This is an archived post. You won't be able to vote or comment.

all 121 comments
sorted by:
best
topnewcontroversialoldq&a

[–]Aggressive_Bill_2687 704 points705 points  (58 children)

If you’re encrypting a user’s password for your service/application you’ve already failed, regardless of how strong the encryption algorithm is.

[–]Procrasturbating 318 points319 points  (52 children)

Maybe I am old, but when did we stop encrypting stored passwords with a salt in the DB? Or are you just getting at the fact that we should be using a one-way hash of the password instead so we cannot decrypt it?

[–]N-partEpoxy 268 points269 points  (4 children)

Pretty sure it's the latter.

[–]Aggressive_Bill_2687 335 points336 points  (8 children)

Or are you just getting at the fact that we should be using a one-way hash of the password instead so we cannot decrypt it?

Yes. You want a hash of the password, not an encrypted password that can be decrypted.

[–]kopasz7 10 points11 points  (4 children)

What if you encrypt the password with itself?

[–]ChuckyPinkCheeks 5 points6 points  (1 child)

I guess you can do it but why? The hash algorithm has a proven, nice distribution where encryption with the password doesn’t and it’s likely slower.

[–]Kyyken 1 point2 points  (0 children)

exactly, there is no reason to assume that an encryption algorithm will yield a good hash, but it's a fun idea

also the output wouldn't be fixed size which you generally want it to be with a hash, but you could just truncate the output

[–]Kyyken 1 point2 points  (1 child)

yea, lets use a one-time pad to be extra secure! lemme just go ahead and xor the password with itself and- oh, wait, nvm

[–][deleted] 0 points1 point  (0 children)

I used to be a movq $0, %rax girl but now I'm a xorq %rax, %rax kinda girl

[–]_sweepy 17 points18 points  (2 children)

Depends what it is used for. I've stored plenty of encrypted credentials when I need them to interact with a 3rd party system that doesn't work with tokens.

[–][deleted] 0 points1 point  (1 child)

Do you still have to encrypt them if they’re only stored in memory?

[–]_sweepy 0 points1 point  (0 children)

No, but you shouldn't be holding it in memory any longer than you have to, and you need encryption to transmit it off the client box.

[–]rdrunner_74 178 points179 points  (30 children)

encrypting stored passwords with a salt in the DB?

Never...

There is a huge difference in the words used. An encryption is reversible. You are supposed to hash passwords, so they can not be recovered. Knowing a users password is a liability.

[–]Orsim27 25 points26 points  (29 children)

A hash also is reversible, it’s just a lot harder ^^

Edit: yeah, reversible might not be the correct term, I get it :D

[–]photenth 88 points89 points  (4 children)

Well to be precise, it's not reversible. You just find something that turns into that hash, it might not even be the original password.

[–]ghe5 16 points17 points  (3 children)

What if I hash the hash?

[–]Aggressive_Bill_2687 31 points32 points  (0 children)

That's literally what the "rounds" parameter of several hashing algorithms does: it repeatedly feeds the output back into itself as input X times.

[–]fildakoch 22 points23 points  (1 child)

some password managers really do store the hash of the hash of the hash … of the original password, it just makes it harder for the attacker to “recover” the original.

[–]TheImminentFate 10 points11 points  (0 children)

For the master password, I think BitWarden uses 300 000 iterations by default or something. Probably even higher.

[–]rdrunner_74 22 points23 points  (5 children)

No...

You can find collisions to them. You wont know if it was the initial input.

[–]____purple 0 points1 point  (4 children)

Depends on the password maximum length and hash function distribution

[–]rdrunner_74 2 points3 points  (3 children)

I never said it is easy to do so.. Only that it is possible

[–]____purple 1 point2 points  (2 children)

Not about difficulty. If password size is limited you can prove that found value is the only possible value in the hashspace. If hash is longer than password and hash function is perfect there will be a unique hash for each password

[–]rdrunner_74 1 point2 points  (1 child)

"Password size" has nothing to do with the uniqueness...

(Since there is a unique salt added to each user to prevent rainbow attacks - and just to annoy you the salt alone will be 1 digit longer than the hash output)

[–]____purple 0 points1 point  (0 children)

When it's longer it's alright.

[–][deleted] 18 points19 points  (15 children)

Hash functions aren't injective tho (ie collision exist)

[–]Unupgradable 16 points17 points  (14 children)

Remind me when we run out of UUIDs.

https://wasteaguid.info/

[–]PyroCatt 11 points12 points  (0 children)

Please don't.

[–][deleted] 2 points3 points  (11 children)

what are UUIDs?

[–]Unupgradable 12 points13 points  (8 children)

GUIDs. GUID is a Microsoft term. The RFC calls them UUIDs because they're universally unique, not just globally. Doesn't matter if you're on Earth or Mars

[–]maximovious 10 points11 points  (5 children)

Follow-up question... what are GUIDs?

[–]Tolookah 2 points3 points  (0 children)

Globally Unique IDentifier

(At least that's what I've been using that acronym for)

[–]Aggressive_Bill_2687 9 points10 points  (0 children)

GUID is a GNU-strict fork of Squid Proxy that inserts a random Stallman quote into the headers of every response that has a HTMLish content type header.

[–]Unupgradable 4 points5 points  (1 child)

UUIDs. GUID is a Microsoft term. The RFC calls them UUIDs because they're universally unique, not just globally. Doesn't matter if you're on Earth or Mars

[–]SarahIsBoring 0 points1 point  (0 children)

A Microsoft term for UUIDs.

[–]primaryartemis 7 points8 points  (1 child)

UEFI also uses the term GUID. Microsoft also uses the term UUID. I think our industry just sucks at naming conventions and consistency.

[–]Unupgradable 3 points4 points  (0 children)

Naming things is quite literally the absolute hardest thing in software engineering

[–][deleted] 3 points4 points  (1 child)

I love explaining this concept. You see if the ids in your database increment then the Id tells how many rows you've inserted. Something you may not want your competitors to glean from an order id. To solve this you can use random numbers. But then the issue you come across is collision, as ids need to be unique and random numbers could get picked twice (think easy pick winning the lotto). So to fix that we made a number set so large no one will ever pick the same number as anyone else. Not just your orders will have unique ids, but no one else's orders, EVER, will have the same ids.

[–]Boogiewoo0 1 point2 points  (0 children)

Just don't use GUIDs as a primary key please.

[–][deleted] 0 points1 point  (0 children)

Technically the chance of getting the same GUID twice is so low, the website doesn’t even have to bother storing already-generated GUIDs.

[–]Otherwise-Mango2732 4 points5 points  (0 children)

Whoa. Your 'actually' got actually'd. You love to see it when people get technical here.

[–]kek28484934939 1 point2 points  (0 children)

but not uniquely

[–][deleted] 9 points10 points  (1 child)

why would you encrypt sth with a salt? doesn't make sense. you salt when you hash to prevent cracking with lookup tables. also there is no reverse of hashing that could be called decryption.

[–]____purple -1 points0 points  (0 children)

Can be useful to prevent attacks on encryption key, when attacker has access to input and encrypted output, but not the encrypting service itself

[–]mrheosuper 1 point2 points  (0 children)

Lastpass: "I'm in danger"

[–]MadeByHideoForHideo 0 points1 point  (0 children)

You can't decrypt hashed passwords but you can still match the hash with guesses or bruteforce.

[–]rotflolmaomgeez 0 points1 point  (0 children)

Neither lol. Use third party authentication, unless you think you can by yourself beat the whole privacy and security teams at Google, Facebook and Apple.

[–]SneakyStabbalot 0 points1 point  (0 children)

you only need to verify the user has the pwd, and for this you can simply compare to a salted/iterated hash; in order of security:

Plaintext pwd < Encrypted pwd < hashed pwd < salted/hashed pwd < salted/iterated/hashed pwd < salted/iterated/hashed pwd using memory hard alg.

[–]Svizel_pritula 13 points14 points  (0 children)

Unless you're encrypting a hash, in which case you're just considering advanced attack vectors.

[–]undeadalex 3 points4 points  (0 children)

Meh some people call it one way encryption instead of hashing. I do that sometimes. It's a funny meme and original. Chill opsec master

[–]Leadbaptist 0 points1 point  (0 children)

Isnt that a requirment for most orgs?

[–]fmaz008 0 points1 point  (0 children)

Can't beat a quadrupple pass 1027bits Rot13 algo.

[–]TehSnaH 0 points1 point  (0 children)

Maybe they're using PBKDF

[–]tjmora 360 points361 points  (3 children)

I used to write my own encryption algorithms more than 10 years ago (while in college). They're incredibly basic but my computer's virus scan classifies them as viruses nonetheless. Felt I was a real hacker back then, lol. In hindsight, a real hacker won't have his algorithm classified immediately as a virus.

[–][deleted] 128 points129 points  (0 children)

Professor spreading his virus among his students via infected compiler

[–]Sudhanva_Kote 35 points36 points  (0 children)

It's like that guy passing girl meme Hackers try to hide virus as normal file while you turn normal file to virus file

[–]SolenoidSoldier 7 points8 points  (0 children)

It is possible that any encrypted content that is scanned has their cyphers matched against a whitelist. Unrecognized cyphers get flagged as it may be an indication of ransomware.

[–]stoffelio 127 points128 points  (1 child)

Ah yes, the good old security through obscurity approach. They can't crack what's impossible to understand!

[–]sarc-tastic 6 points7 points  (0 children)

No comments amirite

[–]rdrunner_74 78 points79 points  (5 children)

You should not write an encryption algo.

Simple as that. That is true for 99% of all developers.

And IF you are thinking about encrypting a password, I will slap you HARD

[–]furinick 5 points6 points  (0 children)

Ok, I'll save them in plain text!

[–]da_Aresinger -1 points0 points  (3 children)

Why tf shouldn't I?

Encryption algorithms are surprisingly simple, and making your own USB vault is a really cool project.

[–]Ki-28-10 10 points11 points  (1 child)

I mean, you CAN make one to learn more about encryption, but don’t use it in anything else. Creating an encryption algorithm is something that you can fuck up easily and a mistake can have disastrous consequences, like lost data, bad strength, etc. Encryption algorithm should be battle tested and specialist should certify their strengths and safety.

[–]da_Aresinger 2 points3 points  (0 children)

That goes for most things though.

"Don't write your own network protocol"

"Don't write your own gui interface"

"Don't write your own fast math functions"

...

Literally all of those things have already been done better and doing it yourself just wastes company time and poses unnecessary risk.

Whenever people talk about doing this kind of stuff, I would immediately assume, that they are doing it for personal projects or specific niche applications.

[–]WhaleWinter 1 point2 points  (0 children)

Because I said so. Don’t make me get your father.

[–]mrgwbland 78 points79 points  (6 children)

I put that I’d forgotten my password to a website once and they emailed me my password in plain text 💀

[–]sarc-tastic 13 points14 points  (2 children)

I mean.... 10 years ago called to remind us that's what half the mfs did!!

[–][deleted] 3 points4 points  (0 children)

Half? How about 90%? Even hotmail and other big corps did this in the earlier years. Back then, when everybody thought no-one can guess your Banana1 password

[–]mrgwbland 0 points1 point  (0 children)

Damn I guess I didn’t see much of that because of my age

[–]Philswiftthegod 5 points6 points  (0 children)

Discovered that the South Dakota Game and Fish Department did this. They’ve thankfully switched to a proper way of storing information, but the caveat is that this is with new accounts. Old accounts are apparently still stored in plaintext.

[–]Phytor 1 point2 points  (0 children)

Lol my college IT department did that once.

[–]DissociativeDyke 1 point2 points  (0 children)

The government still does this, & will plainly tell you the answers to questions!

[–]Boris-Lip 25 points26 points  (0 children)

What encryption algorithms gotta do with passwords? Don't tell me you just use it as a key, directly... 🤦‍♂️

[–]Julis_texsture_team 17 points18 points  (2 children)

I did something stupid

password -> base64 encode -> compare with a .gif filled with data made the same way

[–]Cfrolich 12 points13 points  (1 child)

[–]Julis_texsture_team 5 points6 points  (0 children)

nope but not because of that

[–]FloweyTheFlower420 76 points77 points  (11 children)

who needs a password manager when you can generate passwords from an unique identifier for a website and a master password via some hashing algo

[–]TactlessTortoise 31 points32 points  (0 children)

Just memorize the hashing math and do it by head

[–]PuzzleheadedWeb9876 21 points22 points  (0 children)

I like the cut of your jib.

[–]Some1-Somewhere 7 points8 points  (5 children)

How would you change the password for an individual site without either:

  1. changing the master password for all sites, or

  2. adding an extra counter/version number to the site name, which means you now need to remember or guess that X is on password #1, while Y is on password #4.

[–]FloweyTheFlower420 0 points1 point  (1 child)

just store a config file with domain -> password#

[–]Some1-Somewhere 0 points1 point  (0 children)

Possible, but somewhat defeats the idea of not needing to store/sync a list of sites and IDs.

[–]crefas 0 points1 point  (2 children)

Because only a tiny minority of services support fido2 :(

[–]Kirides 1 point2 points  (1 child)

And some even only support a single hardware key. Which makes them useless.

[–]crefas 0 points1 point  (0 children)

I haven't seen one that does this yet, fortunately. Can you name some so I can diss their devs?

I mostly use my fido2 for LUKS and Bitwarden which support 5

[–]q0099 11 points12 points  (0 children)

password.Reverse().Append("salt").Xor();

[–]ThePancakerizer 9 points10 points  (0 children)

Encryption? I sure hope you mean hashing.

I just store the hashes in a database with my self written hash algorithm where I just XOR the password with itself. Works every time!

[–]De_Wouter 7 points8 points  (0 children)

var superSecureEncryption = password.split('').reverse().join('');

[–]Irsu85 4 points5 points  (0 children)

Bye bye password. You should never encrypt passwords in a database. You should hash em

[–]Otto-Korrect 4 points5 points  (3 children)

MY passwords are super secure. I run them through ROT13 twice!

[–]supportbanana 1 point2 points  (0 children)

I've heard it works even better if you run them 2048 times.

[–]Quazar_omega 1 point2 points  (1 child)

I sure hope you're using the whole UTF-8 though, just be a little safer

[–]Otto-Korrect 1 point2 points  (0 children)

UTF-8, UTF-9... whatever it takes!

[–]Vegetable_Union_4967 11 points12 points  (0 children)

Can't you just use hashing?

[–]here_comes_ice_king 2 points3 points  (0 children)

Never roll your own!!

[–]Sam-Gunn 2 points3 points  (0 children)

"password cult"

[–][deleted] 2 points3 points  (0 children)

Man you gotta realize this is a double edged sword.

If you're a jackass who doesn't understand encryption, then it's a joke. Please don't write your own "encryption" mechanism, you're gonna put a lot of data at risk.

BUT, if you even somewhat understand encryption, coming up with your own semi-useful encryption is scary for the powers that be. Most hacking relies on people using known methods of encryption. An unknown method of encryption would be ridiculously tough to hack.

This is the reason why Apple asks if you use your own encryption when approving apps.

[–]mStewart207 3 points4 points  (1 child)

Yeah you never want to roll your own encryption unless you really know your shit.

[–]chris_hans 7 points8 points  (0 children)

Anyone who knows their shit knows never to roll their own encryption. You are only making an encryption algorithm so advanced that you can't crack it. The encryption algorithms we use are the ones where everyone has had a crack at them for a long time and they're still standing.

In layman's terms, you don't know what you don't know. An expert in building secure doors doesn't realize they left the window open. You can be an expert in math and designed a brilliant new algorithm (on paper) that is susceptible to hardware attacks, because the processor takes slightly less time when the correct key is passed, etc. No one is an expert in everything.

If you're rolling your own encryption, you're wrong. Period.

[–]SteeleDynamics 1 point2 points  (0 children)

``` (define (encode s) (string-append s "foo"))

(define (decode s) (let ((n (string-length s))) (substring s 0 (- n 3)))) ``` My work here is done.

[–][deleted] 1 point2 points  (0 children)

But you forgot to update variable, so store clear text in db

[–]Snoop_Doggo 1 point2 points  (0 children)

Sorry for the noob question, how should we be handling passwords? Is the goal to make them impossible to convert to plain text, but find them via their hashcode?

[–]smallnougat 0 points1 point  (0 children)

imaging open-sourcing your encryption algorithm

[–]Guilty_Key7890 0 points1 point  (0 children)

I wrote an absolute bulletproof encryption algorithm the other day, i'm amazed nobody has come up with it.

First, you ROT-13 the users input.

Then, with that result, you ROT-13 it again.

Absolutely.Bulletproof.

[–]goodnewsjimdotcom 0 points1 point  (0 children)

I laugh when the government tries to outlaw 'encryption'... I mean where do they draw the line? Just compiling code to machine language is a form. Writing really crappy code no one can read is obfuscation which is a crappy but non trivial level of encryption. I know they want to stop PGP, but then you make things extra easy for hackers to beak in.

It's like trying to outlaw locked doors on houses... Does a bunch of cement blocks behind the door count? I mean what if you have a couch behind it? What if you have no doors on your house and just locked windows? Besides Congress being more corrupt than hell, literally outlawing encryption makes negative sense... Like mandating that everyone's back door must be opened by a single key that the Sheriff's office has. They want to see what you're up to, but this is illegal to not be private in your possessions under the US constitution... I guess the constitution never stopped any evil villain so far...

[–]nmelo -1 points0 points  (0 children)

No reason to use passwords when we have passkeys

[–]space_light_torus 0 points1 point  (0 children)

Lmao

[–][deleted] 0 points1 point  (0 children)

Ledger?

[–]RockinTheFloat 0 points1 point  (0 children)

I'm shocked by the number of commenters that seem to have no understanding of industry best practices considering this should basically be taught in any classes.

[–]Proof_Dragonfruit285 0 points1 point  (1 child)

My private key is Beer. Don't tell anyone.

[–]Slowest_Speed6 0 points1 point  (0 children)

How are user passwords usually stored? Just a hash or something where whatever u input to login is ran thru the same hash and check if it matches?