Would re-salting passwords regularly in- decrease security

0 votes
I've been wondering about the impact of periodically changing the salt for stored passwords. If I were to re-salt and re-hash passwords at regular intervals, would this increase security, or could it introduce new risks?

For example, would re-salting improve protection against database leaks by making stolen hashes useless over time? Or could this break authentication systems that rely on password comparisons? I’d appreciate insights into whether re-salting is a recommended practice.
Feb 6 in Cyber Security & Ethical Hacking by Anupam
• 18,960 points
321 views

1 answer to this question.

0 votes

Regularly re-salting and re-hashing stored passwords—changing the salt and computing a new hash for the same password—does not significantly enhance security and may introduce unnecessary complexity.

Understanding Salting and Its Purpose

Salting involves adding a unique, random string (the salt) to a password before hashing it. This ensures that even if two users have the same password, their hashed values differ due to distinct salts. Salting primarily serves to:

  • Prevent Rainbow Table Attacks: Attackers use precomputed tables of hash values to crack passwords. Unique salts make these tables ineffective, as each password hash becomes unique.

  • Ensure Unique Hashes: Identical passwords result in different hashes, preventing attackers from identifying common passwords in a database.

Evaluating the Practice of Re-Salting

Once a password is salted and hashed securely, re-salting it periodically offers minimal security benefits:

  • Limited Impact on Security: If an attacker gains access to the hashed passwords, having multiple hashes of the same password with different salts doesn't significantly increase security. The attacker can still attempt to crack each hash individually.

  • Unchanged Attack Complexity: Re-salting doesn't increase the computational effort required for an attacker to crack a single password hash. The primary defense remains the strength of the hashing algorithm and the complexity of the password itself.

Potential Risks and Considerations

Introducing regular re-salting can lead to:

  • System Complexity: Implementing periodic re-salting adds complexity to the authentication system, increasing the potential for errors.

  • Consistency Issues: Ensuring that password hashes remain consistent across distributed systems or during synchronization processes becomes more challenging with frequent re-salting.

Recommended Best Practices

Instead of focusing on re-salting, consider the following practices to enhance password security:

  • Use Strong Hashing Algorithms: Employ algorithms like bcrypt, scrypt, or Argon2, which are designed to be computationally intensive, thereby slowing down brute-force attacks.

  • Implement Unique Salts: Generate a unique, random salt for each password when it's first created or changed.

  • Encourage Strong Passwords: Promote the use of complex and lengthy passwords among users to increase resistance against attacks.

  • Monitor and Update Hashing Strategies: Stay informed about advancements in cryptography and update your hashing methods as needed to address emerging threats.

answered Feb 10 by CaLLmeDaDDY
• 31,260 points

Related Questions In Cyber Security & Ethical Hacking

0 votes
0 answers
0 votes
0 answers
0 votes
0 answers

What is vulnerability in cyber security?

Dec 10, 2021 in Cyber Security & Ethical Hacking by Aditi
• 300 points
1,250 views
+1 vote
1 answer

How do you decrypt a ROT13 encryption on the terminal itself?

Yes, it's possible to decrypt a ROT13 ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 31,260 points
3,338 views
+1 vote
1 answer

How does the LIMIT clause in SQL queries lead to injection attacks?

The LIMIT clause in SQL can indeed ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 31,260 points
1,187 views
+1 vote
1 answer

Is it safe to use string concatenation for dynamic SQL queries in Python with psycopg2?

The use of string concatenation while building ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 31,260 points
1,039 views
+1 vote
1 answer

How can I use Python for web scraping to gather information during reconnaissance?

Python is considered to be an excellent ...READ MORE

answered Oct 17, 2024 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 31,260 points
1,090 views
0 votes
0 answers

What’s the risk of weak passwords in network security?

Weak passwords are a major security vulnerability, ...READ MORE

Mar 3 in Cyber Security & Ethical Hacking by Anupam
• 18,960 points
455 views
0 votes
0 answers

What should be in my resume to get a job in cyber security?

What should be in my resume to ...READ MORE

Oct 14, 2024 in Cyber Security & Ethical Hacking by Anupam
• 18,960 points
567 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP