Is salting passwords with base 64 secure?

Question

In a web application I am reading some bytes from /dev/urandom to get a random salt for hashing the passwords.

Is it good to base64 the salt before hashing? Because base64 encoding sometimes appends some = at the end, which could then result in a known plaintext attack. But it may be no problem, because the salt is nevertheless stored in db, or am I wrong?

Does this have an effect on the security of the application?

Answer 1

For the most part, probably not. Your salt has to be known in order to decrypt the password, so we can assume that any attacker will be able to gain both the hashed password and the salt used. All that your salt is now protecting against is rainbow table-based attacks and increasing the amount of work (since each plaintext now needs to be hashed n times instead of once to compare against n passwords).

As long as your salt is of a reasonable length, you're probably fine.

Answer 2

It depends on the used hash algorithm, which alphabet of characters is accepted as salt. BCrypt for example will accept following characters, which is nearly but not exactly the same as a base64 encoded text: ./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz.

A known plain text attack is no problem here, since we do not encrypt anything, especially not the salt.

Answer 3

No it's not secure.

You shouldn't use any hash function for user passwords. Instead you should use a password-based key derivation function such as PBKDF2 or scrypt with an appropriate number of iterations so as to slow down hashing, which mitigates the risk of bruteforce attacks.

What's the difference between a Key Derivation Function and a Password-Hash?

If you are using PHP for your web application:

Do I need base64 encode my salt (for hashing passwords)?

Secure hash and salt for PHP passwords

Answer 4

The purpose of a salt is to make sure that each password is stored differently. i.e. so if two people use the same password, the storage of the two passwords is not identical. This protects against rainbow and hashtable attacks if an attacker manages to extract the password table data.

Although there is no reason to Base64 it - the hash should be a sequence of bytes rather than ASCII text - this should not affect the security of your hashed passwords. Yes, there are limited byte sequences that will be used (just ones that represent valid ASCII characters), however your hash will be longer and it is representing the same range of possible values.