Hashing password to increase entropyClient side password hashingHashing length for storing passwordMD5 collision attacks: are they relevant in password hashing?Hashing a key: less entropy than the key itselfDoes it make sense to choose a longer password than the output of a hash?comparing password hashing algorithms - PoC ideas?Do you need more than 128-bit entropy?Is there a threshold of bits of entropy below which hashing becomes meaningless?Convert SHA-256 to SHA-1 and MD5 - Increase bit length/entropy?How do user get access to login when passwords are stored in MD5?Are passwords longer than 128 bits useless if hashed with MD5?
What is going on with Captain Marvel's blood colour?
Why doesn't H₄O²⁺ exist?
Did Shadowfax go to Valinor?
Cronab fails because shell path not found
I Accidentally Deleted a Stock Terminal Theme
Doing something right before you need it - expression for this?
Alternative to sending password over mail?
Withdrawals from HSA
Can I ask the recruiters in my resume to put the reason why I am rejected?
Is it canonical bit space?
Issue with type force PATH search
Why does Optional.map make this assignment work?
A geometry theory without irrational numbers?
Why is Collection not simply treated as Collection<?>
Why can't we play rap on piano?
Plain language with long required phrases
Find the age of the oldest file in one line or return zero
Why is it a bad idea to hire a hitman to eliminate most corrupt politicians?
Is it possible to download Internet Explorer on my Mac running OS X El Capitan?
Is it inappropriate for a student to attend their mentor's dissertation defense?
Could gravitational lensing be used to protect a spaceship from a laser?
How badly should I try to prevent a user from XSSing themselves?
A reference to a well-known characterization of scattered compact spaces
Were any external disk drives stacked vertically?
Hashing password to increase entropy
Client side password hashingHashing length for storing passwordMD5 collision attacks: are they relevant in password hashing?Hashing a key: less entropy than the key itselfDoes it make sense to choose a longer password than the output of a hash?comparing password hashing algorithms - PoC ideas?Do you need more than 128-bit entropy?Is there a threshold of bits of entropy below which hashing becomes meaningless?Convert SHA-256 to SHA-1 and MD5 - Increase bit length/entropy?How do user get access to login when passwords are stored in MD5?Are passwords longer than 128 bits useless if hashed with MD5?
Is it secure to hash a password before using it in an application to increase password entropy?
Does this practice increase entropy when a PBKDF is used in the application itself or does the PBKDF itself increase the password entropy?
If a random password is hashed with md5 will the output provide a 128 bit entropy?
EDIT: It is meant to use the result of the hash function as a password for cryptographic functions and applications like AES-256, email and access to computer systems.
The procedure used will be password -> hash of password -> application
EDIT 2: E.g if an email application requests a password during registration, the intended password will be hashed locally before being provided to it.
passwords hash entropy
asked Mar 19 at 7:56
AXANOAXANO
633520
|
show 12 more comments
Is it secure to hash a password before using it in an application to increase password entropy?
Does this practice increase entropy when a PBKDF is used in the application itself or does the PBKDF itself increase the password entropy?
If a random password is hashed with md5 will the output provide a 128 bit entropy?
EDIT: It is meant to use the result of the hash function as a password for cryptographic functions and applications like AES-256, email and access to computer systems.
The procedure used will be password -> hash of password -> application
EDIT 2: E.g if an email application requests a password during registration, the intended password will be hashed locally before being provided to it.
passwords hash entropy
asked Mar 19 at 7:56
AXANOAXANO
633520
For what do you want to use it in your application?
– Sjoerd
Mar 19 at 8:00
i edited my question with more information on the application of the password
– AXANO
Mar 19 at 8:04
Do you mean Client side password hashing?
– Sjoerd
Mar 19 at 8:23
10
"If a random password is hashed with md5 will the output provide a 128 bit entropy?" - if the passwords consists of 8 random upper-case characters there are at most 26^8 possibilities which is far from 2^128. Putting some hash behind this will not magically add entropy since a hash is deterministic.
– Steffen Ullrich
Mar 19 at 8:24
6
Again, a hash is a deterministic algorithm. At most you will loose entropy with this (for example when using MD5 on a password with 10000 characters) but never have entropy added.
– Steffen Ullrich
Mar 19 at 8:27
|
show 12 more comments
Is it secure to hash a password before using it in an application to increase password entropy?
Does this practice increase entropy when a PBKDF is used in the application itself or does the PBKDF itself increase the password entropy?
If a random password is hashed with md5 will the output provide a 128 bit entropy?
EDIT: It is meant to use the result of the hash function as a password for cryptographic functions and applications like AES-256, email and access to computer systems.
The procedure used will be password -> hash of password -> application
EDIT 2: E.g if an email application requests a password during registration, the intended password will be hashed locally before being provided to it.
passwords hash entropy
asked Mar 19 at 7:56
AXANOAXANO
633520
Is it secure to hash a password before using it in an application to increase password entropy?
Does this practice increase entropy when a PBKDF is used in the application itself or does the PBKDF itself increase the password entropy?
If a random password is hashed with md5 will the output provide a 128 bit entropy?
EDIT: It is meant to use the result of the hash function as a password for cryptographic functions and applications like AES-256, email and access to computer systems.
The procedure used will be password -> hash of password -> application
EDIT 2: E.g if an email application requests a password during registration, the intended password will be hashed locally before being provided to it.
passwords hash entropy
passwords hash entropy
asked Mar 19 at 7:56
AXANOAXANO
633520
asked Mar 19 at 7:56
AXANOAXANO
633520
edited Mar 19 at 8:45
AXANO
asked Mar 19 at 7:56
AXANOAXANO
633520
asked Mar 19 at 7:56
AXANOAXANO
633520
asked Mar 19 at 7:56
AXANOAXANO
633520
633520
For what do you want to use it in your application?
– Sjoerd
Mar 19 at 8:00
i edited my question with more information on the application of the password
– AXANO
Mar 19 at 8:04
Do you mean Client side password hashing?
– Sjoerd
Mar 19 at 8:23
10
"If a random password is hashed with md5 will the output provide a 128 bit entropy?" - if the passwords consists of 8 random upper-case characters there are at most 26^8 possibilities which is far from 2^128. Putting some hash behind this will not magically add entropy since a hash is deterministic.
– Steffen Ullrich
Mar 19 at 8:24
6
Again, a hash is a deterministic algorithm. At most you will loose entropy with this (for example when using MD5 on a password with 10000 characters) but never have entropy added.
– Steffen Ullrich
Mar 19 at 8:27
|
show 12 more comments
For what do you want to use it in your application?
– Sjoerd
Mar 19 at 8:00
i edited my question with more information on the application of the password
– AXANO
Mar 19 at 8:04
Do you mean Client side password hashing?
– Sjoerd
Mar 19 at 8:23
10
"If a random password is hashed with md5 will the output provide a 128 bit entropy?" - if the passwords consists of 8 random upper-case characters there are at most 26^8 possibilities which is far from 2^128. Putting some hash behind this will not magically add entropy since a hash is deterministic.
– Steffen Ullrich
Mar 19 at 8:24
6
Again, a hash is a deterministic algorithm. At most you will loose entropy with this (for example when using MD5 on a password with 10000 characters) but never have entropy added.
– Steffen Ullrich
Mar 19 at 8:27
For what do you want to use it in your application?
– Sjoerd
Mar 19 at 8:00
For what do you want to use it in your application?
– Sjoerd
Mar 19 at 8:00
i edited my question with more information on the application of the password
– AXANO
Mar 19 at 8:04
i edited my question with more information on the application of the password
– AXANO
Mar 19 at 8:04
Do you mean Client side password hashing?
– Sjoerd
Mar 19 at 8:23
Do you mean Client side password hashing?
– Sjoerd
Mar 19 at 8:23
10
10
"If a random password is hashed with md5 will the output provide a 128 bit entropy?" - if the passwords consists of 8 random upper-case characters there are at most 26^8 possibilities which is far from 2^128. Putting some hash behind this will not magically add entropy since a hash is deterministic.
– Steffen Ullrich
Mar 19 at 8:24
"If a random password is hashed with md5 will the output provide a 128 bit entropy?" - if the passwords consists of 8 random upper-case characters there are at most 26^8 possibilities which is far from 2^128. Putting some hash behind this will not magically add entropy since a hash is deterministic.
– Steffen Ullrich
Mar 19 at 8:24
6
6
Again, a hash is a deterministic algorithm. At most you will loose entropy with this (for example when using MD5 on a password with 10000 characters) but never have entropy added.
– Steffen Ullrich
Mar 19 at 8:27
Again, a hash is a deterministic algorithm. At most you will loose entropy with this (for example when using MD5 on a password with 10000 characters) but never have entropy added.
– Steffen Ullrich
Mar 19 at 8:27
|
show 12 more comments
3 Answers
3
active
oldest
votes
No, you don't increase entropy by hashing it once, or twice, or ten times. Consider entropy as it is seem from the input, not the output. You cannot add entropy using a deterministic process, as the entropy of the result does not count.
Even if you have some code like this:
$password = "123456";
$result = md5($password) . sha1($password) . hash('gost', $password);
echo $result; // e10adc3949ba59abbe56e057f20f
// 8941b84cdecc9c273927ff6d9cca1ae75945990a2cb1f
// 81e5daab52a987f6d788c372
And you end up with a scary looking 136-byte string, the password is still 123456, and any attacker bruteforcing your hashed password will have to try, on average, only once, as 123456 is the top worst password on almost every single list.
If a random password is hashed with md5 will the output provide a 128 bit entropy?
No, MD5 is deterministic, so if the attacker knows the string is a MD5 hash, the entropy of it is the entropy of the random password you supplied.
To make the password more secure, use a proper key derivation (PBKDF2 is a good one), ask the user for a longer password, and check if the user is following basic password rules (no chars repeated in a row, proper length, mixed digits and chars, mixed case, things like that).
answered Mar 19 at 13:35
ThoriumBRThoriumBR
24.5k85874
1
The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).
– Serverfrog
Mar 19 at 13:44
1
This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..
– Monty Harder
Mar 19 at 14:58
7
en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.
– ThoriumBR
Mar 19 at 15:03
4
"Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For exampleargon2(salt, password) . md5(salt, password)is as easy to brute force asmd5(salt, password).
– Future Security
Mar 19 at 22:43
3
@ThoriumBR A good reason to forbid a list of common passwords, as opposed to trying to use arbitrary rules that cover them. ;)
– jpmc26
Mar 19 at 22:56
|
show 10 more comments
A key derivation function will not increase the entropy, but it does make things more secure. A KDF has the following functions:
- It creates a key of the correct length. Many encryption algorithms take a fixed size length, such as 16 bytes. By using a KDF you can use a password of any length.
- It distributes the entropy of the password over the whole key. Encryption algorithms are meant to work with random-looking keys. If you use
1000000000000000as key, this can introduce security issues in the encryption algorithm. A KDF scrambles the password into a random-looking key. - It takes time. To slow down brute-force attacks, key derivation can be made slow so that attempting many passwords takes an unreasonable amount of time.
answered Mar 19 at 8:18
SjoerdSjoerd
20.6k94865
1
Nice answer but it does not cover the part concerning hashing prior to password usage
– AXANO
Mar 19 at 8:21
Your second point doesn't seem like a pertinent security point to me - a hash is just as likely to end up as1000000000000000by chance as it is to beCE8227D9AC87DD92and I don't believe that a good encryption system is supposed to become any more transparent when using a uniform-looking key as opposed to a random-looking key.
– thomasrutter
Mar 20 at 2:16
add a comment |
TL;DR
Hashing a Bad Password before sending it to some Server as Password is more time intensive, uncomfortable and less secure than a simple Password manager.
The Question seems to aim to misuse a Hashing Algorithm as a very simple Password Manager.
Use a real one or any real Password manager.
I will use your example to show why it will be a bad idea:
- You have the not so "entropy-rich" password 1111111111111
- it will have the hash 9DCBF642C78137F656BA7C24381AC25B
Now a Attacker get somehow a Database where the Passwords are in clear text (happend to often in the past). And why ever he will accidentally search there for hashes that have know plaintext (the not so "entropy-rich" password is one of it). Now he knows that the user with your username/email uses "1111111111111" and then MD5 it, as Password. What is then the benefit you have? One step more someone must take, but security wise there is no real difference.
Here the Difference what could happend in the Real World:
Your way:
ClearText -- MD5 --> HashedClearText -- sent to Server(HTTP(S))-->| |-- MD5/SHA*/... --> HashedHashedClearText
Normal Way:
ClearText -- sent to Server(HTTP(S)) -->| | -- MD5/SHA*/... --> HashedClearText
answered Mar 19 at 13:09
ServerfrogServerfrog
500617
The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems
– AXANO
Mar 19 at 13:22
avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well
– Serverfrog
Mar 19 at 13:24
you can be forced to decrypt "portable secure devices"
– AXANO
Mar 19 at 13:29
2
as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)
– Serverfrog
Mar 19 at 13:33
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f205680%2fhashing-password-to-increase-entropy%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
No, you don't increase entropy by hashing it once, or twice, or ten times. Consider entropy as it is seem from the input, not the output. You cannot add entropy using a deterministic process, as the entropy of the result does not count.
Even if you have some code like this:
$password = "123456";
$result = md5($password) . sha1($password) . hash('gost', $password);
echo $result; // e10adc3949ba59abbe56e057f20f
// 8941b84cdecc9c273927ff6d9cca1ae75945990a2cb1f
// 81e5daab52a987f6d788c372
And you end up with a scary looking 136-byte string, the password is still 123456, and any attacker bruteforcing your hashed password will have to try, on average, only once, as 123456 is the top worst password on almost every single list.
If a random password is hashed with md5 will the output provide a 128 bit entropy?
No, MD5 is deterministic, so if the attacker knows the string is a MD5 hash, the entropy of it is the entropy of the random password you supplied.
To make the password more secure, use a proper key derivation (PBKDF2 is a good one), ask the user for a longer password, and check if the user is following basic password rules (no chars repeated in a row, proper length, mixed digits and chars, mixed case, things like that).
answered Mar 19 at 13:35
ThoriumBRThoriumBR
24.5k85874
1
The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).
– Serverfrog
Mar 19 at 13:44
1
This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..
– Monty Harder
Mar 19 at 14:58
7
en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.
– ThoriumBR
Mar 19 at 15:03
4
"Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For exampleargon2(salt, password) . md5(salt, password)is as easy to brute force asmd5(salt, password).
– Future Security
Mar 19 at 22:43
3
@ThoriumBR A good reason to forbid a list of common passwords, as opposed to trying to use arbitrary rules that cover them. ;)
– jpmc26
Mar 19 at 22:56
|
show 10 more comments
No, you don't increase entropy by hashing it once, or twice, or ten times. Consider entropy as it is seem from the input, not the output. You cannot add entropy using a deterministic process, as the entropy of the result does not count.
Even if you have some code like this:
$password = "123456";
$result = md5($password) . sha1($password) . hash('gost', $password);
echo $result; // e10adc3949ba59abbe56e057f20f
// 8941b84cdecc9c273927ff6d9cca1ae75945990a2cb1f
// 81e5daab52a987f6d788c372
And you end up with a scary looking 136-byte string, the password is still 123456, and any attacker bruteforcing your hashed password will have to try, on average, only once, as 123456 is the top worst password on almost every single list.
If a random password is hashed with md5 will the output provide a 128 bit entropy?
No, MD5 is deterministic, so if the attacker knows the string is a MD5 hash, the entropy of it is the entropy of the random password you supplied.
To make the password more secure, use a proper key derivation (PBKDF2 is a good one), ask the user for a longer password, and check if the user is following basic password rules (no chars repeated in a row, proper length, mixed digits and chars, mixed case, things like that).
answered Mar 19 at 13:35
ThoriumBRThoriumBR
24.5k85874
1
The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).
– Serverfrog
Mar 19 at 13:44
1
This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..
– Monty Harder
Mar 19 at 14:58
7
en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.
– ThoriumBR
Mar 19 at 15:03
4
"Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For exampleargon2(salt, password) . md5(salt, password)is as easy to brute force asmd5(salt, password).
– Future Security
Mar 19 at 22:43
3
@ThoriumBR A good reason to forbid a list of common passwords, as opposed to trying to use arbitrary rules that cover them. ;)
– jpmc26
Mar 19 at 22:56
|
show 10 more comments
No, you don't increase entropy by hashing it once, or twice, or ten times. Consider entropy as it is seem from the input, not the output. You cannot add entropy using a deterministic process, as the entropy of the result does not count.
Even if you have some code like this:
$password = "123456";
$result = md5($password) . sha1($password) . hash('gost', $password);
echo $result; // e10adc3949ba59abbe56e057f20f
// 8941b84cdecc9c273927ff6d9cca1ae75945990a2cb1f
// 81e5daab52a987f6d788c372
And you end up with a scary looking 136-byte string, the password is still 123456, and any attacker bruteforcing your hashed password will have to try, on average, only once, as 123456 is the top worst password on almost every single list.
If a random password is hashed with md5 will the output provide a 128 bit entropy?
No, MD5 is deterministic, so if the attacker knows the string is a MD5 hash, the entropy of it is the entropy of the random password you supplied.
To make the password more secure, use a proper key derivation (PBKDF2 is a good one), ask the user for a longer password, and check if the user is following basic password rules (no chars repeated in a row, proper length, mixed digits and chars, mixed case, things like that).
answered Mar 19 at 13:35
ThoriumBRThoriumBR
24.5k85874
No, you don't increase entropy by hashing it once, or twice, or ten times. Consider entropy as it is seem from the input, not the output. You cannot add entropy using a deterministic process, as the entropy of the result does not count.
Even if you have some code like this:
$password = "123456";
$result = md5($password) . sha1($password) . hash('gost', $password);
echo $result; // e10adc3949ba59abbe56e057f20f
// 8941b84cdecc9c273927ff6d9cca1ae75945990a2cb1f
// 81e5daab52a987f6d788c372
And you end up with a scary looking 136-byte string, the password is still 123456, and any attacker bruteforcing your hashed password will have to try, on average, only once, as 123456 is the top worst password on almost every single list.
If a random password is hashed with md5 will the output provide a 128 bit entropy?
No, MD5 is deterministic, so if the attacker knows the string is a MD5 hash, the entropy of it is the entropy of the random password you supplied.
To make the password more secure, use a proper key derivation (PBKDF2 is a good one), ask the user for a longer password, and check if the user is following basic password rules (no chars repeated in a row, proper length, mixed digits and chars, mixed case, things like that).
answered Mar 19 at 13:35
ThoriumBRThoriumBR
24.5k85874
edited Mar 19 at 13:46
answered Mar 19 at 13:35
ThoriumBRThoriumBR
24.5k85874
answered Mar 19 at 13:35
ThoriumBRThoriumBR
24.5k85874
answered Mar 19 at 13:35
ThoriumBRThoriumBR
24.5k85874
24.5k85874
1
The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).
– Serverfrog
Mar 19 at 13:44
1
This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..
– Monty Harder
Mar 19 at 14:58
7
en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.
– ThoriumBR
Mar 19 at 15:03
4
"Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For exampleargon2(salt, password) . md5(salt, password)is as easy to brute force asmd5(salt, password).
– Future Security
Mar 19 at 22:43
3
@ThoriumBR A good reason to forbid a list of common passwords, as opposed to trying to use arbitrary rules that cover them. ;)
– jpmc26
Mar 19 at 22:56
|
show 10 more comments
1
The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).
– Serverfrog
Mar 19 at 13:44
1
This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..
– Monty Harder
Mar 19 at 14:58
7
en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.
– ThoriumBR
Mar 19 at 15:03
4
"Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For exampleargon2(salt, password) . md5(salt, password)is as easy to brute force asmd5(salt, password).
– Future Security
Mar 19 at 22:43
3
@ThoriumBR A good reason to forbid a list of common passwords, as opposed to trying to use arbitrary rules that cover them. ;)
– jpmc26
Mar 19 at 22:56
1
1
The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).
– Serverfrog
Mar 19 at 13:44
The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).
– Serverfrog
Mar 19 at 13:44
1
1
This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..
– Monty Harder
Mar 19 at 14:58
This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..
– Monty Harder
Mar 19 at 14:58
7
7
en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.
– ThoriumBR
Mar 19 at 15:03
en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.
– ThoriumBR
Mar 19 at 15:03
4
4
"Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For example
argon2(salt, password) . md5(salt, password) is as easy to brute force as md5(salt, password).– Future Security
Mar 19 at 22:43
"Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For example
argon2(salt, password) . md5(salt, password) is as easy to brute force as md5(salt, password).– Future Security
Mar 19 at 22:43
3
3
@ThoriumBR A good reason to forbid a list of common passwords, as opposed to trying to use arbitrary rules that cover them. ;)
– jpmc26
Mar 19 at 22:56
@ThoriumBR A good reason to forbid a list of common passwords, as opposed to trying to use arbitrary rules that cover them. ;)
– jpmc26
Mar 19 at 22:56
|
show 10 more comments
A key derivation function will not increase the entropy, but it does make things more secure. A KDF has the following functions:
- It creates a key of the correct length. Many encryption algorithms take a fixed size length, such as 16 bytes. By using a KDF you can use a password of any length.
- It distributes the entropy of the password over the whole key. Encryption algorithms are meant to work with random-looking keys. If you use
1000000000000000as key, this can introduce security issues in the encryption algorithm. A KDF scrambles the password into a random-looking key. - It takes time. To slow down brute-force attacks, key derivation can be made slow so that attempting many passwords takes an unreasonable amount of time.
answered Mar 19 at 8:18
SjoerdSjoerd
20.6k94865
1
Nice answer but it does not cover the part concerning hashing prior to password usage
– AXANO
Mar 19 at 8:21
Your second point doesn't seem like a pertinent security point to me - a hash is just as likely to end up as1000000000000000by chance as it is to beCE8227D9AC87DD92and I don't believe that a good encryption system is supposed to become any more transparent when using a uniform-looking key as opposed to a random-looking key.
– thomasrutter
Mar 20 at 2:16
add a comment |
A key derivation function will not increase the entropy, but it does make things more secure. A KDF has the following functions:
- It creates a key of the correct length. Many encryption algorithms take a fixed size length, such as 16 bytes. By using a KDF you can use a password of any length.
- It distributes the entropy of the password over the whole key. Encryption algorithms are meant to work with random-looking keys. If you use
1000000000000000as key, this can introduce security issues in the encryption algorithm. A KDF scrambles the password into a random-looking key. - It takes time. To slow down brute-force attacks, key derivation can be made slow so that attempting many passwords takes an unreasonable amount of time.
answered Mar 19 at 8:18
SjoerdSjoerd
20.6k94865
1
Nice answer but it does not cover the part concerning hashing prior to password usage
– AXANO
Mar 19 at 8:21
Your second point doesn't seem like a pertinent security point to me - a hash is just as likely to end up as1000000000000000by chance as it is to beCE8227D9AC87DD92and I don't believe that a good encryption system is supposed to become any more transparent when using a uniform-looking key as opposed to a random-looking key.
– thomasrutter
Mar 20 at 2:16
add a comment |
A key derivation function will not increase the entropy, but it does make things more secure. A KDF has the following functions:
- It creates a key of the correct length. Many encryption algorithms take a fixed size length, such as 16 bytes. By using a KDF you can use a password of any length.
- It distributes the entropy of the password over the whole key. Encryption algorithms are meant to work with random-looking keys. If you use
1000000000000000as key, this can introduce security issues in the encryption algorithm. A KDF scrambles the password into a random-looking key. - It takes time. To slow down brute-force attacks, key derivation can be made slow so that attempting many passwords takes an unreasonable amount of time.
answered Mar 19 at 8:18
SjoerdSjoerd
20.6k94865
A key derivation function will not increase the entropy, but it does make things more secure. A KDF has the following functions:
- It creates a key of the correct length. Many encryption algorithms take a fixed size length, such as 16 bytes. By using a KDF you can use a password of any length.
- It distributes the entropy of the password over the whole key. Encryption algorithms are meant to work with random-looking keys. If you use
1000000000000000as key, this can introduce security issues in the encryption algorithm. A KDF scrambles the password into a random-looking key. - It takes time. To slow down brute-force attacks, key derivation can be made slow so that attempting many passwords takes an unreasonable amount of time.
answered Mar 19 at 8:18
SjoerdSjoerd
20.6k94865
answered Mar 19 at 8:18
SjoerdSjoerd
20.6k94865
answered Mar 19 at 8:18
SjoerdSjoerd
20.6k94865
answered Mar 19 at 8:18
SjoerdSjoerd
20.6k94865
20.6k94865
1
Nice answer but it does not cover the part concerning hashing prior to password usage
– AXANO
Mar 19 at 8:21
Your second point doesn't seem like a pertinent security point to me - a hash is just as likely to end up as1000000000000000by chance as it is to beCE8227D9AC87DD92and I don't believe that a good encryption system is supposed to become any more transparent when using a uniform-looking key as opposed to a random-looking key.
– thomasrutter
Mar 20 at 2:16
add a comment |
1
Nice answer but it does not cover the part concerning hashing prior to password usage
– AXANO
Mar 19 at 8:21
Your second point doesn't seem like a pertinent security point to me - a hash is just as likely to end up as1000000000000000by chance as it is to beCE8227D9AC87DD92and I don't believe that a good encryption system is supposed to become any more transparent when using a uniform-looking key as opposed to a random-looking key.
– thomasrutter
Mar 20 at 2:16
1
1
Nice answer but it does not cover the part concerning hashing prior to password usage
– AXANO
Mar 19 at 8:21
Nice answer but it does not cover the part concerning hashing prior to password usage
– AXANO
Mar 19 at 8:21
Your second point doesn't seem like a pertinent security point to me - a hash is just as likely to end up as
1000000000000000 by chance as it is to be CE8227D9AC87DD92 and I don't believe that a good encryption system is supposed to become any more transparent when using a uniform-looking key as opposed to a random-looking key.– thomasrutter
Mar 20 at 2:16
Your second point doesn't seem like a pertinent security point to me - a hash is just as likely to end up as
1000000000000000 by chance as it is to be CE8227D9AC87DD92 and I don't believe that a good encryption system is supposed to become any more transparent when using a uniform-looking key as opposed to a random-looking key.– thomasrutter
Mar 20 at 2:16
add a comment |
TL;DR
Hashing a Bad Password before sending it to some Server as Password is more time intensive, uncomfortable and less secure than a simple Password manager.
The Question seems to aim to misuse a Hashing Algorithm as a very simple Password Manager.
Use a real one or any real Password manager.
I will use your example to show why it will be a bad idea:
- You have the not so "entropy-rich" password 1111111111111
- it will have the hash 9DCBF642C78137F656BA7C24381AC25B
Now a Attacker get somehow a Database where the Passwords are in clear text (happend to often in the past). And why ever he will accidentally search there for hashes that have know plaintext (the not so "entropy-rich" password is one of it). Now he knows that the user with your username/email uses "1111111111111" and then MD5 it, as Password. What is then the benefit you have? One step more someone must take, but security wise there is no real difference.
Here the Difference what could happend in the Real World:
Your way:
ClearText -- MD5 --> HashedClearText -- sent to Server(HTTP(S))-->| |-- MD5/SHA*/... --> HashedHashedClearText
Normal Way:
ClearText -- sent to Server(HTTP(S)) -->| | -- MD5/SHA*/... --> HashedClearText
answered Mar 19 at 13:09
ServerfrogServerfrog
500617
The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems
– AXANO
Mar 19 at 13:22
avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well
– Serverfrog
Mar 19 at 13:24
you can be forced to decrypt "portable secure devices"
– AXANO
Mar 19 at 13:29
2
as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)
– Serverfrog
Mar 19 at 13:33
add a comment |
TL;DR
Hashing a Bad Password before sending it to some Server as Password is more time intensive, uncomfortable and less secure than a simple Password manager.
The Question seems to aim to misuse a Hashing Algorithm as a very simple Password Manager.
Use a real one or any real Password manager.
I will use your example to show why it will be a bad idea:
- You have the not so "entropy-rich" password 1111111111111
- it will have the hash 9DCBF642C78137F656BA7C24381AC25B
Now a Attacker get somehow a Database where the Passwords are in clear text (happend to often in the past). And why ever he will accidentally search there for hashes that have know plaintext (the not so "entropy-rich" password is one of it). Now he knows that the user with your username/email uses "1111111111111" and then MD5 it, as Password. What is then the benefit you have? One step more someone must take, but security wise there is no real difference.
Here the Difference what could happend in the Real World:
Your way:
ClearText -- MD5 --> HashedClearText -- sent to Server(HTTP(S))-->| |-- MD5/SHA*/... --> HashedHashedClearText
Normal Way:
ClearText -- sent to Server(HTTP(S)) -->| | -- MD5/SHA*/... --> HashedClearText
answered Mar 19 at 13:09
ServerfrogServerfrog
500617
The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems
– AXANO
Mar 19 at 13:22
avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well
– Serverfrog
Mar 19 at 13:24
you can be forced to decrypt "portable secure devices"
– AXANO
Mar 19 at 13:29
2
as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)
– Serverfrog
Mar 19 at 13:33
add a comment |
TL;DR
Hashing a Bad Password before sending it to some Server as Password is more time intensive, uncomfortable and less secure than a simple Password manager.
The Question seems to aim to misuse a Hashing Algorithm as a very simple Password Manager.
Use a real one or any real Password manager.
I will use your example to show why it will be a bad idea:
- You have the not so "entropy-rich" password 1111111111111
- it will have the hash 9DCBF642C78137F656BA7C24381AC25B
Now a Attacker get somehow a Database where the Passwords are in clear text (happend to often in the past). And why ever he will accidentally search there for hashes that have know plaintext (the not so "entropy-rich" password is one of it). Now he knows that the user with your username/email uses "1111111111111" and then MD5 it, as Password. What is then the benefit you have? One step more someone must take, but security wise there is no real difference.
Here the Difference what could happend in the Real World:
Your way:
ClearText -- MD5 --> HashedClearText -- sent to Server(HTTP(S))-->| |-- MD5/SHA*/... --> HashedHashedClearText
Normal Way:
ClearText -- sent to Server(HTTP(S)) -->| | -- MD5/SHA*/... --> HashedClearText
answered Mar 19 at 13:09
ServerfrogServerfrog
500617
TL;DR
Hashing a Bad Password before sending it to some Server as Password is more time intensive, uncomfortable and less secure than a simple Password manager.
The Question seems to aim to misuse a Hashing Algorithm as a very simple Password Manager.
Use a real one or any real Password manager.
I will use your example to show why it will be a bad idea:
- You have the not so "entropy-rich" password 1111111111111
- it will have the hash 9DCBF642C78137F656BA7C24381AC25B
Now a Attacker get somehow a Database where the Passwords are in clear text (happend to often in the past). And why ever he will accidentally search there for hashes that have know plaintext (the not so "entropy-rich" password is one of it). Now he knows that the user with your username/email uses "1111111111111" and then MD5 it, as Password. What is then the benefit you have? One step more someone must take, but security wise there is no real difference.
Here the Difference what could happend in the Real World:
Your way:
ClearText -- MD5 --> HashedClearText -- sent to Server(HTTP(S))-->| |-- MD5/SHA*/... --> HashedHashedClearText
Normal Way:
ClearText -- sent to Server(HTTP(S)) -->| | -- MD5/SHA*/... --> HashedClearText
answered Mar 19 at 13:09
ServerfrogServerfrog
500617
answered Mar 19 at 13:09
ServerfrogServerfrog
500617
answered Mar 19 at 13:09
ServerfrogServerfrog
500617
answered Mar 19 at 13:09
ServerfrogServerfrog
500617
500617
The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems
– AXANO
Mar 19 at 13:22
avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well
– Serverfrog
Mar 19 at 13:24
you can be forced to decrypt "portable secure devices"
– AXANO
Mar 19 at 13:29
2
as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)
– Serverfrog
Mar 19 at 13:33
add a comment |
The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems
– AXANO
Mar 19 at 13:22
avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well
– Serverfrog
Mar 19 at 13:24
you can be forced to decrypt "portable secure devices"
– AXANO
Mar 19 at 13:29
2
as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)
– Serverfrog
Mar 19 at 13:33
The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems
– AXANO
Mar 19 at 13:22
The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems
– AXANO
Mar 19 at 13:22
avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well
– Serverfrog
Mar 19 at 13:24
avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well
– Serverfrog
Mar 19 at 13:24
you can be forced to decrypt "portable secure devices"
– AXANO
Mar 19 at 13:29
you can be forced to decrypt "portable secure devices"
– AXANO
Mar 19 at 13:29
2
2
as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)
– Serverfrog
Mar 19 at 13:33
as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)
– Serverfrog
Mar 19 at 13:33
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f205680%2fhashing-password-to-increase-entropy%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
For what do you want to use it in your application?
– Sjoerd
Mar 19 at 8:00
i edited my question with more information on the application of the password
– AXANO
Mar 19 at 8:04
Do you mean Client side password hashing?
– Sjoerd
Mar 19 at 8:23
10
"If a random password is hashed with md5 will the output provide a 128 bit entropy?" - if the passwords consists of 8 random upper-case characters there are at most 26^8 possibilities which is far from 2^128. Putting some hash behind this will not magically add entropy since a hash is deterministic.
– Steffen Ullrich
Mar 19 at 8:24
6
Again, a hash is a deterministic algorithm. At most you will loose entropy with this (for example when using MD5 on a password with 10000 characters) but never have entropy added.
– Steffen Ullrich
Mar 19 at 8:27