SV.HASH.NO_SALT

Use of a one-way cryptographic hash without a salt

This error is reported when a one-way cryptographic hash function is applied to a single piece of input data without salt being added.

Vulnerability and risk

If software stores one-way cryptographic hashes calculated for user passwords, appending or prepending a unique salt to each password is recommended; so if two users have the same password, the hashes will be different.

If an attacker gains access to the hashes, the lack of a salt makes it easier to guess multiple user passwords.

Vulnerable code example

Copy
  /*
   * Adds a new user; stores login and password hash.
   */
   public void addUser(String login, byte[] password) {
     try {   
        MessageDigest md = MessageDigest.getInstance("MD5");           
        
                    
                    
                    
                    
                    
                    
                    
                    
                    md.update(password); // < -- calculate hash for the password
                    
                    
                    
                    
                    
                    
                    
                    
                    
        byte[] hash = md.digest();
        storeHashString(login, Hex.encodeHexString(hash));
    } catch (NoSuchAlgorithmException e) { 
       throw new IllegalStateException(e)
    }
  }    

  /*
   * Validates user login information. Returns true if user exists, and
     entered password hash matches stored password hash;
   * otherwise returns false.     
   */
   public boolean login(String login, byte[] password) {
     try {
        String storedHash = readHashString(login);
        if (storedHash != null) {
            MessageDigest md = MessageDigest.getInstance("MD5");
            
                    
                    
                    
                    
                    
                    
                    
                    
                    md.update(password); // < -- calculate hash for the password
                    
                    
                    
                    
                    
                    
                    
                    
                    
            byte[] hash = md.digest();
            return MessageDigest.isEqual(hash, Hex.decodeHex(storedHash.toCharArray()));
          } else {
             return false;
          }
        } catch (NoSuchAlgorithmException | DecoderException e) {
           throw new IllegalStateException(e);
        }
      }
 
 . . .

        hashManager.addUser("Alice", "changeit".getBytes());
        hashManager.addUser("Bob", "changeit".getBytes());

In this example, both users – “Alice” and “Bob” have password “changeit”; and both stored hashes are “b91cd1a54781790beaa2baf741fa6789”. Then, if an attacker steals the password hashes table, he can easily reverse “b91cd1a54781790beaa2baf741fa6789” to “changeit” using a dictionary.

Fixed code example

Copy
 /*
  * Adds a new user; stores login and "salt:hash".
  */
  public void addUser(String login, byte[] password) {
   try {
     byte[] salt = new byte[16];
     secureRandom.nextBytes(salt);
     MessageDigest md = MessageDigest.getInstance("MD5");
     
                    
                    
                    
                    
                    
                    
                    
                    
                    md.update(salt); // use random salt
                    
                    
                    
                    
                    
                    
                    
                    
                    
    
                    
                    
                    
                    
                    
                    
                    
                    
                    md.update(password); // and password
                    
                    
                    
                    
                    
                    
                    
                    
                    
    byte[] hash = md.digest();
    storeHashString(login, Hex.encodeHexString(salt) + ":" + Hex.encodeHexString(hash));
  } catch (NoSuchAlgorithmException e) {
     throw new IllegalStateException(e);
  }
 }

 /*
  * Validates user login information. Returns true if user exists, and
    entered password matches stored "salt:hash"; otherwise returns false.
  */
  public boolean login(String login, byte[] password) {
    try {
      String storedSaltAndHash = readHashString(login);
      if (storedSaltAndHash != null) {
          String[] saltAndHash = storedSaltAndHash.split(":");
          if (saltAndHash.length != 2) {
              throw new IllegalStateException("Expected salt:hash string");
          }
          MessageDigest md = MessageDigest.getInstance("MD5");
          
                    
                    
                    
                    
                    
                    
                    
                    
                    md.update(Hex.decodeHex(saltAndHash[0].toCharArray())); // use stored salt
                    
                    
                    
                    
                    
                    
                    
                    
                                   
          
                    
                    
                    
                    
                    
                    
                    
                    
                    md.update(password);
                    
                    
                    
                    
                    
                    
                    
                    
                    
          byte[] hash = md.digest();
          return MessageDigest.isEqual(hash, Hex.decodeHex(saltAndHash[1].toCharArray()));
       } else {
         return false;
       }
     } catch (NoSuchAlgorithmException | DecoderException e) {
        throw new IllegalStateException(e);
     }
   } 

 . . .

  hashManager.addUser("Alice", "changeit".getBytes());
  hashManager.addUser("Bob", "changeit".getBytes());
In this example, the password hash records for Alice and Bob are randomized. It can look like this:
Alice -> 03c016ca60ee8c53aa8f24301a08ec27:de88b6fc874d83eb30aa9020f431bde3 
Bob -> e2eafef8be75cd58b7ed598ddb37e128:4bc3b11a2bf5854b66543f8ba9ffa2c6

Related checkers

Security training

Application security training materials provided by Secure Code Warrior.