Score:1

if i enter a password that's incorrect but that collides with one when hashed, will it let me in?

cz flag

suppose no salt or pepper is used and passwords are hashed plain, will entering incorrect password that just hashes to the same let me in? i know that one use of salting/peppering techniques is to, aside from making brute force more time consuming, prevent one hash compromise all the users using same pass. but how does it work for preventing colliding passwords being used interchangeably? in other words, are these techniques the reason incorrect pass won't let you in or is it non-working anyway?

kelalaka avatar
in flag
It is not really collision, you found another pre-image for the current password's hash, which is just different than the current.
user2357 avatar
us flag
Normal the digest is much longer than the allowed passwords, that is mean that you are much more likely to hit the right password than to have a second pre-image
Score:4
si flag

Yes, it would, but (for any halfway decent Password Hashing Function) it's practically impossible to find such a collision.

Password Hashing Functions are Cryptographic Hash Functions with some extra properties.

Cryptographic hashing functions have a single input, and are collision, preimage, and second-preimage resistant.

Collision resistance means that it's infeasible to find any two different inputs that result in the same output. I.e. it's infeasible to find any pair of messages $m \neq m'$ such that $H(m)=H(m')$.

Preimage resistance means it's infeasible to find any input that hashes to a pre-specified output. I.e. given any output $y$, it's difficult to find a message $m$ such that $H(m)=y$.

Second-preimage resistance means it's infeasible to find any second input which has the same output as a specified input. I.e. given a message $m$, it's infeasible to find another message $m' \neq m$ such that $H(m)=H(m')$.

Password Hashing Functions have (at least) three inputs, the password, salt, and difficulty parameter(s). They might also have some sort of domain separation input if they're intended to be used as Key Derivation Functions. The difficulty parameter(s) let the programmer increase the computation power needed to run the function, which slows down some attacks. The salt ensures that different users with the same password will get different hashes, so an attacker who gains access to a database of hashes can't tell which users share a password. The salt also prevents a few more complex attacks, like the use of Rainbow Tables.

Password Hashing Functions still obey all the properties of Cryptographic Hash Functions, so it's infeasible to find a second-preimage of a given password, or even to find two passwords with the same hash.

kelalaka avatar
in flag
Collision is irrelevant in password hashing, the OP rather finds another pre-image for the password.
cn flag
Btw PBKDF2-HMAC-SHA256 does not meet your "halfway decent" criterion. But since collisions and even second pre-images are irrelevant, that's not a big deal practice.
Score:1
kz flag

Will it let you in? I suspect yes. As a software developer, I'm quite sure this has never happened, so the situation is untested, so it's not known. (As a software developer, you could modify the hash function so that it hashes anything containing the string "smith" to the number 0 and see what happens. )

But it's not going to happen. Say there are $2^{64}$ possible passwords and $2^{256}$ possible hashes. If you guess a password and it has the right hash, then the probability is $1 - 2^{-192}$ that you actually guessed the correct password.

Score:0
in flag

In simple terms, a password hashing algorithm $pH$ takes a salt $salt$ and entered password $pwd$ and calculates $h' = pH(salt,pwd)$ and check $h$ with the current stored password's hash $h$, $h \overset{?}{=} h'$.

will entering incorrect password that just hashes to the same let me in?

If you enter an arbitrary password, it may have a negligible change to have the same password hash with the salt. If this occurs this is valid and you can enter the system.

I will not call it an incorrect password, rather call another pre-image for the $h$. Apart from brute force (and rainbow tables where salt prevents this), this is the attack that needs to be performed by the attackers. This attack actually a pre-image attack;

  • Given a hash value $h$ find and input such $m$ that $h = hash(m)$. The generic cost of this attack is $\mathcal{O}(2^n)$ for $n$-bit hash functions (passord hashing or cryptographic hash functions)

The weakest point in password cracking is the human factor. Humans tend to have weak passwords and currently one of the good methods is the dicewire. Use dicewire to generate your password, or better use a password manager where they generate truly random passwords and you keep your password database with your strong password generated by the dicewire.

but how does it work for preventing colliding passwords being used interchangeably?

You can't prevent it, it exists by the pigeonhole principle. Rather the password hashing algorithm by design is secure against it, even you used simply MD5. MD5 is still secure against pre-image attacks, you will have ~128-bit pre-image resistance. Of course, one needs to use modern hashing algorithms, like Argon2.

in other words, are these techniques the reason incorrect pass won't let you in or is it non-working anyway?

This is how it works, it will always work. Keep in mind that, you will have a probability of $\dfrac{1}{2^{128}}$ for a random single password that matches your password's hash ( assuming 128-bit output). If the probability of an event is $\geq \dfrac{1}{2^{100}}$ we simply say that it-is-not-going-to-happen.

Even if you fear this, use two-factor authentication systems, and actually one should use it whenever possible.


A side note: finding a collision is irrelevant in password hashing in terms of collision attack where you only need to find two arbitrary inputs $a$ and $b$ such that $hash(a) = hash(b)$. In password hashing, the attacker has the hash and tries to find one that produces the same hash,

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.