Comments on: About Secure Password Hashing

By: Thomas

Thomas — Wed, 18 Jun 2014 12:32:27 +0000

As usual, a blog article about security frightens me! It's really about time that operating systems implement two way authentication via phone.

It's the only thing that makes me feel safe for my email account, and I'd like to feel the same way about my databases and user accounts in other places.

By: AlexWebr

AlexWebr — Sun, 15 Sep 2013 16:10:45 +0000

Small correction: saying an 8-character random password has 128^8 possibilities is not completely accurate. The first 32 (and the last 1) ASCII characters are control characters and are not considered "printable". For a lot of them, the browser will treat them specially (tab, delete, and CR/LF come to mind). It's very unlikely that they would be accepted by a login form. 95 is a better base to use (an 8-character random password being 95^8).

By: CodesInChaos

CodesInChaos — Sat, 14 Sep 2013 15:11:48 +0000

The suitability of a hash-function depends on how fast the function is in software compared to how expensive it is to implement in hardware. both SHA-2 and SHA-3 are relatively cheap in hardware, but SHA-3 is probably even a bit more hardware friendly.

The quality of your software implementation is pretty important for this ratio as well. For example .net's implementation(Rfc2898DeriveBytes) is horribly slow compared to a good implementation. With a good implementation you can choose a higher iteration count (and thus higher security) at the same performance cost.

By: lucaskauffman

lucaskauffman — Sat, 14 Sep 2013 14:15:33 +0000

SHA-3 is fast on hardware, it's A LOT faster than SHA-2, that's why it's worse than SHA-2.

By: Paŭlo Ebermann

Paŭlo Ebermann — Sat, 14 Sep 2013 13:39:10 +0000

The part about PBKDF2 is a bit confusing between usage of SHA-1 and usage of an arbitrary PRF. Also it is not clear in what manner PBKDF-2 with SHA-3 would be worse than the SHA-2 variants – easier to brute-force?