TheMaster, on 22 May 2012 - 01:03 AM, said:
wouldn't hashing it 100,000 times be more secure than once?
No, it would just take a marginally longer time to calculate the password. Common hash functions like SHA1 and MD5 are ridiculously fast for any modern computer to calculate. Security comes not from how long it takes for someone to brute force a password, but rather how unlikely it would be that they would randomly guess it. If you feed a hash back into a hash, you still get another hash of the same length with the same amount of entropy. Hash functions work by taking any size input and turning it into a very very highly likely unique set of bits with a fixed length (usually 128 or 160 depending on the algorithm). However, because the number of hashes an algorithm can produce is finite, it is mathematically possible (but extremely unlikely) for two passwords to produce the same hash. By running the hash algorithm multiple times, you effectively reduce the number of "possible hashes" that the algorithm can use for hashes, and that makes collisions exponentially more likely, which is bad bad BAD for password hashing.
Daniel15, on 21 May 2012 - 05:56 PM, said:
In the end, if it were more secure for the algorithm to be ran multiple times, it'd already be doing that.
This. SHA1 and MD5 are secure because of the immense amount of possible hashes they can produce. By running them multiple times, you're reducing their security (by slightly decreasing the entropy) in exchange for a few more microseconds of calculation.
Let me illustrate this with an example. Let's say that a password-obfuscating algorithm does this by counting the number of vowels, then the number of consonants and storing it as a concatenated string and fitting a bunch of zeros to make it a fixed-length. "Iamyourcatoverlord" corresponds to "00000710". Now a computer that wants to reverse this algorithm is going to have a difficult time because the output string "00000710" could be interpreted as 71 vowels, 0 consonants OR 7 vowels and 10 consonants. For each situation, they have to iterate through the 21 possible consonants and 5 possible vowels (I did not count y in this case). This algorithm's security comes from making it difficult to guess a password that would produce the same hash that the original password produces.
What a cracker could do, however, is reverse the algorithm and try every possible combination of letters and vowels that fit with either 71 vowels, 0 consonants or 7 vowels and 10 consonants. Considering you can get any computer that can calculate 10 GigaFLOPS (that is, 10 billion floating-point operations in a second) for relatively cheap, any password protected by this algorithm would be guessed practically instantly. The major drawback is that passwords like "cat" and "dog" produce the same hash: "00000021". That means that a cracker can guess the word "dog", even though the user normally enters "cat", and the server will hash both passwords to mean the same "0000021", and "dog" will give the cracker access.
MD5, which is often mistaken to be insecure for passwords, produces a 128-bit hash value. That means that there are 2^128 or 3.40 × 10^38 possible hashes that can be produced by MD5. At an average speed of 10 GFLOPS, a desktop PC would take 3.40 × 10^28 seconds or 1.08 × 10^21 years to go through every possible hash! Now that's an average desktop PC
. More than likely, your cracker will be using some sort of distributed system to achieve more FLOPS, or much more powerful hardware. It's still going to take them a long time, especially if you salt the password first. Every time you run MD5 more than once, you reduce the number of possible hashes that can be produced while only marginally increasing how long it takes for the computer to calculate it. Considering that MD5 takes only around 624 operations to calculate, you'd have to run it 16,025,641 times to make it take a second longer
for a cracker to calculate a password for a hash, while giving them exponentially more passwords that could possibly produce the same stored hash value. This is why running secure hash algorithms more than once is generally frowned upon by security experts.
Edit: I can spell "overlord".