Mar 19 at 15:03




4




4





"Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For example argon2(salt, password) . md5(salt, password) is as easy to brute force as md5(salt, password).

– Future Security
Mar 19 at 22:43





"Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For example argon2(salt, password) . md5(salt, password) is as easy to brute force as md5(salt, password).

– Future Security
Mar 19 at 22:43




3




3





@ThoriumBR A good reason to forbid a list of common passwords, as opposed to trying to use arbitrary rules that cover them. ;)

– jpmc26
Mar 19 at 22:56






@ThoriumBR A good reason to forbid a list of common passwords, as opposed to trying to use arbitrary rules that cover them. ;)

– jpmc26
Mar 19 at 22:56














4














A key derivation function will not increase the entropy, but it does make things more secure. A KDF has the following functions:



  • It creates a key of the correct length. Many encryption algorithms take a fixed size length, such as 16 bytes. By using a KDF you can use a password of any length.

  • It distributes the entropy of the password over the whole key. Encryption algorithms are meant to work with random-looking keys. If you use 1000000000000000 as key, this can introduce security issues in the encryption algorithm. A KDF scrambles the password into a random-looking key.

  • It takes time. To slow down brute-force attacks, key derivation can be made slow so that attempting many passwords takes an unreasonable amount of time.





share|improve this answer


















  • 1





    Nice answer but it does not cover the part concerning hashing prior to password usage

    – AXANO
    Mar 19 at 8:21











  • Your second point doesn't seem like a pertinent security point to me - a hash is just as likely to end up as 1000000000000000 by chance as it is to be CE8227D9AC87DD92 and I don't believe that a good encryption system is supposed to become any more transparent when using a uniform-looking key as opposed to a random-looking key.

    – thomasrutter
    Mar 20 at 2:16
















4














A key derivation function will not increase the entropy, but it does make things more secure. A KDF has the following functions:



  • It creates a key of the correct length. Many encryption algorithms take a fixed size length, such as 16 bytes. By using a KDF you can use a password of any length.

  • It distributes the entropy of the password over the whole key. Encryption algorithms are meant to work with random-looking keys. If you use 1000000000000000 as key, this can introduce security issues in the encryption algorithm. A KDF scrambles the password into a random-looking key.

  • It takes time. To slow down brute-force attacks, key derivation can be made slow so that attempting many passwords takes an unreasonable amount of time.





share|improve this answer


















  • 1





    Nice answer but it does not cover the part concerning hashing prior to password usage

    – AXANO
    Mar 19 at 8:21











  • Your second point doesn't seem like a pertinent security point to me - a hash is just as likely to end up as 1000000000000000 by chance as it is to be CE8227D9AC87DD92 and I don't believe that a good encryption system is supposed to become any more transparent when using a uniform-looking key as opposed to a random-looking key.

    – thomasrutter
    Mar 20 at 2:16














4












4








4







A key derivation function will not increase the entropy, but it does make things more secure. A KDF has the following functions:



  • It creates a key of the correct length. Many encryption algorithms take a fixed size length, such as 16 bytes. By using a KDF you can use a password of any length.

  • It distributes the entropy of the password over the whole key. Encryption algorithms are meant to work with random-looking keys. If you use 1000000000000000 as key, this can introduce security issues in the encryption algorithm. A KDF scrambles the password into a random-looking key.

  • It takes time. To slow down brute-force attacks, key derivation can be made slow so that attempting many passwords takes an unreasonable amount of time.





share|improve this answer













A key derivation function will not increase the entropy, but it does make things more secure. A KDF has the following functions:



  • It creates a key of the correct length. Many encryption algorithms take a fixed size length, such as 16 bytes. By using a KDF you can use a password of any length.

  • It distributes the entropy of the password over the whole key. Encryption algorithms are meant to work with random-looking keys. If you use 1000000000000000 as key, this can introduce security issues in the encryption algorithm. A KDF scrambles the password into a random-looking key.

  • It takes time. To slow down brute-force attacks, key derivation can be made slow so that attempting many passwords takes an unreasonable amount of time.






share|improve this answer












share|improve this answer



share|improve this answer










answered Mar 19 at 8:18









SjoerdSjoerd

20.4k94865




20.4k94865







  • 1





    Nice answer but it does not cover the part concerning hashing prior to password usage

    – AXANO
    Mar 19 at 8:21











  • Your second point doesn't seem like a pertinent security point to me - a hash is just as likely to end up as 1000000000000000 by chance as it is to be CE8227D9AC87DD92 and I don't believe that a good encryption system is supposed to become any more transparent when using a uniform-looking key as opposed to a random-looking key.

    – thomasrutter
    Mar 20 at 2:16













  • 1





    Nice answer but it does not cover the part concerning hashing prior to password usage

    – AXANO
    Mar 19 at 8:21











  • Your second point doesn't seem like a pertinent security point to me - a hash is just as likely to end up as 1000000000000000 by chance as it is to be CE8227D9AC87DD92 and I don't believe that a good encryption system is supposed to become any more transparent when using a uniform-looking key as opposed to a random-looking key.

    – thomasrutter
    Mar 20 at 2:16








1




1





Nice answer but it does not cover the part concerning hashing prior to password usage

– AXANO
Mar 19 at 8:21





Nice answer but it does not cover the part concerning hashing prior to password usage

– AXANO
Mar 19 at 8:21













Your second point doesn't seem like a pertinent security point to me - a hash is just as likely to end up as 1000000000000000 by chance as it is to be CE8227D9AC87DD92 and I don't believe that a good encryption system is supposed to become any more transparent when using a uniform-looking key as opposed to a random-looking key.

– thomasrutter
Mar 20 at 2:16






Your second point doesn't seem like a pertinent security point to me - a hash is just as likely to end up as 1000000000000000 by chance as it is to be CE8227D9AC87DD92 and I don't believe that a good encryption system is supposed to become any more transparent when using a uniform-looking key as opposed to a random-looking key.

– thomasrutter
Mar 20 at 2:16












3














TL;DR



Hashing a Bad Password before sending it to some Server as Password is more time intensive, uncomfortable and less secure than a simple Password manager.



The Question seems to aim to misuse a Hashing Algorithm as a very simple Password Manager.



Use a real one or any real Password manager.



I will use your example to show why it will be a bad idea:



  • You have the not so "entropy-rich" password 1111111111111

  • it will have the hash 9DCBF642C78137F656BA7C24381AC25B

Now a Attacker get somehow a Database where the Passwords are in clear text (happend to often in the past). And why ever he will accidentally search there for hashes that have know plaintext (the not so "entropy-rich" password is one of it). Now he knows that the user with your username/email uses "1111111111111" and then MD5 it, as Password. What is then the benefit you have? One step more someone must take, but security wise there is no real difference.



Here the Difference what could happend in the Real World:



Your way:



ClearText -- MD5 --> HashedClearText -- sent to Server(HTTP(S))-->| |-- MD5/SHA*/... --> HashedHashedClearText



Normal Way:



ClearText -- sent to Server(HTTP(S)) -->| | -- MD5/SHA*/... --> HashedClearText






share|improve this answer























  • The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems

    – AXANO
    Mar 19 at 13:22











  • avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well

    – Serverfrog
    Mar 19 at 13:24











  • you can be forced to decrypt "portable secure devices"

    – AXANO
    Mar 19 at 13:29






  • 2





    as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)

    – Serverfrog
    Mar 19 at 13:33
















3














TL;DR



Hashing a Bad Password before sending it to some Server as Password is more time intensive, uncomfortable and less secure than a simple Password manager.



The Question seems to aim to misuse a Hashing Algorithm as a very simple Password Manager.



Use a real one or any real Password manager.



I will use your example to show why it will be a bad idea:



  • You have the not so "entropy-rich" password 1111111111111

  • it will have the hash 9DCBF642C78137F656BA7C24381AC25B

Now a Attacker get somehow a Database where the Passwords are in clear text (happend to often in the past). And why ever he will accidentally search there for hashes that have know plaintext (the not so "entropy-rich" password is one of it). Now he knows that the user with your username/email uses "1111111111111" and then MD5 it, as Password. What is then the benefit you have? One step more someone must take, but security wise there is no real difference.



Here the Difference what could happend in the Real World:



Your way:



ClearText -- MD5 --> HashedClearText -- sent to Server(HTTP(S))-->| |-- MD5/SHA*/... --> HashedHashedClearText



Normal Way:



ClearText -- sent to Server(HTTP(S)) -->| | -- MD5/SHA*/... --> HashedClearText






share|improve this answer























  • The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems

    – AXANO
    Mar 19 at 13:22











  • avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well

    – Serverfrog
    Mar 19 at 13:24











  • you can be forced to decrypt "portable secure devices"

    – AXANO
    Mar 19 at 13:29






  • 2





    as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)

    – Serverfrog
    Mar 19 at 13:33














3












3








3







TL;DR



Hashing a Bad Password before sending it to some Server as Password is more time intensive, uncomfortable and less secure than a simple Password manager.



The Question seems to aim to misuse a Hashing Algorithm as a very simple Password Manager.



Use a real one or any real Password manager.



I will use your example to show why it will be a bad idea:



  • You have the not so "entropy-rich" password 1111111111111

  • it will have the hash 9DCBF642C78137F656BA7C24381AC25B

Now a Attacker get somehow a Database where the Passwords are in clear text (happend to often in the past). And why ever he will accidentally search there for hashes that have know plaintext (the not so "entropy-rich" password is one of it). Now he knows that the user with your username/email uses "1111111111111" and then MD5 it, as Password. What is then the benefit you have? One step more someone must take, but security wise there is no real difference.



Here the Difference what could happend in the Real World:



Your way:



ClearText -- MD5 --> HashedClearText -- sent to Server(HTTP(S))-->| |-- MD5/SHA*/... --> HashedHashedClearText



Normal Way:



ClearText -- sent to Server(HTTP(S)) -->| | -- MD5/SHA*/... --> HashedClearText






share|improve this answer













TL;DR



Hashing a Bad Password before sending it to some Server as Password is more time intensive, uncomfortable and less secure than a simple Password manager.



The Question seems to aim to misuse a Hashing Algorithm as a very simple Password Manager.



Use a real one or any real Password manager.



I will use your example to show why it will be a bad idea:



  • You have the not so "entropy-rich" password 1111111111111

  • it will have the hash 9DCBF642C78137F656BA7C24381AC25B

Now a Attacker get somehow a Database where the Passwords are in clear text (happend to often in the past). And why ever he will accidentally search there for hashes that have know plaintext (the not so "entropy-rich" password is one of it). Now he knows that the user with your username/email uses "1111111111111" and then MD5 it, as Password. What is then the benefit you have? One step more someone must take, but security wise there is no real difference.



Here the Difference what could happend in the Real World:



Your way:



ClearText -- MD5 --> HashedClearText -- sent to Server(HTTP(S))-->| |-- MD5/SHA*/... --> HashedHashedClearText



Normal Way:



ClearText -- sent to Server(HTTP(S)) -->| | -- MD5/SHA*/... --> HashedClearText







share|improve this answer












share|improve this answer



share|improve this answer










answered Mar 19 at 13:09









ServerfrogServerfrog

495617




495617












  • The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems

    – AXANO
    Mar 19 at 13:22











  • avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well

    – Serverfrog
    Mar 19 at 13:24











  • you can be forced to decrypt "portable secure devices"

    – AXANO
    Mar 19 at 13:29






  • 2





    as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)

    – Serverfrog
    Mar 19 at 13:33


















  • The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems

    – AXANO
    Mar 19 at 13:22











  • avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well

    – Serverfrog
    Mar 19 at 13:24











  • you can be forced to decrypt "portable secure devices"

    – AXANO
    Mar 19 at 13:29






  • 2





    as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)

    – Serverfrog
    Mar 19 at 13:33

















The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems

– AXANO
Mar 19 at 13:22





The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems

– AXANO
Mar 19 at 13:22













avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well

– Serverfrog
Mar 19 at 13:24





avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well

– Serverfrog
Mar 19 at 13:24













you can be forced to decrypt "portable secure devices"

– AXANO
Mar 19 at 13:29





you can be forced to decrypt "portable secure devices"

– AXANO
Mar 19 at 13:29




2




2





as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)

– Serverfrog
Mar 19 at 13:33






as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)

– Serverfrog
Mar 19 at 13:33


















draft saved

draft discarded
















































Thanks for contributing an answer to Information Security Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f205680%2fhashing-password-to-increase-entropy%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Adding axes to figuresAdding axes labels to LaTeX figuresLaTeX equivalent of ConTeXt buffersRotate a node but not its content: the case of the ellipse decorationHow to define the default vertical distance between nodes?TikZ scaling graphic and adjust node position and keep font sizeNumerical conditional within tikz keys?adding axes to shapesAlign axes across subfiguresAdding figures with a certain orderLine up nested tikz enviroments or how to get rid of themAdding axes labels to LaTeX figures

Image
Fear of getting stuck on one programming language / technology that is not used in my country Is there a single word describing earning money through any means? Why do we read the Megillah by night and by day? Pre-mixing cryogenic fuels and using only one fuel tank Is the U.S. Code copyrighted by the Government? Should I outline or discovery write my stories? What is this called? Old film camera viewer? Does the expansion of the universe explain why the universe doesn't collapse? Removing files under particular conditions (number of files, file age) Argument list too long when zipping large list of certain files in a folder When a Cleric spontaneously casts a Cure Light Wounds spell, will a Pearl of Power recover the original spell or Cure Light Wounds? Non-trope happy ending? Is it better practice to read straight from sheet music rather than memorize it? Do Legal Documents Require Signing In Standard Pen Colors? Does an advisor owe his/her student anyt
Read more

Luettelo Yhdysvaltain laivaston lentotukialuksista Lähteet | Navigointivalikko

Image
Yhdysvaltain lentotukialuksetLuettelot YhdysvalloistaLuettelot laivoista Yhdysvaltain laivastonlentotukialuksetsaattuetukialuksetluettelossa Tämä on luettelo Yhdysvaltain laivaston lentotukialuksista , jossa on lueteltuna luokitukseltaan CV-, CVA-, CVB-, CVL- ja CVN-tyyppiset Yhdysvaltain laivaston lentotukialukset. Pienemmät saattuetukialukset on listattu erillisessä luettelossa. USS Enterprise (CV-6) USS Langley (CV-1), 1920, vaurioitui ilmahyökkäyksessä, upotettu 1942 Lexington-luokka [1] USS Lexington (CV-2), 1925, vaurioitui ilmahyökkäyksessä, upotettu 1942 USS Saratoga (CV-3), 1925, upotettu atomipommitestissä 1946 USS Ranger (CV-4), 1933, ensimmäinen alun alkaen lentotukialukseksi rakennettu Yhdysvaltain laivaston alus, poistettu käytöstä 1946 [2] Yorktown-luokka [3] USS Yorktown (CV-5), 1936, upposi Midwayn taistelun seurauksena 1942 USS Enterprise (CV-6), 1936, poistettu käytöstä 1947 USS Hornet (CV-8), 1940, japanilaisten upottama 1942 USS Wasp (CV-7), 1939, sukell
Read more

Gary (muusikko) Sisällysluettelo Historia | Rockin' High | Lähteet | Aiheesta muualla | NavigointivalikkoInfobox OKTuomas "Gary" Keskinen Ancaran kitaristiksiProjekti Rockin' High

Image
Suomalaiset kitaristitSuomalaiset rockmuusikotVuonna 1980 syntyneet 18. syyskuuta1980LappajärvenTechnicolourNegativenAncaranJimmy WesterlundinUnirecordsinTechnicolourMondayNegativen Tuomas Keskinen Henkilötiedot Syntynyt 18. syyskuuta 1980 (ikä 38) Ammatti muusikko tuottaja säveltäjä Muusikko Taiteilijanimet Gary Tyylilajit rock Soittimet kitara Yhtyeet Technicolour Monday Ancara Negative Levy-yhtiöt EMI Warner Infobox OK Tuomas Mikael ”Gary” Keskinen (s. 18. syyskuuta 1980) on suomalainen kitaristi ja toimii nykyisin muusikkona freelancerina, sekä omassa Forte Silence yhtyeessä. Hänelle myönnettiin Lappajärven kulttuuripalkinto itsenäisyyspäivänä 2006. Keskinen soitti kitaraa myös Technicolour-yhtyeessä. Kevään ja kesän 2008 Keskinen toimi rockyhtye Negativen keikkakitaristina ja 2009 alusta lähtien Ancaran kitaristina. Ancara yhtyeessä Gary lopetti vuonna 2016. [1] . Gary omisti oman levy-yhtiön (Scandal Music Company), jonka artisteihin kuuluvat muun muassa Suomen eturivin Idols
Read more