Would you like pepper on that hash?
Understanding salts and peppers--and how they help protect your credentials

Would You Like Pepper on That Hash?
April 9, 2019 Admin
What is a pepper?

To laymen, the strange lexicon surrounding password security only makes the topic less approachable. What is a salt? What is a hash? And better yet, what is a salted hash?

You may have read in news reports of some of the largest data breaches that some breached passwords were hashed, while others were, unfortunately, stored in plaintext. From the victim’s perspective, it’s better to experience the former. Hashed passwords have essentially been converted into sets of cryptographic hashes, which, to humans, are long strings of scrambled characters that look nothing like the original password.

For example, the word “password”, encrypted in 20 different hashing algorithms, is shown below:

MD5: 5F4DCC3B5AA765D61D8327DEB882CF99
SHA-1: 5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8
SHA-256: 5E884898DA28047151D0E56F8DC6292773603D0D6AABBDD62A11EF721D1542D8
SHA512: B109F3BBBC244EB82441917ED06D618B9008DD09B3BEFD1B5E07394C706A8BB980B1D7785E5976EC049B46DF5F1326AF5A2EA6D103FD07C95385FFAB0CACBC86
Bcrypt: $2y$12$UHeb3N0EVPO/3gJ7bHuIfOtndJm1niFJxS3Ys0ODdiks.eGc6/xPW
Scrypt: f87d3cc032ff13dd4edccc776c76283fb2eaa2a4c8f87f013c637cba0703c85f45ae699a72d83e2f0557dbea831b80beb387f12a5ee7534678ad5ab6cabfccf3
Argon2: $argon2i$v=19$m=1024,t=2,p=2$MWhRbVVhbVpMVVFhLld2RQ$paNq3vdIAUGckpPPKBEsaGkIWe98Hkem3M9KOitt3C4

There is a mathematical method to this scrambling, encrypting the plaintext password into the hashed form. And although these operations are easy to perform, they are difficult to reserve, or “crack.” Cracking an encrypted password can take years (and ample supercomputing power) to decipher. By storing passwords this way in user credential databases, companies can more effectively secure your information should they experience a data breach. When you log in to a website, your hashed password is checked against the same hash as it was originally encrypted. The actual password doesn’t need to be stored and is, therefore, less vulnerable.
Not all hashes are the same. The industry standard is to use hashing algorithms such as PBKDF2, scrypt and bcrypt, which are generally regarded as more secure. Other earlier hashing algorithms, such as MD5 and SHA-1, are now avoided due to revelations that they are more easily cracked. In 2012, 177 million LinkedIn accounts were breached and listed for sale on dark markets, even though they were hashed using SHA-1. They were even used to log into Mark Zuckerberg’s personal Twitter and Pinterest accounts.

What is a Salt?

If you’ve spent any time in or around the security community, you’ve probably heard of the term “salted hash.” But what does that mean?

The reason that salts exist has partially to do with human nature. It’s no mistake that dictionary attacks work. Preconceived lists of commonly used passwords or even thousands or millions of possible passwords, such as the words in a dictionary, can be used in password cracking to help find a match. As such, it’s appropriate to store hashed passwords so they cannot be easily cracked using something like a rainbow table attack, which makes use of a table of commonly-used hashes to crack passwords stored within a breached database. To prevent this, random strings of data, called “salts”, are appended to passwords before they are hashed and stored in a database. In doing so, rainbow table attacks are rendered useless.

Salt values, when hashed, compute to different hash values, yielding little to no commonalities between two users, even if they share the same password. Salts, however, do not make password theft impossible. Salt re-use can result in credential theft if a programmer responsible for designing a database uses the same salt to store each password. In this case, users who have the same password will also have the same hash. Salts that are too short may allow rainbow table attacks to occur if the table contains every possible salt that could have been appended to every password.

What is a Pepper?

Like a salt, a “pepper” is also a random string of data that is appended to a password before hashing. However, unlike a salt, peppers are kept secret. They are typically stored separately from the user information or stored in a site’s source code. Salts, however, may be stored alongside the password in the same database. In addition, while a salt must be long enough to be unique, a pepper must be at least 112 bits long in order to be considered secure, according to NIST. In its new guidelines for 2017, NIST recommended using a “secret input”, such as a pepper, when storing passwords rather than using salts alone. The pepper should also be regenerated for each unique application because a breach of one application could mean a breach of all of them. By including a pepper in a hash, passwords cannot be cracked as long as the pepper cannot be known or guessed by an attacker. Even if the criminal does, he or she still has to crack the hashes. Peppers also present another layer of defense in cases where an attacker gains access to an encryption key.

When deciding how to store your passwords, the 2017 NIST guidelines are a good bet. Eschewing deprecated hashing algorithms such as MD5 and SHA-1 for more secure choices like PBKDF2 are essential. And if you have the chance, you may want to put some pepper on that hash.