When working on a website application, me and a friend asked a security expert (

Question

When working on a website application, me and a friend asked a security expert (works at IBM) how to handle storing passwords. After hours of google searches (resulting in hours of security.stackexchange.com exploration), I determined that having a user database with the salt in the DB is secure, as long as it's a per-user salt and a slow hashing algoritm.

The security expert said that if the DB was compromised, everything was compromised, which is true. He suggested "one way encryption", which...I don't really get. Isn't hashing, by definition, one way, whilst encryption, by definition, isn't?

If anyone could clear this up, that'd be great.

Explanation / Answer

You are correct. Hashing is not invertible and encryption is. The security expert is talking through his hat.

The "pepper" that cpast is talking about is the key of a keyed hash. In that case, there are three components in the input to the hash algorithm: the password, the salt, and the key. If the database is compromised, the salt is compromised, but the key is not. If the key is of non-trivial length, like 128 bits, recovering the password from hash and salt alone is probably not possible. (Strictly speaking, it is an "intractable" problem. One knows how to to it -- try all possible key values -- one just cannot do it in reasonable time.)

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.