Hashing password to increase entropyClient side password hashingHashing length for storing passwordMD5 collision attacks: are they relevant in password hashing?Hashing a key: less entropy than the key itselfDoes it make sense to choose a longer password than the output of a hash?comparing password hashing algorithms - PoC ideas?Do you need more than 128-bit entropy?Is there a threshold of bits of entropy below which hashing becomes meaningless?Convert SHA-256 to SHA-1 and MD5 - Increase bit length/entropy?How do user get access to login when passwords are stored in MD5?Are passwords longer than 128 bits useless if hashed with MD5?
Does the Large evolution retroactively increase the cost of Ability Increase evolutions?
What is this type of notehead called?
Is there enough fresh water in the world to eradicate the drinking water crisis?
Are taller landing gear bad for aircraft, particulary large airliners?
Why is .bash_history periodically wiped?
Is camera lens focus an exact point or a range?
Generators of the mapping class group for surfaces with punctures and boundaries
Left multiplication is homeomorphism of topological groups
Why isn't KTEX's runway designation 10/28 instead of 9/27?
In Star Trek IV, why did the Bounty go back to a time when whales were already rare?
What linear sensor for a keyboard?
Fast sudoku solver
Would it be legal for a US State to ban exports of a natural resource?
Can an armblade require double attunement if it integrates a magic weapon that normally requires attunement?
How can "mimic phobia" be cured or prevented?
Indicating multiple different modes of speech (fantasy language or telepathy)
How to deal with loss of decision making power over a change?
Can an arcane focus boost spell attack or damage rolls?
Bob has never been a M before
The verb "to prioritize"
What is the term when two people sing in harmony, but they aren't singing the same notes?
NIntegrate: How can I solve this integral numerically? NIntegrate fails while Integrate works
What would you call a finite collection of unordered objects that are not necessarily distinct?
A social experiment. What is the worst that can happen?
Hashing password to increase entropy
Client side password hashingHashing length for storing passwordMD5 collision attacks: are they relevant in password hashing?Hashing a key: less entropy than the key itselfDoes it make sense to choose a longer password than the output of a hash?comparing password hashing algorithms - PoC ideas?Do you need more than 128-bit entropy?Is there a threshold of bits of entropy below which hashing becomes meaningless?Convert SHA-256 to SHA-1 and MD5 - Increase bit length/entropy?How do user get access to login when passwords are stored in MD5?Are passwords longer than 128 bits useless if hashed with MD5?
Is it secure to hash a password before using it in an application to increase password entropy?
Does this practice increase entropy when a PBKDF is used in the application itself or does the PBKDF itself increase the password entropy?
If a random password is hashed with md5 will the output provide a 128 bit entropy?
EDIT: It is meant to use the result of the hash function as a password for cryptographic functions and applications like AES-256, email and access to computer systems.
The procedure used will be password -> hash of password -> application
EDIT 2: E.g if an email application requests a password during registration, the intended password will be hashed locally before being provided to it.
passwords hash entropy
|
show 12 more comments
Is it secure to hash a password before using it in an application to increase password entropy?
Does this practice increase entropy when a PBKDF is used in the application itself or does the PBKDF itself increase the password entropy?
If a random password is hashed with md5 will the output provide a 128 bit entropy?
EDIT: It is meant to use the result of the hash function as a password for cryptographic functions and applications like AES-256, email and access to computer systems.
The procedure used will be password -> hash of password -> application
EDIT 2: E.g if an email application requests a password during registration, the intended password will be hashed locally before being provided to it.
passwords hash entropy
For what do you want to use it in your application?
– Sjoerd
Mar 19 at 8:00
i edited my question with more information on the application of the password
– AXANO
Mar 19 at 8:04
Do you mean Client side password hashing?
– Sjoerd
Mar 19 at 8:23
10
"If a random password is hashed with md5 will the output provide a 128 bit entropy?" - if the passwords consists of 8 random upper-case characters there are at most 26^8 possibilities which is far from 2^128. Putting some hash behind this will not magically add entropy since a hash is deterministic.
– Steffen Ullrich
Mar 19 at 8:24
6
Again, a hash is a deterministic algorithm. At most you will loose entropy with this (for example when using MD5 on a password with 10000 characters) but never have entropy added.
– Steffen Ullrich
Mar 19 at 8:27
|
show 12 more comments
Is it secure to hash a password before using it in an application to increase password entropy?
Does this practice increase entropy when a PBKDF is used in the application itself or does the PBKDF itself increase the password entropy?
If a random password is hashed with md5 will the output provide a 128 bit entropy?
EDIT: It is meant to use the result of the hash function as a password for cryptographic functions and applications like AES-256, email and access to computer systems.
The procedure used will be password -> hash of password -> application
EDIT 2: E.g if an email application requests a password during registration, the intended password will be hashed locally before being provided to it.
passwords hash entropy
Is it secure to hash a password before using it in an application to increase password entropy?
Does this practice increase entropy when a PBKDF is used in the application itself or does the PBKDF itself increase the password entropy?
If a random password is hashed with md5 will the output provide a 128 bit entropy?
EDIT: It is meant to use the result of the hash function as a password for cryptographic functions and applications like AES-256, email and access to computer systems.
The procedure used will be password -> hash of password -> application
EDIT 2: E.g if an email application requests a password during registration, the intended password will be hashed locally before being provided to it.
passwords hash entropy
passwords hash entropy
edited Mar 19 at 8:45
AXANO
asked Mar 19 at 7:56
AXANOAXANO
633520
633520
For what do you want to use it in your application?
– Sjoerd
Mar 19 at 8:00
i edited my question with more information on the application of the password
– AXANO
Mar 19 at 8:04
Do you mean Client side password hashing?
– Sjoerd
Mar 19 at 8:23
10
"If a random password is hashed with md5 will the output provide a 128 bit entropy?" - if the passwords consists of 8 random upper-case characters there are at most 26^8 possibilities which is far from 2^128. Putting some hash behind this will not magically add entropy since a hash is deterministic.
– Steffen Ullrich
Mar 19 at 8:24
6
Again, a hash is a deterministic algorithm. At most you will loose entropy with this (for example when using MD5 on a password with 10000 characters) but never have entropy added.
– Steffen Ullrich
Mar 19 at 8:27
|
show 12 more comments
For what do you want to use it in your application?
– Sjoerd
Mar 19 at 8:00
i edited my question with more information on the application of the password
– AXANO
Mar 19 at 8:04
Do you mean Client side password hashing?
– Sjoerd
Mar 19 at 8:23
10
"If a random password is hashed with md5 will the output provide a 128 bit entropy?" - if the passwords consists of 8 random upper-case characters there are at most 26^8 possibilities which is far from 2^128. Putting some hash behind this will not magically add entropy since a hash is deterministic.
– Steffen Ullrich
Mar 19 at 8:24
6
Again, a hash is a deterministic algorithm. At most you will loose entropy with this (for example when using MD5 on a password with 10000 characters) but never have entropy added.
– Steffen Ullrich
Mar 19 at 8:27
For what do you want to use it in your application?
– Sjoerd
Mar 19 at 8:00
For what do you want to use it in your application?
– Sjoerd
Mar 19 at 8:00
i edited my question with more information on the application of the password
– AXANO
Mar 19 at 8:04
i edited my question with more information on the application of the password
– AXANO
Mar 19 at 8:04
Do you mean Client side password hashing?
– Sjoerd
Mar 19 at 8:23
Do you mean Client side password hashing?
– Sjoerd
Mar 19 at 8:23
10
10
"If a random password is hashed with md5 will the output provide a 128 bit entropy?" - if the passwords consists of 8 random upper-case characters there are at most 26^8 possibilities which is far from 2^128. Putting some hash behind this will not magically add entropy since a hash is deterministic.
– Steffen Ullrich
Mar 19 at 8:24
"If a random password is hashed with md5 will the output provide a 128 bit entropy?" - if the passwords consists of 8 random upper-case characters there are at most 26^8 possibilities which is far from 2^128. Putting some hash behind this will not magically add entropy since a hash is deterministic.
– Steffen Ullrich
Mar 19 at 8:24
6
6
Again, a hash is a deterministic algorithm. At most you will loose entropy with this (for example when using MD5 on a password with 10000 characters) but never have entropy added.
– Steffen Ullrich
Mar 19 at 8:27
Again, a hash is a deterministic algorithm. At most you will loose entropy with this (for example when using MD5 on a password with 10000 characters) but never have entropy added.
– Steffen Ullrich
Mar 19 at 8:27
|
show 12 more comments
3 Answers
3
active
oldest
votes
No, you don't increase entropy by hashing it once, or twice, or ten times. Consider entropy as it is seem from the input, not the output. You cannot add entropy using a deterministic process, as the entropy of the result does not count.
Even if you have some code like this:
$password = "123456";
$result = md5($password) . sha1($password) . hash('gost', $password);
echo $result; // e10adc3949ba59abbe56e057f20f
// 8941b84cdecc9c273927ff6d9cca1ae75945990a2cb1f
// 81e5daab52a987f6d788c372
And you end up with a scary looking 136-byte string, the password is still 123456
, and any attacker bruteforcing your hashed password will have to try, on average, only once, as 123456
is the top worst password on almost every single list.
If a random password is hashed with md5 will the output provide a 128 bit entropy?
No, MD5 is deterministic, so if the attacker knows the string is a MD5 hash, the entropy of it is the entropy of the random password you supplied.
To make the password more secure, use a proper key derivation (PBKDF2 is a good one), ask the user for a longer password, and check if the user is following basic password rules (no chars repeated in a row, proper length, mixed digits and chars, mixed case, things like that).
1
The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).
– Serverfrog
Mar 19 at 13:44
1
This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..
– Monty Harder
Mar 19 at 14:58
7
en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.
– ThoriumBR
Mar 19 at 15:03
4
"Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For exampleargon2(salt, password) . md5(salt, password)
is as easy to brute force asmd5(salt, password)
.
– Future Security
Mar 19 at 22:43
3
@ThoriumBR A good reason to forbid a list of common passwords, as opposed to trying to use arbitrary rules that cover them. ;)
– jpmc26
Mar 19 at 22:56
|
show 10 more comments
A key derivation function will not increase the entropy, but it does make things more secure. A KDF has the following functions:
- It creates a key of the correct length. Many encryption algorithms take a fixed size length, such as 16 bytes. By using a KDF you can use a password of any length.
- It distributes the entropy of the password over the whole key. Encryption algorithms are meant to work with random-looking keys. If you use
1000000000000000
as key, this can introduce security issues in the encryption algorithm. A KDF scrambles the password into a random-looking key. - It takes time. To slow down brute-force attacks, key derivation can be made slow so that attempting many passwords takes an unreasonable amount of time.
1
Nice answer but it does not cover the part concerning hashing prior to password usage
– AXANO
Mar 19 at 8:21
Your second point doesn't seem like a pertinent security point to me - a hash is just as likely to end up as1000000000000000
by chance as it is to beCE8227D9AC87DD92
and I don't believe that a good encryption system is supposed to become any more transparent when using a uniform-looking key as opposed to a random-looking key.
– thomasrutter
Mar 20 at 2:16
add a comment |
TL;DR
Hashing a Bad Password before sending it to some Server as Password is more time intensive, uncomfortable and less secure than a simple Password manager.
The Question seems to aim to misuse a Hashing Algorithm as a very simple Password Manager.
Use a real one or any real Password manager.
I will use your example to show why it will be a bad idea:
- You have the not so "entropy-rich" password 1111111111111
- it will have the hash 9DCBF642C78137F656BA7C24381AC25B
Now a Attacker get somehow a Database where the Passwords are in clear text (happend to often in the past). And why ever he will accidentally search there for hashes that have know plaintext (the not so "entropy-rich" password is one of it). Now he knows that the user with your username/email uses "1111111111111" and then MD5 it, as Password. What is then the benefit you have? One step more someone must take, but security wise there is no real difference.
Here the Difference what could happend in the Real World:
Your way:
ClearText -- MD5 --> HashedClearText -- sent to Server(HTTP(S))-->| |-- MD5/SHA*/... --> HashedHashedClearText
Normal Way:
ClearText -- sent to Server(HTTP(S)) -->| | -- MD5/SHA*/... --> HashedClearText
The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems
– AXANO
Mar 19 at 13:22
avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well
– Serverfrog
Mar 19 at 13:24
you can be forced to decrypt "portable secure devices"
– AXANO
Mar 19 at 13:29
2
as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)
– Serverfrog
Mar 19 at 13:33
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f205680%2fhashing-password-to-increase-entropy%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
No, you don't increase entropy by hashing it once, or twice, or ten times. Consider entropy as it is seem from the input, not the output. You cannot add entropy using a deterministic process, as the entropy of the result does not count.
Even if you have some code like this:
$password = "123456";
$result = md5($password) . sha1($password) . hash('gost', $password);
echo $result; // e10adc3949ba59abbe56e057f20f
// 8941b84cdecc9c273927ff6d9cca1ae75945990a2cb1f
// 81e5daab52a987f6d788c372
And you end up with a scary looking 136-byte string, the password is still 123456
, and any attacker bruteforcing your hashed password will have to try, on average, only once, as 123456
is the top worst password on almost every single list.
If a random password is hashed with md5 will the output provide a 128 bit entropy?
No, MD5 is deterministic, so if the attacker knows the string is a MD5 hash, the entropy of it is the entropy of the random password you supplied.
To make the password more secure, use a proper key derivation (PBKDF2 is a good one), ask the user for a longer password, and check if the user is following basic password rules (no chars repeated in a row, proper length, mixed digits and chars, mixed case, things like that).
1
The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).
– Serverfrog
Mar 19 at 13:44
1
This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..
– Monty Harder
Mar 19 at 14:58
7
en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.
– ThoriumBR
Mar 19 at 15:03
4
"Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For exampleargon2(salt, password) . md5(salt, password)
is as easy to brute force asmd5(salt, password)
.
– Future Security
Mar 19 at 22:43
3
@ThoriumBR A good reason to forbid a list of common passwords, as opposed to trying to use arbitrary rules that cover them. ;)
– jpmc26
Mar 19 at 22:56
|
show 10 more comments
No, you don't increase entropy by hashing it once, or twice, or ten times. Consider entropy as it is seem from the input, not the output. You cannot add entropy using a deterministic process, as the entropy of the result does not count.
Even if you have some code like this:
$password = "123456";
$result = md5($password) . sha1($password) . hash('gost', $password);
echo $result; // e10adc3949ba59abbe56e057f20f
// 8941b84cdecc9c273927ff6d9cca1ae75945990a2cb1f
// 81e5daab52a987f6d788c372
And you end up with a scary looking 136-byte string, the password is still 123456
, and any attacker bruteforcing your hashed password will have to try, on average, only once, as 123456
is the top worst password on almost every single list.
If a random password is hashed with md5 will the output provide a 128 bit entropy?
No, MD5 is deterministic, so if the attacker knows the string is a MD5 hash, the entropy of it is the entropy of the random password you supplied.
To make the password more secure, use a proper key derivation (PBKDF2 is a good one), ask the user for a longer password, and check if the user is following basic password rules (no chars repeated in a row, proper length, mixed digits and chars, mixed case, things like that).
1
The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).
– Serverfrog
Mar 19 at 13:44
1
This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..
– Monty Harder
Mar 19 at 14:58
7
en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.
– ThoriumBR
Mar 19 at 15:03
4
"Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For exampleargon2(salt, password) . md5(salt, password)
is as easy to brute force asmd5(salt, password)
.
– Future Security
Mar 19 at 22:43
3
@ThoriumBR A good reason to forbid a list of common passwords, as opposed to trying to use arbitrary rules that cover them. ;)
– jpmc26
Mar 19 at 22:56
|
show 10 more comments
No, you don't increase entropy by hashing it once, or twice, or ten times. Consider entropy as it is seem from the input, not the output. You cannot add entropy using a deterministic process, as the entropy of the result does not count.
Even if you have some code like this:
$password = "123456";
$result = md5($password) . sha1($password) . hash('gost', $password);
echo $result; // e10adc3949ba59abbe56e057f20f
// 8941b84cdecc9c273927ff6d9cca1ae75945990a2cb1f
// 81e5daab52a987f6d788c372
And you end up with a scary looking 136-byte string, the password is still 123456
, and any attacker bruteforcing your hashed password will have to try, on average, only once, as 123456
is the top worst password on almost every single list.
If a random password is hashed with md5 will the output provide a 128 bit entropy?
No, MD5 is deterministic, so if the attacker knows the string is a MD5 hash, the entropy of it is the entropy of the random password you supplied.
To make the password more secure, use a proper key derivation (PBKDF2 is a good one), ask the user for a longer password, and check if the user is following basic password rules (no chars repeated in a row, proper length, mixed digits and chars, mixed case, things like that).
No, you don't increase entropy by hashing it once, or twice, or ten times. Consider entropy as it is seem from the input, not the output. You cannot add entropy using a deterministic process, as the entropy of the result does not count.
Even if you have some code like this:
$password = "123456";
$result = md5($password) . sha1($password) . hash('gost', $password);
echo $result; // e10adc3949ba59abbe56e057f20f
// 8941b84cdecc9c273927ff6d9cca1ae75945990a2cb1f
// 81e5daab52a987f6d788c372
And you end up with a scary looking 136-byte string, the password is still 123456
, and any attacker bruteforcing your hashed password will have to try, on average, only once, as 123456
is the top worst password on almost every single list.
If a random password is hashed with md5 will the output provide a 128 bit entropy?
No, MD5 is deterministic, so if the attacker knows the string is a MD5 hash, the entropy of it is the entropy of the random password you supplied.
To make the password more secure, use a proper key derivation (PBKDF2 is a good one), ask the user for a longer password, and check if the user is following basic password rules (no chars repeated in a row, proper length, mixed digits and chars, mixed case, things like that).
edited Mar 19 at 13:46
answered Mar 19 at 13:35
ThoriumBRThoriumBR
23.7k75772
23.7k75772
1
The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).
– Serverfrog
Mar 19 at 13:44
1
This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..
– Monty Harder
Mar 19 at 14:58
7
en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.
– ThoriumBR
Mar 19 at 15:03
4
"Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For exampleargon2(salt, password) . md5(salt, password)
is as easy to brute force asmd5(salt, password)
.
– Future Security
Mar 19 at 22:43
3
@ThoriumBR A good reason to forbid a list of common passwords, as opposed to trying to use arbitrary rules that cover them. ;)
– jpmc26
Mar 19 at 22:56
|
show 10 more comments
1
The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).
– Serverfrog
Mar 19 at 13:44
1
This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..
– Monty Harder
Mar 19 at 14:58
7
en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.
– ThoriumBR
Mar 19 at 15:03
4
"Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For exampleargon2(salt, password) . md5(salt, password)
is as easy to brute force asmd5(salt, password)
.
– Future Security
Mar 19 at 22:43
3
@ThoriumBR A good reason to forbid a list of common passwords, as opposed to trying to use arbitrary rules that cover them. ;)
– jpmc26
Mar 19 at 22:56
1
1
The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).
– Serverfrog
Mar 19 at 13:44
The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).
– Serverfrog
Mar 19 at 13:44
1
1
This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..
– Monty Harder
Mar 19 at 14:58
This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..
– Monty Harder
Mar 19 at 14:58
7
7
en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.
– ThoriumBR
Mar 19 at 15:03
en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.
– ThoriumBR
Mar 19 at 15:03
4
4
"Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For example
argon2(salt, password) . md5(salt, password)
is as easy to brute force as md5(salt, password)
.– Future Security
Mar 19 at 22:43
"Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For example
argon2(salt, password) . md5(salt, password)
is as easy to brute force as md5(salt, password)
.– Future Security
Mar 19 at 22:43
3
3
@ThoriumBR A good reason to forbid a list of common passwords, as opposed to trying to use arbitrary rules that cover them. ;)
– jpmc26
Mar 19 at 22:56
@ThoriumBR A good reason to forbid a list of common passwords, as opposed to trying to use arbitrary rules that cover them. ;)
– jpmc26
Mar 19 at 22:56
|
show 10 more comments
A key derivation function will not increase the entropy, but it does make things more secure. A KDF has the following functions:
- It creates a key of the correct length. Many encryption algorithms take a fixed size length, such as 16 bytes. By using a KDF you can use a password of any length.
- It distributes the entropy of the password over the whole key. Encryption algorithms are meant to work with random-looking keys. If you use
1000000000000000
as key, this can introduce security issues in the encryption algorithm. A KDF scrambles the password into a random-looking key. - It takes time. To slow down brute-force attacks, key derivation can be made slow so that attempting many passwords takes an unreasonable amount of time.
1
Nice answer but it does not cover the part concerning hashing prior to password usage
– AXANO
Mar 19 at 8:21
Your second point doesn't seem like a pertinent security point to me - a hash is just as likely to end up as1000000000000000
by chance as it is to beCE8227D9AC87DD92
and I don't believe that a good encryption system is supposed to become any more transparent when using a uniform-looking key as opposed to a random-looking key.
– thomasrutter
Mar 20 at 2:16
add a comment |
A key derivation function will not increase the entropy, but it does make things more secure. A KDF has the following functions:
- It creates a key of the correct length. Many encryption algorithms take a fixed size length, such as 16 bytes. By using a KDF you can use a password of any length.
- It distributes the entropy of the password over the whole key. Encryption algorithms are meant to work with random-looking keys. If you use
1000000000000000
as key, this can introduce security issues in the encryption algorithm. A KDF scrambles the password into a random-looking key. - It takes time. To slow down brute-force attacks, key derivation can be made slow so that attempting many passwords takes an unreasonable amount of time.
1
Nice answer but it does not cover the part concerning hashing prior to password usage
– AXANO
Mar 19 at 8:21
Your second point doesn't seem like a pertinent security point to me - a hash is just as likely to end up as1000000000000000
by chance as it is to beCE8227D9AC87DD92
and I don't believe that a good encryption system is supposed to become any more transparent when using a uniform-looking key as opposed to a random-looking key.
– thomasrutter
Mar 20 at 2:16
add a comment |
A key derivation function will not increase the entropy, but it does make things more secure. A KDF has the following functions:
- It creates a key of the correct length. Many encryption algorithms take a fixed size length, such as 16 bytes. By using a KDF you can use a password of any length.
- It distributes the entropy of the password over the whole key. Encryption algorithms are meant to work with random-looking keys. If you use
1000000000000000
as key, this can introduce security issues in the encryption algorithm. A KDF scrambles the password into a random-looking key. - It takes time. To slow down brute-force attacks, key derivation can be made slow so that attempting many passwords takes an unreasonable amount of time.
A key derivation function will not increase the entropy, but it does make things more secure. A KDF has the following functions:
- It creates a key of the correct length. Many encryption algorithms take a fixed size length, such as 16 bytes. By using a KDF you can use a password of any length.
- It distributes the entropy of the password over the whole key. Encryption algorithms are meant to work with random-looking keys. If you use
1000000000000000
as key, this can introduce security issues in the encryption algorithm. A KDF scrambles the password into a random-looking key. - It takes time. To slow down brute-force attacks, key derivation can be made slow so that attempting many passwords takes an unreasonable amount of time.
answered Mar 19 at 8:18
SjoerdSjoerd
20.4k94865
20.4k94865
1
Nice answer but it does not cover the part concerning hashing prior to password usage
– AXANO
Mar 19 at 8:21
Your second point doesn't seem like a pertinent security point to me - a hash is just as likely to end up as1000000000000000
by chance as it is to beCE8227D9AC87DD92
and I don't believe that a good encryption system is supposed to become any more transparent when using a uniform-looking key as opposed to a random-looking key.
– thomasrutter
Mar 20 at 2:16
add a comment |
1
Nice answer but it does not cover the part concerning hashing prior to password usage
– AXANO
Mar 19 at 8:21
Your second point doesn't seem like a pertinent security point to me - a hash is just as likely to end up as1000000000000000
by chance as it is to beCE8227D9AC87DD92
and I don't believe that a good encryption system is supposed to become any more transparent when using a uniform-looking key as opposed to a random-looking key.
– thomasrutter
Mar 20 at 2:16
1
1
Nice answer but it does not cover the part concerning hashing prior to password usage
– AXANO
Mar 19 at 8:21
Nice answer but it does not cover the part concerning hashing prior to password usage
– AXANO
Mar 19 at 8:21
Your second point doesn't seem like a pertinent security point to me - a hash is just as likely to end up as
1000000000000000
by chance as it is to be CE8227D9AC87DD92
and I don't believe that a good encryption system is supposed to become any more transparent when using a uniform-looking key as opposed to a random-looking key.– thomasrutter
Mar 20 at 2:16
Your second point doesn't seem like a pertinent security point to me - a hash is just as likely to end up as
1000000000000000
by chance as it is to be CE8227D9AC87DD92
and I don't believe that a good encryption system is supposed to become any more transparent when using a uniform-looking key as opposed to a random-looking key.– thomasrutter
Mar 20 at 2:16
add a comment |
TL;DR
Hashing a Bad Password before sending it to some Server as Password is more time intensive, uncomfortable and less secure than a simple Password manager.
The Question seems to aim to misuse a Hashing Algorithm as a very simple Password Manager.
Use a real one or any real Password manager.
I will use your example to show why it will be a bad idea:
- You have the not so "entropy-rich" password 1111111111111
- it will have the hash 9DCBF642C78137F656BA7C24381AC25B
Now a Attacker get somehow a Database where the Passwords are in clear text (happend to often in the past). And why ever he will accidentally search there for hashes that have know plaintext (the not so "entropy-rich" password is one of it). Now he knows that the user with your username/email uses "1111111111111" and then MD5 it, as Password. What is then the benefit you have? One step more someone must take, but security wise there is no real difference.
Here the Difference what could happend in the Real World:
Your way:
ClearText -- MD5 --> HashedClearText -- sent to Server(HTTP(S))-->| |-- MD5/SHA*/... --> HashedHashedClearText
Normal Way:
ClearText -- sent to Server(HTTP(S)) -->| | -- MD5/SHA*/... --> HashedClearText
The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems
– AXANO
Mar 19 at 13:22
avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well
– Serverfrog
Mar 19 at 13:24
you can be forced to decrypt "portable secure devices"
– AXANO
Mar 19 at 13:29
2
as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)
– Serverfrog
Mar 19 at 13:33
add a comment |
TL;DR
Hashing a Bad Password before sending it to some Server as Password is more time intensive, uncomfortable and less secure than a simple Password manager.
The Question seems to aim to misuse a Hashing Algorithm as a very simple Password Manager.
Use a real one or any real Password manager.
I will use your example to show why it will be a bad idea:
- You have the not so "entropy-rich" password 1111111111111
- it will have the hash 9DCBF642C78137F656BA7C24381AC25B
Now a Attacker get somehow a Database where the Passwords are in clear text (happend to often in the past). And why ever he will accidentally search there for hashes that have know plaintext (the not so "entropy-rich" password is one of it). Now he knows that the user with your username/email uses "1111111111111" and then MD5 it, as Password. What is then the benefit you have? One step more someone must take, but security wise there is no real difference.
Here the Difference what could happend in the Real World:
Your way:
ClearText -- MD5 --> HashedClearText -- sent to Server(HTTP(S))-->| |-- MD5/SHA*/... --> HashedHashedClearText
Normal Way:
ClearText -- sent to Server(HTTP(S)) -->| | -- MD5/SHA*/... --> HashedClearText
The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems
– AXANO
Mar 19 at 13:22
avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well
– Serverfrog
Mar 19 at 13:24
you can be forced to decrypt "portable secure devices"
– AXANO
Mar 19 at 13:29
2
as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)
– Serverfrog
Mar 19 at 13:33
add a comment |
TL;DR
Hashing a Bad Password before sending it to some Server as Password is more time intensive, uncomfortable and less secure than a simple Password manager.
The Question seems to aim to misuse a Hashing Algorithm as a very simple Password Manager.
Use a real one or any real Password manager.
I will use your example to show why it will be a bad idea:
- You have the not so "entropy-rich" password 1111111111111
- it will have the hash 9DCBF642C78137F656BA7C24381AC25B
Now a Attacker get somehow a Database where the Passwords are in clear text (happend to often in the past). And why ever he will accidentally search there for hashes that have know plaintext (the not so "entropy-rich" password is one of it). Now he knows that the user with your username/email uses "1111111111111" and then MD5 it, as Password. What is then the benefit you have? One step more someone must take, but security wise there is no real difference.
Here the Difference what could happend in the Real World:
Your way:
ClearText -- MD5 --> HashedClearText -- sent to Server(HTTP(S))-->| |-- MD5/SHA*/... --> HashedHashedClearText
Normal Way:
ClearText -- sent to Server(HTTP(S)) -->| | -- MD5/SHA*/... --> HashedClearText
TL;DR
Hashing a Bad Password before sending it to some Server as Password is more time intensive, uncomfortable and less secure than a simple Password manager.
The Question seems to aim to misuse a Hashing Algorithm as a very simple Password Manager.
Use a real one or any real Password manager.
I will use your example to show why it will be a bad idea:
- You have the not so "entropy-rich" password 1111111111111
- it will have the hash 9DCBF642C78137F656BA7C24381AC25B
Now a Attacker get somehow a Database where the Passwords are in clear text (happend to often in the past). And why ever he will accidentally search there for hashes that have know plaintext (the not so "entropy-rich" password is one of it). Now he knows that the user with your username/email uses "1111111111111" and then MD5 it, as Password. What is then the benefit you have? One step more someone must take, but security wise there is no real difference.
Here the Difference what could happend in the Real World:
Your way:
ClearText -- MD5 --> HashedClearText -- sent to Server(HTTP(S))-->| |-- MD5/SHA*/... --> HashedHashedClearText
Normal Way:
ClearText -- sent to Server(HTTP(S)) -->| | -- MD5/SHA*/... --> HashedClearText
answered Mar 19 at 13:09
ServerfrogServerfrog
495617
495617
The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems
– AXANO
Mar 19 at 13:22
avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well
– Serverfrog
Mar 19 at 13:24
you can be forced to decrypt "portable secure devices"
– AXANO
Mar 19 at 13:29
2
as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)
– Serverfrog
Mar 19 at 13:33
add a comment |
The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems
– AXANO
Mar 19 at 13:22
avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well
– Serverfrog
Mar 19 at 13:24
you can be forced to decrypt "portable secure devices"
– AXANO
Mar 19 at 13:29
2
as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)
– Serverfrog
Mar 19 at 13:33
The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems
– AXANO
Mar 19 at 13:22
The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems
– AXANO
Mar 19 at 13:22
avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well
– Serverfrog
Mar 19 at 13:24
avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well
– Serverfrog
Mar 19 at 13:24
you can be forced to decrypt "portable secure devices"
– AXANO
Mar 19 at 13:29
you can be forced to decrypt "portable secure devices"
– AXANO
Mar 19 at 13:29
2
2
as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)
– Serverfrog
Mar 19 at 13:33
as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)
– Serverfrog
Mar 19 at 13:33
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f205680%2fhashing-password-to-increase-entropy%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
For what do you want to use it in your application?
– Sjoerd
Mar 19 at 8:00
i edited my question with more information on the application of the password
– AXANO
Mar 19 at 8:04
Do you mean Client side password hashing?
– Sjoerd
Mar 19 at 8:23
10
"If a random password is hashed with md5 will the output provide a 128 bit entropy?" - if the passwords consists of 8 random upper-case characters there are at most 26^8 possibilities which is far from 2^128. Putting some hash behind this will not magically add entropy since a hash is deterministic.
– Steffen Ullrich
Mar 19 at 8:24
6
Again, a hash is a deterministic algorithm. At most you will loose entropy with this (for example when using MD5 on a password with 10000 characters) but never have entropy added.
– Steffen Ullrich
Mar 19 at 8:27