You Want Salt With That? Part One: Security vs Obscurity

Security + obscurity

Martin — Sat, 29 Jan 2005 08:31:00 GMT

There's nothing like adding a little bit of obscurity to a known-secure scheme. Suppose, for instance, that you're using SSL in a system where both ends of the communications link are under your control. Then there's nothing to stop you flipping a couple of bits in the input to one of the hashes: it takes you no time at all, and it provably doesn't weaken the security; but it'll confuse the hell of someone trying to reverse-engineer your protocol. The more human time you can waste, without wasting computer time or compromising security, the better.

re: You Want Salt With That? Part One: Security vs Obscurity

Dan Shappir — Sat, 29 Jan 2005 22:57:00 GMT

Off-topic, but still related (security after all). I've created an ActiveX that downloads data from a web server, using async monikers et al. I understand that in order to support download from sites that require authentication, I need to implement IAuthenticate. Thing is, the download will most likely occur from the same site that hosted the ActiveX itself, and the containing page. I want to avoid requiring the user input the same credentials twice. Anyone know how the ActiveX can get the credentials from IE? I haven't been able to find any information about this in the MSDN, Google, etc.

re: You Want Salt With That? Part One: Security vs Obscurity

Steve Dispensa — Sun, 30 Jan 2005 05:15:00 GMT

Bruce Schneier is fond of saying that "anyone can design a cryptosystem that he himself cannot break". This is always a bad idea. Even the best in the world get it wrong sometimes; there was (is?) a subtle man-in-the-middle vulnerability in IPSEC, related to XAUTH - search the IETF working group mailing list for about 2-3 years ago for details.

Related to obscurity: it's interesting to note that the US Government believes in security through obscurity, in the cryptographic sense: they almost never publish the design docs to released algorithms (e.g. SHA/SHA-1), they rarely publish their own cryptanalytic findings (e.g. whatever caused the NSA to release SHA-1, or more famously, their obvious discovery of differential cryptanalysis 25ish years before the academic community), and sometimes algorithms themselves are kept secret (e.g. Skipjack, which was only released in tamper-proof chips). The US Armed Forces has been using secret stream ciphers for workhorses for years.

I gotta admit, all of the above strike me as dubious strategy at best. Then again, the NSA has more crypto people than the rest of the world combined, so I guess their stuff is still peer-reviewed, albeit not in open literature.

This series sounds like fun. :-)

re: You Want Salt With That? Part One: Security vs Obscurity

Dave — Mon, 31 Jan 2005 14:57:00 GMT

"Anyone know how the ActiveX can get the credentials from IE?"

My guess? Implement IObjectWithSite::SetSite for an IUnknown back to IE. There should be some way to retrieve or listen (OnNavigate?) for the authentication info.

Gimme some Hash!

Scott Galloway's Personal Blog — Mon, 31 Jan 2005 19:48:00 GMT

Gimme some Hash!

Scott Galloway's Personal Blog — Tue, 01 Feb 2005 11:49:00 GMT

Super article on Password Salting !

Joe Stagner - Frustrated by Design ! — Thu, 03 Feb 2005 18:04:00 GMT

Super article on Password Salting !

Joe Stagner - Frustrated by Design ! — Thu, 03 Feb 2005 18:09:00 GMT

Eric Lippert posts part 3 of his series on password security

Scott Galloway's Personal Blog — Thu, 03 Feb 2005 18:16:00 GMT

Don't Worry, Nobody's Gotta Know! An Easy Introduction to Keeping Secrets on Computers

Barely Legal Substance — Thu, 03 Feb 2005 22:56:00 GMT

Fabulous Adventures in Coding assays this week a, well, fabulous adventure, in simple cryptography. I know enough to get myself in deep trouble with this subject, but Eric has put together three short and knowledgeable posts that begin easy and...

re: You Want Salt With That? Part One: Security vs Obscurity

Jim Weiler — Thu, 18 Aug 2005 04:12:10 GMT

It still seems that 'knowing the salt tells you nothing' depends on what else you know about the salt. If you just know the salt is used in passwords on a server, that's very little help. If you know a salt is used for a particular password then a dictionary attack is more possible, you just have to try possible salt + password combinations. If you know the salt for a password and how it's combined with the password, then you can do a basic dictionary attack right?

Do not use string hashes for security purposes

Fabulous Adventures In Coding — Fri, 07 Sep 2007 01:44:40 GMT

A recent question I got about the .NET CLR's hashing algorithm for strings is apropos of our discussion

re: You Want Salt With That? Part One: Security vs Obscurity

L. Michael Asher — Fri, 11 Jan 2008 18:19:43 GMT

> "There's nothing to stop you flipping a couple of bits in the input to one of the hashes: it takes you no time at all, and it provably doesn't weaken the security..."

From a cryptographic perspective, "flipping a couple of bits" in the initialization values of of an encryption scheme can indeed weaken it severely. Many such studies have been done to prove it. Those values may look random, but they aren't.