Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Isn't typical use of (hash-based) KDFs for password verification purposes is essentially using them as salted hashes?

Yes, for most cases underlying primitives are iterated many times, so they're slow to compute, but that's not the point - it's still hashing.



Of course you're right in theory. A KDF is a hash function. In practice, however, it's best if we ignore that fact when making public statements.

When many people hear about hashing passwords, they think md5 or sha1 or something. I certainly used to think that way. The problem is, it's really really easy to be ignorant of the current best practices and not even realize it. Thinking that you know what you're doing when you don't is a great way to get insecure systems.

So, I like to say that it's wrong to hash passwords, even if they're salted. It's also wrong to encrypt them. You should only ever use a KDF.

I would hope that anybody who can poke holes in my statement has nothing to learn from me and already knows to use a KDF. Anybody else will hopefully read that, scrap their plans to use salted sha1 and instead go learn about KDFs until they too can poke holes in my statement.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: