P.P.S. Public salts should _always_ be used/generated when hashing passwords. Whether or not you wish to use a private salt is up to you (but recommended).
-- Les Hazlewood | @lhazlewood CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 On Thu, Apr 18, 2013 at 9:59 AM, Les Hazlewood <[email protected]>wrote: > Yes, I'm glad Jon brought up the private salt. If you don't store this > information in the same data store as where your passwords are stored (e.g. > in app configuration or a private config file not easily accessible > somewhere), then brute force wouldn't be possible at all until the attacker > could also acquire that private salt. > > Compromising both could be _extremely_ hard, depending on how your > application infrastructure is set up. For example, maybe an attacker could > gets access to your data (maybe they were able to get access to a mysql > dump file or similar), but they may not be able to get access to the > location of the private salt (e.g. maybe its in a file they can't access or > in a Chef encrypted data bag, etc). > > I forgot to mention this - thanks Jon! > > Best, > > -- > Les Hazlewood | @lhazlewood > CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 > > > On Thu, Apr 18, 2013 at 9:50 AM, jonlinux <[email protected]>wrote: > >> If you specify the use of a private salt, or set the option to use a >> public >> salt, you will have something similar in your database: >> >> >> $shiro1$SHA-512$475494$w9b57Sqavc3YfrxfUpjtWg==$+Wc4fFL+ZnrjrxCGNIRP5fsIYJqc1X8Vj7IInxntrIi0bGjJ4RMJt80Crqeh5RFwt5qgy/seD19IqlriuwWzLg== >> >> Thus you can see the hashing algorithm used as well as the number of >> iterations. And in this instance there is the addition of the public salt >> (w9b57Sqavc3YfrxfUpjtWg== in the example above). >> This public salt is different for every password entry in the database, >> thus >> it would hinder any pre-computed rainbow table attack on the passwords. >> >> Additionally, there is a private salt used which you can set within your >> Shiro configuration. This means that even if someone walks off with your >> database, they still will not be able to "decrypt" the passwords. >> >> In your example (with no salt), it might be possible to get the password >> in >> an unencrypted form by just hashing lots of plain text passwords using the >> parameters you define, yes. A pre-computed rainbow table could be used in >> this scenario. >> But that is why it is recommended that salting of passwords is carried >> out. >> >> >> >> -- >> View this message in context: >> http://shiro-user.582556.n2.nabble.com/Encrypted-password-in-db-why-does-it-tell-the-Hash-and-iterations-in-it-tp7578510p7578622.html >> Sent from the Shiro User mailing list archive at Nabble.com. >> > >
