Passwords are the keys to our online identities, and as a result, they’re also near the top of the target list for attackers. There have been countless breaches in the last few years in which unencrypted passwords have been stolen from a database and leaked online, and security experts often shake their heads at the lack of use of encryption or even hashing for passwords. Now, a group of cryptographers is sponsoring a competition to come up with a new password hash algorithm to help improve the state of the art.
Hashing algorithms are used to secure passwords by taking the plaintext password, passing it through the cryptographic hash algorithm, and then storing the resulting digest, rather than the plaintext password itself. That way, if attackers are able to compromise the database of passwords, what they get are the hashes and not the actual passwords.
However, the algorithms used to hash passwords in most cases are functions such as SHA-1 and MD5, which have known weaknesses that open them up to brute-force attacks. So if an attacker is able to access a database of hashed passwords, he may be able to crack them, given enough time and compute power. When these algorithms were designed years ago, the hardware needed to crack a hash produced by one of them was not commonly available. But now, powerful GPUs and FPGAs are widely available and can be used by an attacker to crack hashes relatively quickly.
Matthew Green, one of the panel that’s organizing the new Password Hashing Competition, said that the group is focusing its efforts on passwords because that’s where the biggest problem lies.
“Password hashing is important because it’s where we have a problem. NIST has given us some great standard hashing algorithms. The problem is that these hashes aren’t necessarily designed for the specific problem of password hashing — where you need something that’s fast enough to hash on a server at login time, but slow enough that a GPU can’t crack ten million of them,” Green said.
“We have a few functions for this purpose, but we don’t have a consistent recommendation to give implementers. NIST says to use PBKDF2, which is probably the most vulnerable to GPU cracking. We just learned that Twitter uses bcrypt — a nice algorithm, but designed 11 years ago when FPGAs and GPUs weren’t as common as they are today. Others recommend scrypt because it was explicitly designed to deal with these threats. Unfortunately that claim hasn’t really been reviewed by cryptographers.”
The National Institute of Standards and Technology (NIST) sets standards for cryptographic hash functions and encryption standards and the agency recently approved a new hash function, SHA-3, to replace the existing SHA family of algorithms. Green said that the PHC team has spoken with NIST about the new hashing competition and that the agency will paying attention to the competition.
“My hope is that this competition gives us one or two really solid algorithms to recommend, so folks don’t have to guess anymore. But I’ll be happy if it just gets cryptographers interested in the area. That kind of research all by itself will make us safer,” Green said.
“I would love to have this sponsored by NIST, but they’re full up with competitions right now. However, we’ve spoken to them about this and they’re following our progress. We’re pretty confident the results of the competition will impact future NIST recommendations.”
The panel of judges who will evaluate the hash submissions includes Jean-Philippe Aumasson of Kudelski Security, Green, of Johns Hopkins University, Marsh Ray of Microsoft, Jens Steube of the Hashcat Project, Meltem Sonmez Turan of NIST and Peter Gutmann of the University of Auckland, as well as many others. The details of the call for submissions and technical requirements are on the PHC site.