Memory Intensive Secure Password Hashing
July 22, 2011
I’m working on a rewrite of my website and have been struggling with how to store passwords reasonably despite all the advances in password hacking that have come out in the past year. As a result of that I have been researching password strengthening systems such as bcrypt and scrypt. I like the rationale behind both of them but don’t like that they each use non standardised components. So I propose the following for password hashing:
- Generate a 512-bit random string.
- Generate a SHA-512 HMAC using the password as input and the random string as the salt.
- Store the output of the HMAC
- reHMAC the password and the last output X times (I recommend 100,000).
- Each time you HMAC the output again, store it in an array.
- Once you hit the limit take the array of outputs and HMAC them iterating through the array backwards.
This requires all the memory that scrypt suggests without using another random number generator. Also it uses a standardised hash algorithm with a large amount of internal state. Thoughts?
