Comments on MXUnit Blog: "Look, Ma. No Password!" - Secure Hashing in ColdF...

Thanks Mark, The Crypto I wrote and the built-in ...

2010-10-26T22:41:24.662-04:00

Thanks Mark,

The Crypto I wrote and the built-in ColdFusion encryption functions "should" do the same things, for the most part. However, the built-in functions are black boxes in which you need to trust Adobe to implement it correctly *and* certify it according to standards. I didn't see any assurances in the docs; so, I felt more comfortable using Java to do the crypto stuff. (It was also a good exercise)

Additionally, I compared the hash() function in CF to one written by hand in Java, and (if I recall correctly) they computed comparable results.

http://github.com/virtix/cfcrypto/blob/master/Crypto.cfc

best,
bill

Very nice blog. Could you comment on the value o...

2010-10-26T17:17:03.820-04:00

Very nice blog.

Could you comment on the value of using your Crypto class vs. using GenerateSecretKey and Encrypt/Decrypt coldfusion encryption library functions to create the salt and hash.

Mark

Thanks, Jamie, especially for the SHA-512 correcti...

2010-06-01T17:42:24.243-04:00

Thanks, Jamie, especially for the SHA-512 correction.

bill

This is awesome, Bill--must read for any developer...

2010-06-01T13:20:58.282-04:00

This is awesome, Bill--must read for any developer not already aware of this important information. I bookmarked this a while back and just came back as I had a good use case for it.

I did need to correct one error in your Crypto.cfc: each instance of "SHA512" should be "SHA-512" to work as expected (missing hyphen).

Thanks!

Hi, Programming an application is different from p...

2010-03-12T12:28:39.026-05:00

Hi, Programming an application is different from programming with security in mind. Ordinary programmers mostly do not know today's computer security scenario in the world, and how simple it can take a hacker to break the security of the application in minutes. For more information on hacking and related subject go through the following site:http://www.eccouncil.org/certification/certified_ethical_hacker.aspx

Good links and points. Thanks! bill

2009-11-17T15:43:03.577-05:00

Good links and points. Thanks!

bill

http://en.wikipedia.org/wiki/Salt_%28cryptography%29

http://www.aspheute.com/english/20040105.asp

http://www.java2s.com/Tutorial/Java/0490__Security/Setpasswordsalt.htm

http://www.jasypt.org/howtoencryptuserpasswords.html

Also, it's important to understand that hashes should ultimately be made from bytes. Not simply strings. In fact, the ColdFusion's Hash function converts the input string to bytes during it's process.

You need to make hashes work the same everywhere. You can provide hashes so others can check integrity on their own. For example, hashing files.

http://en.wikipedia.org/wiki/Examples_of_SHA_digests

Maybe you could point me and other readers to the ...

2009-11-17T13:46:28.394-05:00

Maybe you could point me and other readers to the "normal" hashing algorithms to which you refer? I'll quickly correct a mistake, error, or omission, but a good citation would help with that rather than blindly agreeing with an anonymous comment, don't you agree?

bill

Why not do: <cffunction name="genSalt...

2009-11-17T13:35:04.936-05:00
Why not do:

<cffunction name="genSalt" access="public" returnType="string">
   <cfargument name="size" type="numeric" required="false" default="16" />
   <cfscript>
      var byteType = createObject('java', 'java.lang.Byte').TYPE;
      var bytes = createObject('java','java.lang.reflect.Array').newInstance( byteType , size);
      createObject('java', 'java.security.SecureRandom').nextBytes(bytes);
      return createObject("java", "java.lang.String").init(bytes);
   </cfscript>
</cffunction>

> Maybe I'm missing something, but I don...

2009-11-17T13:29:52.904-05:00
> Maybe I'm missing something, but I don't see the weirdness of generating a hash from two strings one of which is random and one that is not.

It's not about random v. not. It's about one string being Base64 and the other being literal.

> >Normal hash functions usually append literal string salt to the literal string password.
> "Normal" sounds too broad and general to be a valid point.

Normal is good.

What if you change programming languages?

Or want to allow other apps to test against the same hashes.

Your algorithm better be repeatable in other languages and implementations.

That's why you should do iterative hashes exactly the same as everyone else.

And concatenating a base64 data and string literal data is not normal.

@Anonymous 1 >It's weird ...Shouldn't ...

2009-11-16T16:20:51.482-05:00
@Anonymous 1

>It's weird ...Shouldn't both be in the same format?
Why? The computeHash() method accepts any salt you want to give it. Consider secure random salt recommendations as per
PKCS #5 v2.1: ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-5v2/pkcs5v2_1.pdf
Maybe I'm missing something, but I don't see the weirdness of generating a hash from two strings one of which is random and one that is not.

>Normal hash functions usually append literal string salt to the literal string password.
"Normal" sounds too broad and general to be a valid point.

>It seems that's the reason why there is the Encrypt and EncryptBinary functions.
Probably ... But in CF7 and in Standard Edition ColdFusion Licenses, you're limitted to 5 basic encryption algorithms. I felt more confident using a hand rolled and recommended method rather than relying on a black box implementation.

@Anonymous 2
That works and makes the string prior to the hashing more readable wahoo ... ;-)

Instead of: return toBase64(bytes); You co...

2009-11-16T15:23:26.019-05:00
Instead of:
return toBase64(bytes);

You could:
return createObject("java", "java.lang.String").init(bytes);

It's weird to append a base64 encoded string s...

2009-11-16T15:08:14.887-05:00
It's weird to append a base64 encoded string salt to a literal string password to do the hash.

Shouldn't both be in the same format?

Normal hash functions usually append literal string salt to the literal string password.

This is complex in ColdFusion, because it's not intuitive to get byte arrays into literal strings without encoding. That is, CharsetEncode changes the byte values, which is bad.

It seems that's the reason why there is the Encrypt and EncryptBinary functions.

Encrypt does what you did, including the iterations, but takes a byte array salt.

EncryptBinary does the same, but takes a byte array string and byte array salt.

La principal ventaja de adicionar una "sal&qu...

2009-09-14T15:53:59.736-04:00
La principal ventaja de adicionar una "sal" (provisto que la sal sea lo suficientemente gande y randómica) es obligar al atacante a generar una tabla arcoiris especializada para atacar tu base de datos y no usar una preconstruida.

Desde ese punto de vista, tener una sal "fija" para toda la base de datos es un acierto.

Esto no implica no adicionar otra segunda sal variable para cada registro, de forma que obliguemos al atacante a recostruir la tabla arcoiris por cada registro.

NOTA: No pensar que por este método uno le adicona ENTROPIA a la password, solo la preserva

One of the main advantages of adding a salt, (provided that the salt is not only random but large enough and unique) is to make an attacker to build a new rainbow table, and to force him to not use a pre constructed one.

Form that point of view to have a "fixed" salt for the whole data base is a good prectice.

This method does not implies we cannot add another second salt for each register, and to force the attacker to rebuild the rainbow table for each register.

NOTE: You cannot add "ENTROPY" to the password(s) what is a different concept.

Too Jai

Comentarios /Comments:
karlinga*(at) fastmail(dot) fm

There are interesting tools in Javascript also, to make hashes on the browser side also: see Paj Cripto Home page for more info
http://pajhome.org.uk/

So according to Peter, if the salt and the hashed ...

2009-09-10T09:53:13.513-04:00
So according to Peter, if the salt and the hashed password are stored in the same table, it's not really securing the password?

What's the best practice for using salt then?

Great post. One quick comment: If your salt isn&#...

2009-07-27T16:52:05.560-04:00
Great post. One quick comment:

If your salt isn't secret (e.g. you're gonna store it with the password in the same db that the same person steals at the same time), you get the benefits of salting using almost anything unique as a salt (that you need to rerun the dictionary attack against each password - not just against the whole db).

Because of that, if I'm not using a secret hash (stored in a separate db with a separate access mechanism on a separate server), I just use a simple derivation of the email/username as the salt. It means you only have to run one query to validate a user instead of two.

@john, good eye! you're absolutely correct abo...

2009-06-29T07:31:03.718-04:00
@john, good eye! you're absolutely correct about the rehash. thanks for pointing that out! i originally used a different implementation, and introduced that while refactoring. (note to self: find missing test). the gist is updated, so, the post will reflect the new code. i kept the salt in the rehash. any comments on whether that will make the hash stronger or not? --bill

Hi Billy, really interesting post. I was just loo...

2009-06-29T06:03:43.219-04:00
Hi Billy, really interesting post.
I was just looking at the computeHash method and the iterations don't seem to do anything. At the moment the code is:

var hashed = '';
hashed = hash( password & salt, arguments.algorithm, 'UTF-8' );
for (i = 1; i <= iterations; i++) {
hashed = hash( password & salt, arguments.algorithm, 'UTF-8' );
}
return hashed;

shouldn't that be:

var hashed = '';
hashed = hash( password & salt, arguments.algorithm, 'UTF-8' );
for (i = 1; i <= iterations; i++) {
hashed = hash( hashed, arguments.algorithm, 'UTF-8' );
}
return hashed;

Otherwise the loop is not re-hashing the string each time. I alos noticed that the "i" isn't var scoped :)

@henry, thanks. you know, generateSecretKey() was ...

2009-06-28T21:35:12.380-04:00
@henry, thanks. you know, generateSecretKey() was the first route i took; but, in the end, i felt more comfortable using SecureRandom (
http://java.sun.com/javase/6/docs/api/java/security/SecureRandom.html), simply because the API was more articulate with respect to standards than what's available for generateSecretKey(). i would assume, however, ColdFusion probably uses SecureRandom under the hood. Can anyone confirm? --bill

You may use GenerateSecretKey() to generate a salt...

2009-06-28T16:52:20.123-04:00
You may use GenerateSecretKey() to generate a salt.

http://www.cfquickdocs.com/cf8/#GenerateSecretKey

Comments on MXUnit Blog: "Look, Ma. No Password!" - Secure Hashing in ColdF...

Thanks Mark, The Crypto I wrote and the built-in ...

Very nice blog. Could you comment on the value o...

Thanks, Jamie, especially for the SHA-512 correcti...

This is awesome, Bill--must read for any developer...

Hi, Programming an application is different from p...

Good links and points. Thanks! bill

Maybe you could point me and other readers to the ...

Why not do: <cffunction name="genSalt...

> Maybe I'm missing something, but I don...

@Anonymous 1 >It's weird ...Shouldn't ...

Instead of: return toBase64(bytes); You co...

It's weird to append a base64 encoded string s...

La principal ventaja de adicionar una "sal&qu...

So according to Peter, if the salt and the hashed ...

Great post. One quick comment: If your salt isn&#...

@john, good eye! you're absolutely correct abo...

Hi Billy, really interesting post. I was just loo...

@henry, thanks. you know, generateSecretKey() was ...

You may use GenerateSecretKey() to generate a salt...