Hashing password to increase entropyClient side password hashingHashing length for storing passwordMD5 collision attacks: are they relevant in password hashing?Hashing a key: less entropy than the key itselfDoes it make sense to choose a longer password than the output of a hash?comparing password hashing algorithms - PoC ideas?Do you need more than 128-bit entropy?Is there a threshold of bits of entropy below which hashing becomes meaningless?Convert SHA-256 to SHA-1 and MD5 - Increase bit length/entropy?How do user get access to login when passwords are stored in MD5?Are passwords longer than 128 bits useless if hashed with MD5?
Calculate Pi using Monte Carlo
Would this string work as string?
Connection Between Knot Theory and Number Theory
How to get directions in deep space?
How do I lift the insulation blower into the attic?
PTIJ: Which Dr. Seuss books should one obtain?
Do native speakers use "ultima" and "proxima" frequently in spoken English?
Not hide and seek
How do you justify more code being written by following clean code practices?
New Order #2: Turn My Way
Why is "la Gestapo" feminine?
Why does the frost depth increase when the surface temperature warms up?
A seasonal riddle
Pre-Employment Background Check With Consent For Future Checks
Checking @@ROWCOUNT failing
What (if any) is the reason to buy in small local stores?
Magnifying glass in hyperbolic space
Derivative of an interpolated function
Make a Bowl of Alphabet Soup
Taking my research idea outside my paid job
python displays `n` instead of breaking a line
If the Dominion rule using their Jem'Hadar troops, why is their life expectancy so low?
Asserting that Atheism and Theism are both faith based positions
I keep switching characters, how do I stop?
Hashing password to increase entropy
Client side password hashingHashing length for storing passwordMD5 collision attacks: are they relevant in password hashing?Hashing a key: less entropy than the key itselfDoes it make sense to choose a longer password than the output of a hash?comparing password hashing algorithms - PoC ideas?Do you need more than 128-bit entropy?Is there a threshold of bits of entropy below which hashing becomes meaningless?Convert SHA-256 to SHA-1 and MD5 - Increase bit length/entropy?How do user get access to login when passwords are stored in MD5?Are passwords longer than 128 bits useless if hashed with MD5?
Is it secure to hash a password before using it in an application to increase password entropy?
Does this practice increase entropy when a PBKDF is used in the application itself or does the PBKDF itself increase the password entropy?
If a random password is hashed with md5 will the output provide a 128 bit entropy?
EDIT: It is meant to use the result of the hash function as a password for cryptographic functions and applications like AES-256, email and access to computer systems.
The procedure used will be password -> hash of password -> application
EDIT 2: E.g if an email application requests a password during registration, the intended password will be hashed locally before being provided to it.
passwords hash entropy
asked 15 hours ago
AXANOAXANO
603419
|
show 11 more comments
Is it secure to hash a password before using it in an application to increase password entropy?
Does this practice increase entropy when a PBKDF is used in the application itself or does the PBKDF itself increase the password entropy?
If a random password is hashed with md5 will the output provide a 128 bit entropy?
EDIT: It is meant to use the result of the hash function as a password for cryptographic functions and applications like AES-256, email and access to computer systems.
The procedure used will be password -> hash of password -> application
EDIT 2: E.g if an email application requests a password during registration, the intended password will be hashed locally before being provided to it.
passwords hash entropy
asked 15 hours ago
AXANOAXANO
603419
For what do you want to use it in your application?
– Sjoerd
15 hours ago
i edited my question with more information on the application of the password
– AXANO
15 hours ago
Do you mean Client side password hashing?
– Sjoerd
15 hours ago
5
"If a random password is hashed with md5 will the output provide a 128 bit entropy?" - if the passwords consists of 8 random upper-case characters there are at most 26^8 possibilities which is far from 2^128. Putting some hash behind this will not magically add entropy since a hash is deterministic.
– Steffen Ullrich
15 hours ago
1
Again, a hash is a deterministic algorithm. At most you will loose entropy with this (for example when using MD5 on a password with 10000 characters) but never have entropy added.
– Steffen Ullrich
15 hours ago
|
show 11 more comments
Is it secure to hash a password before using it in an application to increase password entropy?
Does this practice increase entropy when a PBKDF is used in the application itself or does the PBKDF itself increase the password entropy?
If a random password is hashed with md5 will the output provide a 128 bit entropy?
EDIT: It is meant to use the result of the hash function as a password for cryptographic functions and applications like AES-256, email and access to computer systems.
The procedure used will be password -> hash of password -> application
EDIT 2: E.g if an email application requests a password during registration, the intended password will be hashed locally before being provided to it.
passwords hash entropy
asked 15 hours ago
AXANOAXANO
603419
Is it secure to hash a password before using it in an application to increase password entropy?
Does this practice increase entropy when a PBKDF is used in the application itself or does the PBKDF itself increase the password entropy?
If a random password is hashed with md5 will the output provide a 128 bit entropy?
EDIT: It is meant to use the result of the hash function as a password for cryptographic functions and applications like AES-256, email and access to computer systems.
The procedure used will be password -> hash of password -> application
EDIT 2: E.g if an email application requests a password during registration, the intended password will be hashed locally before being provided to it.
passwords hash entropy
passwords hash entropy
asked 15 hours ago
AXANOAXANO
603419
asked 15 hours ago
AXANOAXANO
603419
edited 14 hours ago
AXANO
asked 15 hours ago
AXANOAXANO
603419
asked 15 hours ago
AXANOAXANO
603419
asked 15 hours ago
AXANOAXANO
603419
603419
For what do you want to use it in your application?
– Sjoerd
15 hours ago
i edited my question with more information on the application of the password
– AXANO
15 hours ago
Do you mean Client side password hashing?
– Sjoerd
15 hours ago
5
"If a random password is hashed with md5 will the output provide a 128 bit entropy?" - if the passwords consists of 8 random upper-case characters there are at most 26^8 possibilities which is far from 2^128. Putting some hash behind this will not magically add entropy since a hash is deterministic.
– Steffen Ullrich
15 hours ago
1
Again, a hash is a deterministic algorithm. At most you will loose entropy with this (for example when using MD5 on a password with 10000 characters) but never have entropy added.
– Steffen Ullrich
15 hours ago
|
show 11 more comments
For what do you want to use it in your application?
– Sjoerd
15 hours ago
i edited my question with more information on the application of the password
– AXANO
15 hours ago
Do you mean Client side password hashing?
– Sjoerd
15 hours ago
5
"If a random password is hashed with md5 will the output provide a 128 bit entropy?" - if the passwords consists of 8 random upper-case characters there are at most 26^8 possibilities which is far from 2^128. Putting some hash behind this will not magically add entropy since a hash is deterministic.
– Steffen Ullrich
15 hours ago
1
Again, a hash is a deterministic algorithm. At most you will loose entropy with this (for example when using MD5 on a password with 10000 characters) but never have entropy added.
– Steffen Ullrich
15 hours ago
For what do you want to use it in your application?
– Sjoerd
15 hours ago
For what do you want to use it in your application?
– Sjoerd
15 hours ago
i edited my question with more information on the application of the password
– AXANO
15 hours ago
i edited my question with more information on the application of the password
– AXANO
15 hours ago
Do you mean Client side password hashing?
– Sjoerd
15 hours ago
Do you mean Client side password hashing?
– Sjoerd
15 hours ago
5
5
"If a random password is hashed with md5 will the output provide a 128 bit entropy?" - if the passwords consists of 8 random upper-case characters there are at most 26^8 possibilities which is far from 2^128. Putting some hash behind this will not magically add entropy since a hash is deterministic.
– Steffen Ullrich
15 hours ago
"If a random password is hashed with md5 will the output provide a 128 bit entropy?" - if the passwords consists of 8 random upper-case characters there are at most 26^8 possibilities which is far from 2^128. Putting some hash behind this will not magically add entropy since a hash is deterministic.
– Steffen Ullrich
15 hours ago
1
1
Again, a hash is a deterministic algorithm. At most you will loose entropy with this (for example when using MD5 on a password with 10000 characters) but never have entropy added.
– Steffen Ullrich
15 hours ago
Again, a hash is a deterministic algorithm. At most you will loose entropy with this (for example when using MD5 on a password with 10000 characters) but never have entropy added.
– Steffen Ullrich
15 hours ago
|
show 11 more comments
3 Answers
3
active
oldest
votes
No, you don't increase entropy by hashing it once, or twice, or ten times. Consider entropy as it is seem from the input, not the output. You cannot add entropy using a deterministic process, as the entropy of the result does not count.
Even if you have some code like this:
$password = "123456";
$result = md5($password) . sha1($password) . hash('gost', $password);
echo $result; // e10adc3949ba59abbe56e057f20f
// 8941b84cdecc9c273927ff6d9cca1ae75945990a2cb1f
// 81e5daab52a987f6d788c372
And you end up with a scary looking 136-byte string, the password is still 123456, and any attacker bruteforcing your hashed password will have to try, on average, only once, as 123456 is the top worst password on almost every single list.
If a random password is hashed with md5 will the output provide a 128 bit entropy?
No, MD5 is deterministic, so if the attacker knows the string is a MD5 hash, the entropy of it is the entropy of the random password you supplied.
To make the password more secure, use a proper key derivation (PBKDF2 is a good one), ask the user for a longer password, and check if the user is following basic password rules (no chars repeated in a row, proper length, mixed digits and chars, mixed case, things like that).
answered 9 hours ago
ThoriumBRThoriumBR
23.5k75571
1
The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).
– Serverfrog
9 hours ago
1
This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..
– Monty Harder
8 hours ago
4
en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.
– ThoriumBR
8 hours ago
Doesn't a hash actually reduce entropy, since there can be collisions?
– Barmar
4 hours ago
1
"Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For exampleargon2(salt, password) . md5(salt, password)is as easy to brute force asmd5(salt, password).
– Future Security
50 mins ago
|
show 9 more comments
A key derivation function will not increase the entropy, but it does make things more secure. A KDF has the following functions:
- It creates a key of the correct length. Many encryption algorithms take a fixed size length, such as 16 bytes. By using a KDF you can use a password of any length.
- It distributes the entropy of the password over the whole key. Encryption algorithms are meant to work with random-looking keys. If you use
1000000000000000as key, this can introduce security issues in the encryption algorithm. A KDF scrambles the password into a random-looking key. - It takes time. To slow down brute-force attacks, key derivation can be made slow so that attempting many passwords takes an unreasonable amount of time.
answered 15 hours ago
SjoerdSjoerd
20.3k94865
1
Nice answer but it does not cover the part concerning hashing prior to password usage
– AXANO
15 hours ago
add a comment |
TL;DR
Hashing a Bad Password before sending it to some Server as Password is more time intensive, uncomfortable and less secure than a simple Password manager.
The Question seems to aim to misuse a Hashing Algorithm as a very simple Password Manager.
Use a real one or any real Password manager.
I will use your example to show why it will be a bad idea:
- You have the not so "entropy-rich" password 1111111111111
- it will have the hash 9DCBF642C78137F656BA7C24381AC25B
Now a Attacker get somehow a Database where the Passwords are in clear text (happend to often in the past). And why ever he will accidentally search there for hashes that have know plaintext (the not so "entropy-rich" password is one of it). Now he knows that the user with your username/email uses "1111111111111" and then MD5 it, as Password. What is then the benefit you have? One step more someone must take, but security wise there is no real difference.
Here the Difference what could happend in the Real World:
Your way:
ClearText -- MD5 --> HashedClearText -- sent to Server(HTTP(S))-->| |-- MD5/SHA*/... --> HashedHashedClearText
Normal Way:
ClearText -- sent to Server(HTTP(S)) -->| | -- MD5/SHA*/... --> HashedClearText
answered 10 hours ago
ServerfrogServerfrog
485617
The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems
– AXANO
10 hours ago
avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well
– Serverfrog
10 hours ago
you can be forced to decrypt "portable secure devices"
– AXANO
10 hours ago
1
as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)
– Serverfrog
10 hours ago
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f205680%2fhashing-password-to-increase-entropy%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
No, you don't increase entropy by hashing it once, or twice, or ten times. Consider entropy as it is seem from the input, not the output. You cannot add entropy using a deterministic process, as the entropy of the result does not count.
Even if you have some code like this:
$password = "123456";
$result = md5($password) . sha1($password) . hash('gost', $password);
echo $result; // e10adc3949ba59abbe56e057f20f
// 8941b84cdecc9c273927ff6d9cca1ae75945990a2cb1f
// 81e5daab52a987f6d788c372
And you end up with a scary looking 136-byte string, the password is still 123456, and any attacker bruteforcing your hashed password will have to try, on average, only once, as 123456 is the top worst password on almost every single list.
If a random password is hashed with md5 will the output provide a 128 bit entropy?
No, MD5 is deterministic, so if the attacker knows the string is a MD5 hash, the entropy of it is the entropy of the random password you supplied.
To make the password more secure, use a proper key derivation (PBKDF2 is a good one), ask the user for a longer password, and check if the user is following basic password rules (no chars repeated in a row, proper length, mixed digits and chars, mixed case, things like that).
answered 9 hours ago
ThoriumBRThoriumBR
23.5k75571
1
The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).
– Serverfrog
9 hours ago
1
This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..
– Monty Harder
8 hours ago
4
en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.
– ThoriumBR
8 hours ago
Doesn't a hash actually reduce entropy, since there can be collisions?
– Barmar
4 hours ago
1
"Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For exampleargon2(salt, password) . md5(salt, password)is as easy to brute force asmd5(salt, password).
– Future Security
50 mins ago
|
show 9 more comments
No, you don't increase entropy by hashing it once, or twice, or ten times. Consider entropy as it is seem from the input, not the output. You cannot add entropy using a deterministic process, as the entropy of the result does not count.
Even if you have some code like this:
$password = "123456";
$result = md5($password) . sha1($password) . hash('gost', $password);
echo $result; // e10adc3949ba59abbe56e057f20f
// 8941b84cdecc9c273927ff6d9cca1ae75945990a2cb1f
// 81e5daab52a987f6d788c372
And you end up with a scary looking 136-byte string, the password is still 123456, and any attacker bruteforcing your hashed password will have to try, on average, only once, as 123456 is the top worst password on almost every single list.
If a random password is hashed with md5 will the output provide a 128 bit entropy?
No, MD5 is deterministic, so if the attacker knows the string is a MD5 hash, the entropy of it is the entropy of the random password you supplied.
To make the password more secure, use a proper key derivation (PBKDF2 is a good one), ask the user for a longer password, and check if the user is following basic password rules (no chars repeated in a row, proper length, mixed digits and chars, mixed case, things like that).
answered 9 hours ago
ThoriumBRThoriumBR
23.5k75571
1
The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).
– Serverfrog
9 hours ago
1
This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..
– Monty Harder
8 hours ago
4
en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.
– ThoriumBR
8 hours ago
Doesn't a hash actually reduce entropy, since there can be collisions?
– Barmar
4 hours ago
1
"Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For exampleargon2(salt, password) . md5(salt, password)is as easy to brute force asmd5(salt, password).
– Future Security
50 mins ago
|
show 9 more comments
No, you don't increase entropy by hashing it once, or twice, or ten times. Consider entropy as it is seem from the input, not the output. You cannot add entropy using a deterministic process, as the entropy of the result does not count.
Even if you have some code like this:
$password = "123456";
$result = md5($password) . sha1($password) . hash('gost', $password);
echo $result; // e10adc3949ba59abbe56e057f20f
// 8941b84cdecc9c273927ff6d9cca1ae75945990a2cb1f
// 81e5daab52a987f6d788c372
And you end up with a scary looking 136-byte string, the password is still 123456, and any attacker bruteforcing your hashed password will have to try, on average, only once, as 123456 is the top worst password on almost every single list.
If a random password is hashed with md5 will the output provide a 128 bit entropy?
No, MD5 is deterministic, so if the attacker knows the string is a MD5 hash, the entropy of it is the entropy of the random password you supplied.
To make the password more secure, use a proper key derivation (PBKDF2 is a good one), ask the user for a longer password, and check if the user is following basic password rules (no chars repeated in a row, proper length, mixed digits and chars, mixed case, things like that).
answered 9 hours ago
ThoriumBRThoriumBR
23.5k75571
No, you don't increase entropy by hashing it once, or twice, or ten times. Consider entropy as it is seem from the input, not the output. You cannot add entropy using a deterministic process, as the entropy of the result does not count.
Even if you have some code like this:
$password = "123456";
$result = md5($password) . sha1($password) . hash('gost', $password);
echo $result; // e10adc3949ba59abbe56e057f20f
// 8941b84cdecc9c273927ff6d9cca1ae75945990a2cb1f
// 81e5daab52a987f6d788c372
And you end up with a scary looking 136-byte string, the password is still 123456, and any attacker bruteforcing your hashed password will have to try, on average, only once, as 123456 is the top worst password on almost every single list.
If a random password is hashed with md5 will the output provide a 128 bit entropy?
No, MD5 is deterministic, so if the attacker knows the string is a MD5 hash, the entropy of it is the entropy of the random password you supplied.
To make the password more secure, use a proper key derivation (PBKDF2 is a good one), ask the user for a longer password, and check if the user is following basic password rules (no chars repeated in a row, proper length, mixed digits and chars, mixed case, things like that).
answered 9 hours ago
ThoriumBRThoriumBR
23.5k75571
edited 9 hours ago
answered 9 hours ago
ThoriumBRThoriumBR
23.5k75571
answered 9 hours ago
ThoriumBRThoriumBR
23.5k75571
answered 9 hours ago
ThoriumBRThoriumBR
23.5k75571
23.5k75571
1
The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).
– Serverfrog
9 hours ago
1
This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..
– Monty Harder
8 hours ago
4
en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.
– ThoriumBR
8 hours ago
Doesn't a hash actually reduce entropy, since there can be collisions?
– Barmar
4 hours ago
1
"Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For exampleargon2(salt, password) . md5(salt, password)is as easy to brute force asmd5(salt, password).
– Future Security
50 mins ago
|
show 9 more comments
1
The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).
– Serverfrog
9 hours ago
1
This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..
– Monty Harder
8 hours ago
4
en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.
– ThoriumBR
8 hours ago
Doesn't a hash actually reduce entropy, since there can be collisions?
– Barmar
4 hours ago
1
"Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For exampleargon2(salt, password) . md5(salt, password)is as easy to brute force asmd5(salt, password).
– Future Security
50 mins ago
1
1
The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).
– Serverfrog
9 hours ago
The point that i find is problematic is that the OP Posted that the User is himself that don't want to enter a clear text password into a Website form and wanted to hash it before entering it. (or use now a key derivation before entering it into the form).
– Serverfrog
9 hours ago
1
1
This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..
– Monty Harder
8 hours ago
This answer assumes that the brute force attacker knows what hash was used to create the derived password, as well as any salt that might be added in the process. If the hashing is done where the attacker has no way to know the algorithm and the salt, the derived password has the added entropy from that uncertainty about the hash and salt. One could consider this a form of two-factor authentication, in which the salt and algorithm held in the hash software represent the second factor..
– Monty Harder
8 hours ago
4
4
en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.
– ThoriumBR
8 hours ago
en.wikipedia.org/wiki/Kerckhoffs%27s_principle: If you design a security process, assume the attacker knows everything but the key.
– ThoriumBR
8 hours ago
Doesn't a hash actually reduce entropy, since there can be collisions?
– Barmar
4 hours ago
Doesn't a hash actually reduce entropy, since there can be collisions?
– Barmar
4 hours ago
1
1
"Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For example
argon2(salt, password) . md5(salt, password) is as easy to brute force as md5(salt, password).– Future Security
50 mins ago
"Fun" fact. When you concatenate hashes of passwords like that, one (sort of counter intuitively) limits their password hashing scheme's resistance to password recovery to that of the weakest hash. For example
argon2(salt, password) . md5(salt, password) is as easy to brute force as md5(salt, password).– Future Security
50 mins ago
|
show 9 more comments
A key derivation function will not increase the entropy, but it does make things more secure. A KDF has the following functions:
- It creates a key of the correct length. Many encryption algorithms take a fixed size length, such as 16 bytes. By using a KDF you can use a password of any length.
- It distributes the entropy of the password over the whole key. Encryption algorithms are meant to work with random-looking keys. If you use
1000000000000000as key, this can introduce security issues in the encryption algorithm. A KDF scrambles the password into a random-looking key. - It takes time. To slow down brute-force attacks, key derivation can be made slow so that attempting many passwords takes an unreasonable amount of time.
answered 15 hours ago
SjoerdSjoerd
20.3k94865
1
Nice answer but it does not cover the part concerning hashing prior to password usage
– AXANO
15 hours ago
add a comment |
A key derivation function will not increase the entropy, but it does make things more secure. A KDF has the following functions:
- It creates a key of the correct length. Many encryption algorithms take a fixed size length, such as 16 bytes. By using a KDF you can use a password of any length.
- It distributes the entropy of the password over the whole key. Encryption algorithms are meant to work with random-looking keys. If you use
1000000000000000as key, this can introduce security issues in the encryption algorithm. A KDF scrambles the password into a random-looking key. - It takes time. To slow down brute-force attacks, key derivation can be made slow so that attempting many passwords takes an unreasonable amount of time.
answered 15 hours ago
SjoerdSjoerd
20.3k94865
1
Nice answer but it does not cover the part concerning hashing prior to password usage
– AXANO
15 hours ago
add a comment |
A key derivation function will not increase the entropy, but it does make things more secure. A KDF has the following functions:
- It creates a key of the correct length. Many encryption algorithms take a fixed size length, such as 16 bytes. By using a KDF you can use a password of any length.
- It distributes the entropy of the password over the whole key. Encryption algorithms are meant to work with random-looking keys. If you use
1000000000000000as key, this can introduce security issues in the encryption algorithm. A KDF scrambles the password into a random-looking key. - It takes time. To slow down brute-force attacks, key derivation can be made slow so that attempting many passwords takes an unreasonable amount of time.
answered 15 hours ago
SjoerdSjoerd
20.3k94865
A key derivation function will not increase the entropy, but it does make things more secure. A KDF has the following functions:
- It creates a key of the correct length. Many encryption algorithms take a fixed size length, such as 16 bytes. By using a KDF you can use a password of any length.
- It distributes the entropy of the password over the whole key. Encryption algorithms are meant to work with random-looking keys. If you use
1000000000000000as key, this can introduce security issues in the encryption algorithm. A KDF scrambles the password into a random-looking key. - It takes time. To slow down brute-force attacks, key derivation can be made slow so that attempting many passwords takes an unreasonable amount of time.
answered 15 hours ago
SjoerdSjoerd
20.3k94865
answered 15 hours ago
SjoerdSjoerd
20.3k94865
answered 15 hours ago
SjoerdSjoerd
20.3k94865
answered 15 hours ago
SjoerdSjoerd
20.3k94865
20.3k94865
1
Nice answer but it does not cover the part concerning hashing prior to password usage
– AXANO
15 hours ago
add a comment |
1
Nice answer but it does not cover the part concerning hashing prior to password usage
– AXANO
15 hours ago
1
1
Nice answer but it does not cover the part concerning hashing prior to password usage
– AXANO
15 hours ago
Nice answer but it does not cover the part concerning hashing prior to password usage
– AXANO
15 hours ago
add a comment |
TL;DR
Hashing a Bad Password before sending it to some Server as Password is more time intensive, uncomfortable and less secure than a simple Password manager.
The Question seems to aim to misuse a Hashing Algorithm as a very simple Password Manager.
Use a real one or any real Password manager.
I will use your example to show why it will be a bad idea:
- You have the not so "entropy-rich" password 1111111111111
- it will have the hash 9DCBF642C78137F656BA7C24381AC25B
Now a Attacker get somehow a Database where the Passwords are in clear text (happend to often in the past). And why ever he will accidentally search there for hashes that have know plaintext (the not so "entropy-rich" password is one of it). Now he knows that the user with your username/email uses "1111111111111" and then MD5 it, as Password. What is then the benefit you have? One step more someone must take, but security wise there is no real difference.
Here the Difference what could happend in the Real World:
Your way:
ClearText -- MD5 --> HashedClearText -- sent to Server(HTTP(S))-->| |-- MD5/SHA*/... --> HashedHashedClearText
Normal Way:
ClearText -- sent to Server(HTTP(S)) -->| | -- MD5/SHA*/... --> HashedClearText
answered 10 hours ago
ServerfrogServerfrog
485617
The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems
– AXANO
10 hours ago
avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well
– Serverfrog
10 hours ago
you can be forced to decrypt "portable secure devices"
– AXANO
10 hours ago
1
as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)
– Serverfrog
10 hours ago
add a comment |
TL;DR
Hashing a Bad Password before sending it to some Server as Password is more time intensive, uncomfortable and less secure than a simple Password manager.
The Question seems to aim to misuse a Hashing Algorithm as a very simple Password Manager.
Use a real one or any real Password manager.
I will use your example to show why it will be a bad idea:
- You have the not so "entropy-rich" password 1111111111111
- it will have the hash 9DCBF642C78137F656BA7C24381AC25B
Now a Attacker get somehow a Database where the Passwords are in clear text (happend to often in the past). And why ever he will accidentally search there for hashes that have know plaintext (the not so "entropy-rich" password is one of it). Now he knows that the user with your username/email uses "1111111111111" and then MD5 it, as Password. What is then the benefit you have? One step more someone must take, but security wise there is no real difference.
Here the Difference what could happend in the Real World:
Your way:
ClearText -- MD5 --> HashedClearText -- sent to Server(HTTP(S))-->| |-- MD5/SHA*/... --> HashedHashedClearText
Normal Way:
ClearText -- sent to Server(HTTP(S)) -->| | -- MD5/SHA*/... --> HashedClearText
answered 10 hours ago
ServerfrogServerfrog
485617
The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems
– AXANO
10 hours ago
avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well
– Serverfrog
10 hours ago
you can be forced to decrypt "portable secure devices"
– AXANO
10 hours ago
1
as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)
– Serverfrog
10 hours ago
add a comment |
TL;DR
Hashing a Bad Password before sending it to some Server as Password is more time intensive, uncomfortable and less secure than a simple Password manager.
The Question seems to aim to misuse a Hashing Algorithm as a very simple Password Manager.
Use a real one or any real Password manager.
I will use your example to show why it will be a bad idea:
- You have the not so "entropy-rich" password 1111111111111
- it will have the hash 9DCBF642C78137F656BA7C24381AC25B
Now a Attacker get somehow a Database where the Passwords are in clear text (happend to often in the past). And why ever he will accidentally search there for hashes that have know plaintext (the not so "entropy-rich" password is one of it). Now he knows that the user with your username/email uses "1111111111111" and then MD5 it, as Password. What is then the benefit you have? One step more someone must take, but security wise there is no real difference.
Here the Difference what could happend in the Real World:
Your way:
ClearText -- MD5 --> HashedClearText -- sent to Server(HTTP(S))-->| |-- MD5/SHA*/... --> HashedHashedClearText
Normal Way:
ClearText -- sent to Server(HTTP(S)) -->| | -- MD5/SHA*/... --> HashedClearText
answered 10 hours ago
ServerfrogServerfrog
485617
TL;DR
Hashing a Bad Password before sending it to some Server as Password is more time intensive, uncomfortable and less secure than a simple Password manager.
The Question seems to aim to misuse a Hashing Algorithm as a very simple Password Manager.
Use a real one or any real Password manager.
I will use your example to show why it will be a bad idea:
- You have the not so "entropy-rich" password 1111111111111
- it will have the hash 9DCBF642C78137F656BA7C24381AC25B
Now a Attacker get somehow a Database where the Passwords are in clear text (happend to often in the past). And why ever he will accidentally search there for hashes that have know plaintext (the not so "entropy-rich" password is one of it). Now he knows that the user with your username/email uses "1111111111111" and then MD5 it, as Password. What is then the benefit you have? One step more someone must take, but security wise there is no real difference.
Here the Difference what could happend in the Real World:
Your way:
ClearText -- MD5 --> HashedClearText -- sent to Server(HTTP(S))-->| |-- MD5/SHA*/... --> HashedHashedClearText
Normal Way:
ClearText -- sent to Server(HTTP(S)) -->| | -- MD5/SHA*/... --> HashedClearText
answered 10 hours ago
ServerfrogServerfrog
485617
answered 10 hours ago
ServerfrogServerfrog
485617
answered 10 hours ago
ServerfrogServerfrog
485617
answered 10 hours ago
ServerfrogServerfrog
485617
485617
The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems
– AXANO
10 hours ago
avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well
– Serverfrog
10 hours ago
you can be forced to decrypt "portable secure devices"
– AXANO
10 hours ago
1
as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)
– Serverfrog
10 hours ago
add a comment |
The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems
– AXANO
10 hours ago
avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well
– Serverfrog
10 hours ago
you can be forced to decrypt "portable secure devices"
– AXANO
10 hours ago
1
as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)
– Serverfrog
10 hours ago
The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems
– AXANO
10 hours ago
The problem i want to avoid is the centralization of passwords As well as the fact that it is not portable to amnesic operating systems
– AXANO
10 hours ago
avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well
– Serverfrog
10 hours ago
avoid centralization with a single hashed password? amnesic operating systems: portable secure device, beside a Human Head that can't really store many Passwords pretty well
– Serverfrog
10 hours ago
you can be forced to decrypt "portable secure devices"
– AXANO
10 hours ago
you can be forced to decrypt "portable secure devices"
– AXANO
10 hours ago
1
1
as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)
– Serverfrog
10 hours ago
as you can be force to spell out a Password. xkcd.com/538 (how will you decrypt a password storage or device, without telling them the password. The same holds on your case)
– Serverfrog
10 hours ago
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f205680%2fhashing-password-to-increase-entropy%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
For what do you want to use it in your application?
– Sjoerd
15 hours ago
i edited my question with more information on the application of the password
– AXANO
15 hours ago
Do you mean Client side password hashing?
– Sjoerd
15 hours ago
5
"If a random password is hashed with md5 will the output provide a 128 bit entropy?" - if the passwords consists of 8 random upper-case characters there are at most 26^8 possibilities which is far from 2^128. Putting some hash behind this will not magically add entropy since a hash is deterministic.
– Steffen Ullrich
15 hours ago
1
Again, a hash is a deterministic algorithm. At most you will loose entropy with this (for example when using MD5 on a password with 10000 characters) but never have entropy added.
– Steffen Ullrich
15 hours ago