I'm a conservative guy. Cryptographic algorithms are very hard to get right, as there's all sorts of things that can go wrong when you implement them. Consequently, I prefer to use whatever is available in the .NET framework. That's because Microsoft have crypto-experts on staff, and they've also pioneered the SDL which means you should expect high quality implementations of their (security critical) software. So it's really a trust thing. At the time of writing, PBKDF2 is the only algorithm of the three mentioned that's readily available in the framework. You probably see where this is leading: bcrypt and scrypt are disqualified in my book. When it comes to cryptographic functions, stick with the framework! PBKDF2 is the best alternative for now.
Following the discussion on Twitter, @skradel shared a library where he had wrapped the built-in PBKDF2 as a HashAlgorithm. That way, PBKDF2 (through his wrapper) could easily be used by other parts of the framework, such as the SqlMembershipProvider. It really was an elegant solution. He blogged about it in: Strong Password Hashing for ASP.NET, you should check it out (@thorsheim was so delighted that he had to blog about it too :).
When you're dealing with PBKDF2, you'll see that it takes a couple of parameters. @skradel's already chosen some reasonable defaults in his implementation so it's all hidden and taken care of there. But if you were to implement this yourself and explain to someone how you chose those parameters, what then?
I couldn't find much guidance on the Internet so I started digging into the PBKDF2 standard to find out more.
PBKDF2 parameters
The PBKDF2 is backed by H-MAC-SHA-1 which is a keyed hash function (see HMAC). The supplied password is used as the key, while the salt is used as the input text, concatenated with a block identifier. The whole idea behind PBKDF2 is to introduce a drastic increase in the workload for a password cracker. In the default setup, H-MAC-SHA-1 is run a 1 000 times to generate the output for a password. This is a negligible workload when you're checking that a user entered the correct password. However, for an attacker running an offline attack with a password cracker that needs to try millions of passwords the extra workload really adds up and slows down the attack significantly.
Next, there are a couple of things to take into consideration when implementing PBKDF2 password.
- It requires a salt that's at least 64 bit (8 bytes)
- You can select a number of iterations (1 000 is the default)
- You must choose how many bytes to output
- You need to be sure you encode your passwords correctly (remember how not to hash?)
So, how long should the salt be? I have found almost no guidance on the length of the salt, except for a note on the Rainbow table article on Wikipedia. Considering that the salt's only job is to introduce uniqueness to the calculation and that it's not a secret, I cannot see why a 64-bit salt should not get the job done. Do note that the SqlMembershipProvider uses 128-bit salts, and that's also what's used in bcrypt. So you might just do like the big boys do and go with a 128-bit salt. What's more important is how you generate a salt. You should use a cryptographic RNG for that. I've included an example at the very end of the code samples that does exactly that.
You'll also need to decide on how many iterations to use for the calculation — and now we're getting to the core of the issue. The number of iterations dictate the workload, which is the whole point of using PBKDF2 to begin with. So the recommended setting is: "as high as possible." To maximize this you'll have to test how many iterations you can run before it would become a noticeable delay for the user and hence start to effect the user experience negatively. This of course depends on the hardware you're running so you'll probably need to do some benchmarking here.
Then there's how many bytes to output. The standard gives us some useful hints here:
Then there's how many bytes to output. The standard gives us some useful hints here:
Thus, even if a long derived key consisting of several pseudorandom function outputs is produced from a key, the effective search space for the derived key will be at most 160 bits. Although the specific limitation for other key sizes depends on details of the HMAC construction, one should assume, to be conservative, that the effective search space is limited to 160 bits for other key sizes as well.
There it is. You'd want the largest effective key space, nothing more, nothing less. That means that you should generate 160-bit (20 bytes) of output. Remember that the security is still bound by the randomness of the passwords used. Password entropy is often used as a term to describe the complexity involved in guessing a password. Have a look at that last link, and you'll see that to have the "guessability" of the passwords match the limits to PBKDF2's output (i.e. 160-bit password entropy), users would have to choose truly random passwords that where 27 characters long, assuming you accepted alphanumeric case sensitive passwords (a-z,A-Z,0-9). As you probably know, users tend to select passwords that are not very random and that are much shorter. So rest assured that it's the passwords that will be killing you here, not the security of PBKDF2.
Rounding of, I have to remind you to use a proper character encoding when translating the passwords to bytes that can be input to the PBKDF2 function (see the sample code). If you feel like giving the passwords' ASCII bytes to PBKDF2, go read How not to hash passwords in .NET instead. That's really important.
And remember also, PBKDF2 is NOT a silver bullet. The RFC puts it quite well:
Rounding of, I have to remind you to use a proper character encoding when translating the passwords to bytes that can be input to the PBKDF2 function (see the sample code). If you feel like giving the passwords' ASCII bytes to PBKDF2, go read How not to hash passwords in .NET instead. That's really important.
And remember also, PBKDF2 is NOT a silver bullet. The RFC puts it quite well:
Password-based cryptography is generally limited in the security that it can provide, particularly for methods [...] where off-line password search is possible. While the use of salt and iteration count can increase the complexity of attack [...], it is essential that passwords are selected well, and relevant guidelines [...] should be taken into account. It is also important that passwords be protected well if stored.So there. That was my advice on how to set up PBKDF2 when used to hash passwords. If you have anything to add to this please leave a comment. I'd appreciate that.
Appendix: A demonstrational PBKDF2 implementation.
To figure out how PBKDF2 actually works, I implemented it. Here's the source code, which maps rather directly to the steps outlined in the RFC. I wrote it for demonstrational purposes, so it's not optimized or anything. So I hope it's understandable.
Disclaimer: DON'T use this PBKDF2 implementation for anything other than demo purposes. As I demonstrated earlier in this post, PBKDF2 is available in the .NET framework, you should use that instead.
Disclaimer: DON'T use this PBKDF2 implementation for anything other than demo purposes. As I demonstrated earlier in this post, PBKDF2 is available in the .NET framework, you should use that instead.
using System; using System.Text; using System.Security.Cryptography; using System.IO; namespace PBKDF2Example { class PBKDF2_demo { static void Main(string[] args) { var enc = Encoding.GetEncoding(Encoding.UTF8.CodePage, new EncoderExceptionFallback(), new DecoderExceptionFallback()); var password = enc.GetBytes("passwordPASSWORDpassword"); var salt = enc.GetBytes("saltSALTsaltSALTsaltSALTsaltSALTsalt"); var iterations = 4096; var keylength = 25; var result = PBKDF2(password, salt, iterations, keylength); Console.WriteLine(BitConverter.ToString(result)); Console.ReadLine(); } static byte[] PBKDF2(byte[] password, byte[] salt, int iterations, int derivedKeyLength) { var hashLength = 0; using (var hmac = new HMACSHA1()) { hashLength = hmac.HashSize / 8; } //Our number of blocks var length = (int)Math.Ceiling( ((decimal)derivedKeyLength) / ((decimal)hashLength)); var derivedKey = new byte[derivedKeyLength]; using (var ms = new MemoryStream()) { for (int blockIndex = 1; blockIndex <= length; blockIndex++) { var block = CalculateBlock(password, salt, iterations, blockIndex); ms.Write(block, 0, block.Length); } ms.SetLength(derivedKeyLength); return ms.ToArray(); } } static byte[] CalculateBlock(byte[] password, byte[] salt, int iterations, int blockIndex) { var blockBytes = BitConverter.GetBytes(blockIndex); if (BitConverter.IsLittleEndian) Array.Reverse(blockBytes, 0, blockBytes.Length); byte[] u1; using (var hmac = new HMACSHA1(password)) { var firstInput = new byte[salt.Length + blockBytes.Length]; Array.Copy(salt, firstInput, salt.Length); Array.Copy(blockBytes, 0, firstInput, salt.Length, blockBytes.Length); u1 = hmac.ComputeHash(firstInput); } byte[] lastvalue = u1; byte[] newvalue; byte[] result = u1; for (int i = 1; i < iterations; i++) { using (var hmac = new HMACSHA1(password)) { newvalue = hmac.ComputeHash(lastvalue); for (int j = 0; j < newvalue.Length; j++) result[j] = (byte)(newvalue[j] ^ result[j]); lastvalue = newvalue; } } return result; } //Returns 128-bit salt static byte[] GetNewSalt() { var salt = new byte[16]; using (var rng = RNGCryptoServiceProvider.Create()) { rng.GetBytes(salt); return salt; } } } }
64-bits is fine for a salt value. The point of salts/uniqueness is to prevent an attacker from being able to simultaneously attack several hashes with the same salt. With random 64-bit salt values, there would have to about 5 billion hashes (slightly more than 2^32) on average before two would have the same salt value.
ReplyDeleteEscorts Goa prepare to play a game of seduction with girls during which there are high chances of you winning. We have the superfine call girl services in Goa gettable for your pleasure.
DeleteIf you need someone who may need the capacity to you getting amazing delight then it's only our Lucknow call girl service. Here you bought complete dose of adult entertainment and romance within the sort of sexy and strikingly beautiful escort Lucknow.
Great article. I just used something similar recently.
ReplyDeleteNice, if you would prefer to use HMACSHA256 or HMACSHA512 instead of the HMACSHA1 in the ageing PBKDF2 standard then I recommend taking a look at this open source API:
ReplyDeletehttps://sourceforge.net/projects/pwdtknet/
I must say, I'm impressed that you still managed to come up with a pretty workable way to incorporate a password out of the PBKDF2 standard; that would be helpful for programmers who still haven't worked out using the newer systems.
ReplyDelete20170518 leilei3915
ReplyDeleteyeezy boost
canada goose jackets
christian louboutin uk
polo outlet
kate spade handbags
longchamp outlet
coach outlet store online
fitflops sale
fred perry outlet
coach factory outlet
View this page to know how to track cell phone without installing spying application.
ReplyDelete20170929 leilei3915
ReplyDeletepolo ralph lauren outlet online
michael kors outlet online
kate spade outlet
yeezy boost
christian louboutin sale
mlb jerseys
polo shirts men
coach outlet
coach outlet store online
ralph lauren
Great article. I just used something similar recently.
ReplyDeletesbobet
maxbet
แทงบอลออนไลน์
ReplyDeleteتميزنا باننا الافضل دائما فى جميع خدمات نقل العفش
افضل شركة تنظيف منازل
تكلفة نقل العفش من جده الي الرياض
شحن عفش من جدة الى الاردن
دينا نقل عفش جدة
شحن عفش من الرياض لمصر
شركة تعقيم خزانات بجدة
_
The factor of salts/forte is to prevent an attacker from being able to concurrently assault numerous hashes with the same salt. The younger development business enterprise primarily based in Master Thesis Writing Service USA, owned and managed through Vicky who has a very good quantity of enjoying in facts technology, control, and other related fields.
ReplyDeleteThis is a really helpful article. It helped me gain more amount of knowledge. I must I have read a lot of articles on this topic but this one caters to my queries in the best way.
ReplyDeleteSql server dba online training
For those seeking Custom Nursing Essay Writing Service that are 100% original we have plagiarism software that the company utilizes to confirm the level of originality even when offering nursing case study writing services.
ReplyDeleteJust stumbled across your blog and was instantly amazed with all the useful information that is on it. Great post, just what i was looking for and i am looking forward to reading your other posts soon!
ReplyDeleteSoftware testing online training
Software testing certification training
Software testing online course
Software testing training course
just make it bit longer. harder to remember but more secure
ReplyDeletejohn | easybuilder.pro
ไม่อยากพลาดโอกาศดีๆต้องมาเล่นเกมยิงปลาได้เงินจริงที่นี่เท่านั้น
ReplyDeletehttps://www.slot1234.com/เกมยิงปลาออนไลน์
Where should password salt be stored?
ReplyDeleteURL: www.affordablelectricians.com.au/electrician-hawthorn.html
My Prepaid Centers is the only site that creates the best and the most useful card activation service which make you benefit from the activation in your card with just one minute challenge.You can easily fill out the basic information about your myprepaidcenter card and as soon you take a look again to the site your card will get activated.
ReplyDeleteA secure password is very important to us because through this we can secure our data and save from hackers and if we do not manage it, we can lose our data which can be stolen by hackers. So, always use strong password so that we can save our personal content. Coursework writing services.
ReplyDeleteyour blog are really helpful for all testers and beginners.this all provided knowledge are unique than other testing blog. Performance Testing Framework are lovely explain.keep updating,Thanks
ReplyDeleteSoftware Testing Training in Chennai | Software Testing Training in Anna Nagar | Software Testing Training in OMR | Software Testing Training in Porur | Software Testing Training in Tambaram | Software Testing Training in Velachery
By - downloading a new antibodies to any persevering, It helps that individual (Coach Outlet Clearance Sale) body's defense mechanisms deal with the problem since improve their potential for recovery. Since the plasma televisions meant for (Yeezy Boost 350 Cheap) hav 888 isn't likely to originated from electricity contributor, Takeda have the ability to initially build the treatment inside segregated house in just their particular manufacturing unit (Coach Outlet Online) in atlanta, With design output (Michael Kors Outlet Store) of it shouldn't adversely (Ray Ban New Wayfarer Polarized) consequences in order to Takeda its definitely produce several plasma display panels based strategies.Treatment (Cheap Yeezy Shoes Sale) options are perhaps considerable, Daily book marking medicinal (Ray Ban Outlet) drugs that a majority of thousand consequentlys of people (Cheap Yeezys For Sale) who have scarce problematic health problems depend on normal almost, Pointed out medical professional. Chelsea Morabito, Takeda
ReplyDeleteThanks for wonderful posting. Getmyoffer capital one
ReplyDeleteMyPrepaidCenter
ReplyDeleteAfter getting logged in, a user gets other details as well of their debit or credit cards. First, important thing is to create a profile at the myprepaidcenter.com.
iflyswaguide
ReplyDeleteIflyswa is a web portal for ticket booking created by the southwest airline. It’s the easiest way to book a flight or check the flight detail in one place.
getmyoffer
ReplyDeleteThe Capital One Venture One credit card is among one of the top travel rewards credit cards. They provide unlimited miles, there’s no annual fee, and your miles are excellent for some flights, any airlines, any hotels, & any rental cars with no blackouts. There’s no limit to how many miles you can get and you don’t have to be concerned about the miles expiring.
Password has great importance for our security and it is our duty to generate strong password, so that we can save our data from hackers. Dissertation writing services.
ReplyDeleteuse their library to implement Secure Password Hashing for ASP.
ReplyDeletehttps://www.affordablelectricians.com.au/electrician-hawthorn.html
This is a really helpful article. It helped me gain more amount of knowledge.
ReplyDeletecontested divorce singapore
uncontested divorce singapore
top divorce lawyer singapore
divorce in singapore
child custody singapore
Aivivu vé máy bay giá rẻ
ReplyDeletevé máy bay tết 2021 Vietnam Airline
vé máy bay đi Mỹ hạng thương gia
vé máy bay đi Pháp giá rẻ
kinh nghiệm mua vé máy bay đi hàn quốc
thời gian bay từ việt nam sang nhật
giá vé máy bay đi Anh
Finally find the info someone asked the other day about Natalie Portman on Idol Worth I was looking for it all over the web and luckily found it!
ReplyDeleteMicrosoft.AspNetCore.Cryptography.KeyDerivation which contains cryptographic key derivation functions. This package is a standalone component and has no dependencies on the rest of the data protection system. It can be used completely independently. The source exists alongside the data protection code base as a convenience.
ReplyDeleteURL: https://www.affordablelectricians.com.au/electrician-hawthorn.html
https://getmyofferguide.com/getmyoffer-capitalone-com/
ReplyDeleteVery good article hostitbro
ReplyDeleteAivivu đại lý chuyên vé máy bay, tham khảo
ReplyDeletekinh nghiệm mua vé máy bay đi Mỹ giá rẻ
vé máy bay từ houston về việt nam
các chuyến bay từ nhật về việt nam
thông tin chuyến bay từ canada về việt nam
skycut plotter india
experts
mobileskinsoftware
silhouette cameo 4
mobileskinsoftware
ambition gifts
top sublimation
wemaketrips
If you're a web developer, you've probably had to make a user account system. The most important aspect of a user account system is how user passwords are protected. User account databases are hacked frequently, so you absolutely must do something to protect your users' passwords if your website is ever breached. The best way to protect passwords is to employ salted password hashing. This page will explain why it's done the way it is.
ReplyDeleteURL: divorceattorneyfederalway.com/
How to Fix printer in error state hp ? Fix HP Printer Error State and HP Printer is in an Error State Mac
ReplyDeleteYour website is awesome having quality article with great knowledge.
ReplyDeletehappy diwali wishes 2021
happy diwali 2021 quotes
happy diwali 2021 wallpapers
Happy New Year 2022 Pictures
Happy New Year 2022 Images
ASP.NET is a developer platform made up of tools, programming languages, and libraries for building many types of applications. Many developers use it for making money, and they enjoy a bright future. Dissertation writing service.
ReplyDeleteBut against a higher ts911 bet standard of opposition on Saturday, he looked off the pace.
ReplyDeleteinstead of lose, to TS911 Online potentially overtake them.
ReplyDeleteIf Barcelona beat Levante on เว็บตรงTS911 Tuesday, they will go top. Should Atletico then draw with Real Sociedad on Wednesday,
ReplyDeleteHi there i amm kavin, its my first occasion to commenting anywhere,
ReplyDeletewhen i read this paragraph i thought i could also
create comment due to this sensible post.
here's my website :: 오피 (jk)
Good Article bro
ReplyDeleteGreat Article Sir
ReplyDeleteBro this very nice article
ReplyDeleteBest Laptops Under 50000
ReplyDeleteBest Front Load Washing Machines
Best Processor For Gaming
ReplyDeleteThank you for posting such a great article. Keep it up mate.
ReplyDeletePractically App | Practically App Download | Practically App for PC
We base our services on complete customer satisfaction for your family or business profile. Our employees have impeccable mental and physical readiness to continually execute the highest expertise level demonstrating protection to the highest industry standards.private security Our experts have passed very rigorous security and verification clearances.
ReplyDeleteIt's a really cool blog. The information provided is very useful. You have really helped a lot of people who visit the blog and given them useful content.
ReplyDeleteCyber Security Course in Bangalore
Click here for the best Drugs or Depreission treatment
ReplyDeletehow long does meth amph stay in your system
damaged veins from iv drug use
withdrawal from soma nj
klonopin detox at home
ambien addiction emergency room
texas rehab
NLP Practitioner
ReplyDeleteNLP Certification
Very informative Blog! There is so much information here that can help thank you for sharing.
ReplyDeleteData Science Training in Chandigarh
This comment has been removed by the author.
ReplyDeleteสมัครPG เพื่อให้เล่นเกมใหม่ๆได้ก่อนใคร ทำรายการได้ง่ายๆผ่านเว็บไซต์ pgslotgames พร้อมให้คุณได้ทำการเล่นมากมาย หลากหลาย ไม่ว่าจะเป็นสล็อตออนไลน์ คาสิโนออนไลน์ อาเขต มากกว่า 300 เกม เล่นได้อย่างเร้าใจ
ReplyDeleteเพียงเล่นกับเว็บไซต์ของเรา ก็สามารถรับสิทธิพิเศษมากมาย ไม่ว่าจะเป็นโปรโมชั่น สมัครสมาชิก แนะนำเพื่อน ฝากทั้งวัน และคืนยอดเสีย เล่นได้มากมายกว่า 300 เกม ทั้งกราฟฟิกที่น่าสนใจ เสียงสุดตระการตา PG SLOT AUTO เล่นได้ทันทีตลอด 24 ชั่วโมง
ReplyDeletemega game เว็ปสล็อตออนไลน์ทำเงินที่มีวิดิโอสล็อตมาเปิดให้บริการทุกท่าน วิดิโอสล็อตทำเงิน โบนัสเงินรางวัลแตกง่าย จ่ายไว ไม่มีเงื่อนไขในการเข้าทำเงินอย่างแน่นอน สามารถเข้าทำเงินได้ตลอด 24 ชั่วโมง.
ReplyDeleteมันมาแล้ว เกมสล็อตสาธิตใหม่ได้รับการยอมรับจากนักพนันทุกคน ค่ายเกมยักษ์ใหญ่อย่าง PG Slot 168 ซึ่งจะทำให้ได้ ทดลองเล่นสล็อต pgslot168game ให้นักพนันออนไลน์ทุกท่านได้สัมผัสกับเกมสล็อตใหม่พร้อมเกมใหม่มากมายให้เล่นได้ด้วยแบบเต็มอิ่มและมาพร้อมภาพกราฟิกที่แสนจะสวยงาม
ReplyDeletemscwin รวมความบันเทิง ไว้ทุกรูปแบบ ที่ pgslot เว็บไซต์สล็อตของพวกเราการพัฒนาระบบนั้นพาไปสู่ความนำสมัยที่เดี๋ยวนี้นั้นท่านไม่สามารถที่จะหาได้จากที่ไหนอีกแล้ว ตรงนี้ mscwin ที่เดียวในโลก
ReplyDeleteI'm ceaselessly filtering on the web for posts that will help me. An exorbitant measure of is clearly to look into this. I acknowledge you made extraordinary quality things in Functions as well. Keep on working, good job! https://www.bookmarkingtraffic.win/tiktok-advertising-cost
ReplyDeleteI value the work for sharing and presenting this data on your site for us to profit from this. Much thanks! click to read
ReplyDeleteGreat post! really knowledgeable! https://www.evernote.com/shard/s470/sh/81d6551d-83f3-f18e-5d6f-e951182cca37/8dd3728706480f8a56a872dde43abf5a
ReplyDeleteThis type of article that enlighted me all throughout and thanks for this.This going to be excitement and have fun to read. thank to it. check this out to for further exciting. https://diigo.com/0pvx4f
ReplyDeleteđại lý vé China Airlines
ReplyDeletephí đổi vé máy bay Japan Airlines quốc tế
mua thêm hành lý của Eva Air
Home Renovation Contractors In Chennai
ReplyDeleteHistogram Photography offers expert wedding photography services in Chennai, serving Kodambakkam, West Mambalam, Ashok Nagar, T Nagar, KK Nagar, Saidapet, Teynampet, and Alwarpet. They combine contemporary beauty with history to capture timeless love and tradition, producing visual art that captures the warmth and joy of your wedding.
ReplyDeleteVery informative Blog! Are you looking for the top wedding photographers or wedding photography in Trichy? At Trichydolphinphotography, our wedding photographers are pros at capturing the unique moments that our couples share on their special day.
ReplyDeleteDental merchant processing services help dental practices simplify their payment processes, reduce administrative burdens, and enhance the overall patient experience. With specialized features like recurring payment options, online payment portals, and integrated billing systems, dental offices can improve cash flow, reduce payment errors, and increase patient satisfaction.
ReplyDeleteBy leveraging Dental merchant processing services, dental practices can focus on providing quality care to their patients while leaving the payment processing tasks to experts in the field.
Great Blog
ReplyDeleteWelcome to assignmenthelper.my, your go-to assignment helper in Malaysia. We provide comprehensive academic support for students, ensuring top-quality assignments that meet your requirements. Our professional writers are experts in various fields, ready to assist you in achieving your academic goals. Explore our website to find out how we can help you excel in your studies with reliable and affordable assignment assistance.
Such an awesome post. Keep us updated! heat pump hot water heater denver co
ReplyDeleteYou have a good content! Thanks for sharing | Longview Concrete Pros concrete driveway
ReplyDeleteGreat job for publishing such a nice article. Its useful for us. Thanks a lot
ReplyDeleteSay, you got a nice article. Really looking forward to read more. Cool.
ReplyDeleteThanks for a marvelous posting! Sure to bookmark this blog. have a nice day!
ReplyDeleteThank you for this excellent read!! I definitely loved every little bit of it.
ReplyDelete"Towards More Secure Password Hashing" refers to the process of transforming plaintext passwords into a fixed-length string (a hash) using cryptographic methods. The goal is to ensure that passwords are unreadable even in case of database compromise. However, weak hashing algorithms like MD5 and SHA1 are often considered unsafe.As your legal counsel, I strongly advise reviewing all documentation thoroughly before proceeding.
ReplyDeleteIt’s crucial to ensure compliance with applicable laws to avoid potential liabilities.semi truck accident attorneys