https://wiki.visual-prolog.com/index.php?action=history&feed=atom&title=Password_HashingPassword Hashing - Revision history2026-04-11T20:28:39ZRevision history for this page on the wikiMediaWiki 1.37.1https://wiki.visual-prolog.com/index.php?title=Password_Hashing&diff=4607&oldid=prevThomas Linder Puls: release2019-03-12T16:13:53Z<p>release</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 18:13, 12 March 2019</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">{{Template:NonReleased}}</del></div></td><td colspan="2" class="diff-side-added"></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2" class="diff-side-added"></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The basic problem is that user have a password, which the "system" must be able to validate, but which should be kept secret for '''''everybody''''' else.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The basic problem is that user have a password, which the "system" must be able to validate, but which should be kept secret for '''''everybody''''' else.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
</table>Thomas Linder Pulshttps://wiki.visual-prolog.com/index.php?title=Password_Hashing&diff=4552&oldid=prevThomas Linder Puls: initial version2019-02-13T13:08:30Z<p>initial version</p>
<p><b>New page</b></p><div>{{Template:NonReleased}}<br />
<br />
The basic problem is that user have a password, which the "system" must be able to validate, but which should be kept secret for '''''everybody''''' else.<br />
<br />
=== Password Hash ===<br />
<br />
The idea is to create a ''cryptographic hash'' of the password and save that in the "user dictionary".<br />
<br />
<vip><br />
class predicates<br />
password_hash : (string Password) -> string Hash.<br />
clauses<br />
password_hash(Password) = cryptography::<someSuitableHashFunction>(Password).<br />
</vip><br />
<br />
To validate the password you hash again and compare the new hash to the stored hash:<br />
<br />
<vip><br />
class predicates<br />
password_validate (string Password, string Hash) determ.<br />
clauses<br />
password_validate(Password, Hash) :-<br />
Hash = password_hash(PassWord).<br />
</vip><br />
<br />
A ''cryptographic hash'' is a hash with the property that it is "hard" to come from the hash value back to the password or to find something else that gives the same hash value.<br />
<br />
=== Rainbow table ===<br />
<br />
However, this approach has the problem that you can create a so called [[wikipedia:Rainbow table|rainbow table]]: you take a huge amount of ''frequently used passwords'' and hash them with <vp>someSuitableHashFunction</vp> and then it is easy to come backwards for those frequently used passwords.<br />
<br />
=== Salt ===<br />
<br />
To avoid this you can make sure that the users password is not ''frequently use''. That is done by applying ''salt'' to the users passwords.<br />
<br />
If the users password is <vp>"horse"</vp> then you actually hash <vp>"<salt>horse"</vp>, where <salt> is something strange, e.g. <vp>"Qa12#5ASGhorse"</vp> (this is the idea behind salting; in practice it is done in a slightly different way).<br />
<br />
<vip><br />
class predicates<br />
password_hash : (string Password, string Salt) -> string Hash.<br />
clauses<br />
password_hash(Password, Salt) = cryptography::<someSuitableHashFunction>(Hash, Salt).<br />
</vip><br />
<br />
the same <vp>Salt</vp> should be used when validating the password:<br />
<br />
<vip><br />
class predicates<br />
password_validate (string Password, string Salt, string Hash) determ.<br />
clauses<br />
password_validate(Password, Salt, Hash) :-<br />
Hash = password_hash(PassWord, Salt).<br />
</vip><br />
<br />
In principle you can use the same salt each time, but if a hacker gets knowledge about the salt she can make a new rainbow table with that salt, and then we are back to square one.<br />
<br />
Subsequently, it is recommended to use a new long random salt '''each''' time. This salt does however not need to be kept secret, but can be saved in the user dictionary <br />
together with the password hash. <br />
<br />
Here the combination of hash and salt is called a <vp>hashToken</vp>:<br />
<br />
<vip><br />
domains<br />
hashToken = hashToken(string Salt, string Hash).<br />
<br />
class predicates<br />
password_hash : (string Password) -> hashToken HashToken.<br />
clauses<br />
password_hash(Password) = hashToken{Salt, Hash} :-<br />
Salt = generateRandomSalt(),<br />
cryptography::<someSuitableHashFunction>(Hash, Salt).<br />
<br />
class predicates<br />
password_validate (string Password, hashToken HashToken) determ.<br />
clauses<br />
password_validate(Password, hashToken(Salt, Hash)) :-<br />
Hash = cryptography::<someSuitableHashFunction>(PassWord, Salt).<br />
</vip><br />
<br />
=== Algorithm ===<br />
<br />
The last issue is the choice of <vp>someSuitableHashFunction</vp>. As already mentioned it must be difficult to come from hash to password. A consequence of this is (somewhat oddly) that it must take '''''long time''''' to calculate the hash of a password. Because if it is fast then it is also fast to create rainbow tables and the like. Notice however that the calculation must take long time for the hacker; it does not help that you have a hopeless implementation, if the hacker has a good implementation.<br />
<br />
A problem in that context is that what is a suitably slow algorithm today may be too fast in some years.<br />
<br />
As a consequence of this and probably also for many other reasons you will have to expect that you will have to change or adjust the algorithm as time passes.<br />
<br />
Currently, various places on the net state that '''PBKDF2+SHA1+10.000''' is a good choice.<br />
<br />
'''[[wikipedia:PBKDF2|PBKDF2]]''' is an algorithm that takes another algorithm hash <vp>H</vp> argument and makes <vp>N</vp> iterations using <vp>H</vp> in some way.<br />
<br />
'''PBKDF2+SHA1+10.000''' means that <vp>H</vp> is the hash algorithm '''SHA1''' that <vp>N</vp> is '''10.000''' (i.e. that the algorithm makes 10.000 iterations).<br />
<br />
The number 10.000 is assumed to be increased as computers becomes faster.<br />
<br />
All in all, we '''''must''''' expect that we will have to adjust the algorithm as time goes by.<br />
<br />
=== Solution ===<br />
<br />
[https://jwt.io/ JWT (JSON Web Tokens)] does not deal with this problem, but we have used some of the ideas in this context.<br />
<br />
A '''''Hash Token''''' consists of three components:<br />
<br />
# A description of the algorithm and its parameters<br />
# the salt<br />
# the hash<br />
<br />
Like in JWT the algorithm and its parameters are described as a JSON object:<br />
<br />
{ "alg" : "PBKDF2", "hash" : "SHA1", "p2c" : 10000 }<br />
<br />
The three components are [[wikipedia:Base64#URL applications|Base64 for URL]] encoded and combined with ".".<br />
<br />
So a <vp>HashToken</vp> will look like this (the token does not have any line shifts, they are just inserted here for readability):<br />
<br />
eyJhbGciOiJQQktERjIiLCJoYXNoIjoiU0hBMjU2IiwicDJjIjoxMDAwMH0<br />
.1xVFoIMO9C-u3O81CYoUxkV3KB_vAxUmMvrvTG9hHaM<br />
.v9cZjPwtji27vjeCFj8SLwzkqWUDe9OmT9YC3sLOMps<br />
<br />
# '''eyJhbGciOiJQQktERjIiLCJoYXNoIjoiU0hBMjU2IiwicDJjIjoxMDAwMH0''' is the JSON object that describes the algorithm and its arguments (utf8 + base64 URL encoded)<br />
# '''1xVFoIMO9C-u3O81CYoUxkV3KB_vAxUmMvrvTG9hHaM''' is the salt (base64 URL encoded)<br />
# '''v9cZjPwtji27vjeCFj8SLwzkqWUDe9OmT9YC3sLOMps''' is the hash (base64 URL encoded)<br />
<br />
The key point is that a <vp>HashToken</vp> contains all the information that is necessary to validate a password, even though you use different algorithms, parameters and random salt.<br />
<br />
So a single predicate can validate passwords, even when algorithms and parameters changes, and different algorithms/parameters can also be mixed in a single user dictionary.<br />
<br />
<vip><br />
predicates<br />
password_validate : (string Password, string HashToken) determ.<br />
</vip><br />
<br />
For now PFC supports PBKDF2 and main algorithm:<br />
<br />
<vip><br />
predicates<br />
password_pbkdf2 : (string Password, integer64 IterationCount = 10000, string HashAlgId = bcrypt_sha256_algorithm) <br />
-> string HashToken.<br />
</vip><br />
<br />
The actual hashing is performed by the default cryptography provider on the computer, and it has been validated that SHA1, SHA256, SHA384 and SHA512 can be used as hash algorithm.<br />
<br />
=== Example ===<br />
<br />
This little example:<br />
<br />
<vip><br />
implement main<br />
open core, stdio, bCrypt_native<br />
<br />
clauses<br />
run() :-<br />
Password = "MySweetLittlePony",<br />
FalsePassword = "MySweetLittleCat",<br />
foreach HashAlgId in [bcrypt_sha1_algorithm, bcrypt_sha256_algorithm] do<br />
writef("HashAlgId = %\n", HashAlgId),<br />
test(Password, FalsePassword, HashAlgId),<br />
test(Password, FalsePassword, HashAlgId)<br />
end foreach.<br />
<br />
class predicates<br />
test : (string Password, string FalsePassword, string HashAlgId).<br />
clauses<br />
test(Password, FalsePassword, HashAlgId) :-<br />
HashToken = cryptography::password_pbkdf2(Password, :HashAlgId = HashAlgId),<br />
writef("%\n", HashToken),<br />
validate(Password, HashToken),<br />
validate(FalsePassword, HashToken),<br />
nl.<br />
<br />
class predicates<br />
validate : (string Password, string HashToken).<br />
clauses<br />
validate(Password, HashToken) :-<br />
Valid = if cryptography::password_validate(Password, HashToken) then "valid" else "invalid" end if,<br />
writef("% is %\n", Password, Valid).<br />
<br />
end implement main<br />
</vip><br />
<br />
will produce output like this:<br />
<br />
<pre><br />
HashAlgId = SHA1<br />
eyJhbGciOiJQQktERjIiLCJoYXNoIjoiU0hBMSIsInAyYyI6MTAwMDB9.AquRQqikdFLq3S70WbREu5MAqZY.KEbkIURoD_qiylq-TzH013RuW9U<br />
MySweetLittlePony is valid<br />
MySweetLittleCat is invalid<br />
<br />
eyJhbGciOiJQQktERjIiLCJoYXNoIjoiU0hBMSIsInAyYyI6MTAwMDB9._uLmvdiJWJXfoz15NTicjf4MjLU.7PeEqE9j6k9RF4bmLlLmFxjGaPE<br />
MySweetLittlePony is valid<br />
MySweetLittleCat is invalid<br />
<br />
HashAlgId = SHA256<br />
eyJhbGciOiJQQktERjIiLCJoYXNoIjoiU0hBMjU2IiwicDJjIjoxMDAwMH0.9qs1jevgKywfXnaxW6rjlrgU1jTNQv8Kf5uAT0bWvzI.fGL9de1MaOImZDnDVSQk7eI0ORajAiDTwKBAt8pbHto<br />
MySweetLittlePony is valid<br />
MySweetLittleCat is invalid<br />
<br />
eyJhbGciOiJQQktERjIiLCJoYXNoIjoiU0hBMjU2IiwicDJjIjoxMDAwMH0.skxJNq9rEWdCL88WATlHCMGs6aj4RXucLL0phLv6zNs.hG4xObaK4RnxrF6QX1_dABndhcnel4AuKEp32lqIvg4<br />
MySweetLittlePony is valid<br />
MySweetLittleCat is invalid<br />
</pre><br />
<br />
The output is only "like" this because a random salt is generated each time <vp>password_pbkdf2</vp> is called.<br />
<br />
The first part is the same when the algorithm (and parameters) is the same, and the length of the salt and the hash depends on the chosen algorithm.<br />
<br />
[[Category:Tutorials|{{PAGENAME}}]]</div>Thomas Linder Puls