Re: Simple technique to increase cypher strength
I am not certain if we are talking about the same thing. I took a look at some of Dan's articles and tried to find 'anti-salt' techniques. The only reference I could find spoke of attacking the salt by brute force and they only used 4 and 5 byte salts. In an earlier post on this article I mention *megabyte* key values and that includes salts as well. It is true that weak salts are weak, just as weak passwords are weak. However, that does not speak to the strength of strong passwords and competent salts and related techniques.
What you refer to leads to something that points to the value of the technique I describe. A current variant of hashcat is able to brute force ~2^33 hashes per second on a modern HD7970 GPU. To reduce that effectively to two per second, you add 32 random bits prior to hashing. The addition of 6 6 bit characters will require an additional 2^36 guesses to get a password.
You could use the base64 characters: b64[]="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/". Any random function to choose a character from the above will do. Choose six random characters such as:
13 47 22 60 36 20 = N v W 8 k U
Add the above to your password and even a fairly large cracking setup will take some time just to crack an unsalted md5 hash of a password.
Client enters a password into your system, say 'password123'. Your server system generates a random addition as per the above, say 'NvW8kU' and adds it to the password. The password becomes 'NvW8kUpassword123' and that is what you hash. In the case of md5, md5('NvW8kUpassword123')=8f4bb28e2d7e5df5e1b971fbce3007cc. When the client enters in their password ('password123'), the server guesses, like any attacker would have to guess, the first six characters to match against the stored hash.
In practice, the above would also be coupled with a random salt. Here is a common password that is already found in the rainbow tables at http://crackstation.net/, but salted with a 128 bit salt:
82730f07b0953fc7555f15bca138f0c6
Even though the above is an md5 hash of a known password, it is not likely to be guessed any time soon without the salt.
Here is a vanilla md5 hash of a strong password formed only from letters and numbers:
d4fffc0f9b56cf324e13534c73228e06
It is a ten character password, plus the additional six characters as described above. Here is, according to the protocol above, the first six characters of that password: tTQGVj. It would take the computation of approximately 2^59 trials to get the balance of the password from that hash, even though there are only 24 bits of password left.
The perception that passwords are in danger is a real one. If sites store passwords as vanilla hashes and allow weak passwords then stealing the file of hashes is equivalent to stealing the passwords. Once passwords are in your possession, any that are common to other systems are thereby compromised. My technique will increase the security of your hash file, but it cannot protect against passwords that are already compromised.
To be honest, as a user I am not fond of systems with stringent password requirements. However, in the absence of additional tokens for security, the only way to ensure security of your system is to enforce a password policy that makes it difficult to use insecure passwords.
Suggestions: Enforce long passwords > 16 characters. Arbitrarily disallow a random half of the character set. Disallow anything similar to a dictionary word (dictionary word being any known string). This will not protect you against a person re-using their password from your site on another site with less security, but it will protect you against someone reusing a password from a weak site on your site.