Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

Doesn't storing H(P') weaken the security of the safe?

2013-08-09
2013-08-09
  • Rich Gautier
    Rich Gautier
    2013-08-09

    Why is it necessary to store the SHA256 of the stretched key? Shouldn't storage of just the salt value be adequate to reproduce the key? By providing the hash of the generated key, don't you provide a mechanism to search the keyspace? While it'd be faster for an attacker to search the plaintext for ('http') than do a SHA-256 of their guess to verify - why provide it at all?

     
  • Rony Shapiro
    Rony Shapiro
    2013-08-09

    The purpose of H(P') is to verify that the user has entered the correct password. The security of this relies on H (SHA256 in this case) being a one-way function, that is, given H(P'), it's computationally infeasible to derive P'. You're right in that the attacker can theoretically search the keyspace by brute-force, but a space of 2^256 is still considered large enough to be safe.