Re: SHA Question

First; hashing a password with a hash do not give much more security at
all, it's just a linerar transformation that takes soso-many
miliseconds to perform.

And yes, you should use the output of the hash algorithm as an
encryption key, but using those bits alone wont slow down attackers.

(Note: Remember that Sha-1 generate 160 bit hashes and if you are going
to use AES-256 then you need 96 more bits, if AES-128, strip off 32
bits. A better choise would be SHA-256.)

What you want to do when you slow down bruteforce attacks is to
increase the time required to compute the hashes and make it hard(-er)
to make a dictionary database, i've seen some people do:

For (n = 0; n < 1000; n++)
  password = sha1(password);

That slow down bruteforce attacks by a factor of 1000. Since SHA-1 is
quite fast (and computers are getting faster), you can expand this up
to say 65535 without the user detecting any significant "speed bump",
that adds 2¨16 combinations to each password per password.

Unfortunately - this alone wont slow down dictionary attacks, since
precalculating a dictionary is still possible (it just takes longer,
but distributed computing solves alot of problems fast)

To harden it even further, you can do more things ;

1. Make the password affect how many times the hash function loops
itself

2. Add some salt: feed soso-many random (but STATIC) bytes into the
hash function.

3. Feed an application specific value too loops (i.e. a keyed PRNG)

4. Use an additional, but static, input (Username, Filelength, File
Creation Date)

5. Encrypt the input with an encryption algorithm.

(and on and on)

One thing you should think of is when you're done encrypting, clear out
the memory variables, alot of people forget to do that..

Good luck.
Ichinin
Received on Tue Jan 3 03:41:33 2006