Secure password storage with PBKDF2
Passwords are of paramount importance in the authentication layer of any digital system. Put simply, a password is a secret phrase to prove a user’s right to gain access to a secured resource or service. A compromise in the security of a digital system can cause a huge negative impact in any organization. If you are developer, you may have had to deal with passwords in some point in your career. Passwords are typically stored in a database. These databases can be subjected to various attacks such as SQL injections and therefore it is important to make sure that cracking of these passwords is an extremely difficult task.
Plain text password storage should be avoided by all means as an attacker who hijacks your server or even an administrator with approved database access will get quite easily on hold of all the passwords stored in the database.
In 2019, Brian Krebs who is a cybersecurity reporter stated that the tech giant Facebook has been storing millions of passwords in plain text for years leaving them exposed to people with access to certain internal systems. See here for the statement published by Facebook on this incident.
Hashing is the accepted approach for storing passwords. Hashing is a one-way function. Therefore even if the passwords storage gets exposed, an attacker will not be able to convert back the hashed value to obtain the original plain text passwords. However a simple password hashing mechanism is still considered less secure as it is vulnerable to dictionary attacks. Hence it is recommended to use salted hashed passwords. As a random salt value is used in the hashing process, pre-computed password library is of no use. However, with the technology advancements today, GPU-based and ASIC-based brute force password cracking attacks can be easily made for salted hashed passwords.
As of now, the recommended approach is to move away from legacy hashing algorithms and use a modern hashing algorithm for the password hashing.
OWASP states that
Strong passwords stored with modern hashing algorithms and using hashing best practices should be effectively impossible for an attacker to crack. It is your responsibility as an application owner to select a modern hashing algorithm.
There are a number of modern password hashing algorithms out there. In this blog post, let’s explore on PBKDF2. PBKDF2 which stands for Password Based key Derivation Function2 is a modern password hashing algorithm standardised in RFC 2898.
As of now, it is the only modern password hashing algorithm backed by NIST standards. As stated by OWASP, to achieve FIPS-140 compliance it is required to choose PBKDF2. Due to these reasons, PBKDF2 is widely used for secure password storage.
PBKDF2 belongs to the family of modern key derivation functions. The intention of modern key derivation functions is to slowdown the password cracking process which makes the deriving of the key computationally expensive. PBKDF2 requires several input parameters to produce the resulting hash. The work factor (or the iteration count) input parameter is used to make the calculation of the hash more costly for the attacker by slowing down the password cracking process. Let’s look at the input parameters required by PBKDF2.
key = PBKDF2(password, salt, iterations-count, hash-function, dkLen)- password - a secret phrase from which a derived key (hashed password) is generated
- salt - a random string of characters
- iterations-count - the number of iterations of the hashing algorithm that are performed for each password
- hash-function - the pseudorandom function (prf), e.g. HMAC-SHA-1
- dkLen - generated derived key bit length
When using PBKDF2, developers should carefully decide on the parameter values for the salt, iterations-count and pseudorandom function by considering both the security and performance expectations of your system.
References: