CODEWITHSUNDEEP
securityencryptioncryptographypassword-encryption
user3466626
user3466626

Reputation: 21

Is SHA1(3DES-CBC) a good encryption for storing passwords in database?

I am security analyst and I had been asked this question Is SHA1(3DES-CBC) a good encryption for storing passwords in database?

However, to my knowledge I feel use of salt for storing any sensitive information. And I feel CBC mode is vulnerable on certain protocols. And I feel this is the best pratice https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet

Please correct my understanding of the above.

However, I am trying to understand the technical implication of SHA1(3DES-CBC) to better explain my team of its issues in implimentation. Please advise me on the same.

Upvotes: 1

Views: 1805

Answers (3)

jww
jww

Reputation: 102386

However, to my knowledge I feel use of salt for storing any sensitive information ...

John Stevens of OWASP put together a good document on server password security and storage. It walks through the attacks and threats, and then adds steps to neutralize the threats. Here are the references to the OWASP material (you only referenced one of them):

And I feel CBC mode is vulnerable on certain protocols...

I don't believe this is correct. A block cipher operated in CBC mode is a pseudo random function. It posses the PRP-notion of security. However, it can't be used in a vacuum. Hence, the reason you need understand the material in the two OWASP references.

SHA1(3DES-CBC)...

I'm not sure what the purpose of the composite function is. You'll have to ask the developers what their security goals are, and what threat it neutralizes. Naively, I'm going to say AES/CBC or 3DES/CBC alone should have been sufficient.

You also have the key storage problem to contend with. Its known as the "Unattended Key Storage" problem, and its a problem without a solution. See Peter Gutmann's Engineering Security.

Upvotes: 1

rdegges
rdegges

Reputation: 33844

NO!

If you're storing passwords in a database, you should be using bcrypt or scrypt. bcrypt has been analyzed by numerous cryptographers over the years, and is the 'defacto' password hashing algorithm.

SHA1 is bad because:

  • It can be run quickly (bad, makes it vulnerable to brute force).
  • It is susceptible to collision attacks (this means attackers don't even need to brute force the password).
  • It can be easily reversed if you're not using a salt (rainbow tables).

bcrypt is great because:

  • It's very slow (slows down attackers trying to brute force).
  • It requires a lot of CPU (this means attackers need many computers, with large CPUs).
  • It has no collisions.

scrypt is just like bcrypt, but also requires a lot of memory to compute a hash, further slowing down attackers. scrypt is relatively new, however, so you might want to stick with bcrypt for now.

Upvotes: 0

martinstoeckli
martinstoeckli

Reputation: 24141

Fast hashing algorithms like SHA* are never a good choice to hash passwords, instead you should use a slow key-derivation function with a cost factor like BCrypt or PBKDF2.

I couldn't find much information about "3DES-CBC" in combination with SHA1, but both (SHA1 and DES) are hash functions without iterating.

Upvotes: 1

Related Questions