December 06, 2012

A new attack makes some password cracking faster, easier than ever.  A researcher has devised a method that reduces the time and resources required to crack passwords that are protected by the SHA1 cryptographic algorithm.

First, some context. One of the main use cases for hashing function, such as the SHA-1 function, is to store passwords securely. When attackers obtain such hashed password, they need to launch a “brute force” attack against it, in order to reveal the password. “Brute force” means, they need to repeatedly guess the password, apply the hashing function on it and compare the result with their hash password they have. The security researcher has found an algorithmic shortcut in SHA-1 calculation that makes the computation easier, thus reducing the time needed to successfully “brute force” an attack.

But it should not surprise the security community, as the writing was on the wall. When a crypto hash is weakened (i.e., discovered to be less secured than perceived), it usually marks the start of its downfall and SHA 1 has been weakened since 2004.  This chart of the state of popular crypto hashes from 2009 (http://valerieaurora.org/monkey.html) shows just that:

Lifecycles
 

The corollary?  In case the hashing is done for security (e.g. hash user passwords, verify data integrity, etc.):

  • MD5 is dead and should never be used.
  • SHA-1 is going in the same direction.  Consider an upgrade of existing systems and definitely don't use it for new systems.

A smart choice would be to follow the U.S. National Institute of Standards and Technology (NIST) recommendation for federal agencies: "Federal agencies should stop using SHA-1 for generating digital signatures, generating time stamps and for other applications that require collision resistance." 

Best option? Use a hash function from SHA-2 family, such as the SHA256.

 

 

Share:
Share on LinkedIn

Posted by Imperva Blogger at 01:15:26 PM


Tags:

Comments

  • Both the above comments are very good and give solid recommendations. However, this blog is focused on choosing the right hashing algorithm when hashing is appropriate and not about the best way to protect passwords.

  • SHA256 is indeed a better hashing algorithm, but that doesn't mean it is the best option for protecting passwords.

    Many experts are recommending moving away from general purpose hashing algorithms for passwords and using an algorithm designed to slow down cracking attempts. This means using something like scrypt or PBKDF2.

    And if those aren't an option, adding unique password salting is a must.

  • Don't use SHA-256 for passwords. It's still okay for other uses, but it's not a password hash. Use bcrypt, scrypt or PBKDF2.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.