Hash Truncation #14
Replies: 1 comment 3 replies
-
|
I think this is a good idea and am down to implement it - any starting points for the truncation amount you would suggest? |
Beta Was this translation helpful? Give feedback.
-
|
I'm not a mathematician or cryptographer so I'll do the same thing I always do and write tests. I have tests running that are looking for how many bits of hash are necessary to remove massive amounts of legitimate words from triggering a match. Here is my test to determine a best guess at how many bits of hash to keep. |
Beta Was this translation helpful? Give feedback.
-
|
My testing is showing 50 bits of hash is the minimal I was able to use without false positives from 25,487,000 word tests. The way the test works is it uses an English word list of 25,487 words and runs through the words 1,000 times. For each iteration it uses a new random salt. |
Beta Was this translation helpful? Give feedback.
-
|
So it looks like 50 bits gets me past 25 million tests without a collision. 57 bits gets me past 250 million tests without a collision. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
What do you guys think about truncating the hash for reduced value to anyone obtaining the pbkdf2 hash? If you think this is valuable I don't mind submitting a patch.
The idea being that if you truncate the hash you make it much harder to brute force the hash without having tons of false positive passwords.
IE. Smaller just to save space
pbkdf2("password") = f1ca f3c0 67db 8563
vs
pbkdf2("password") = f1ca f3c0 .truncated.
Choose the truncation length so that it's plenty of data to make false positives from the user 1/1,000,000,000 but make a brute forcing attempt come up with 1,000,000,000 of possible valid passwords and modification to existing password cracking algorithms?
Thanks,
Shawn
Beta Was this translation helpful? Give feedback.
All reactions