Here is the text of the NIST sp800-63b Digital Identity Guidelines.

  • orclev@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    3 months ago

    A KDF is not reversible so it’s not encryption (a bad one can be brute forced or have a collision, but that’s different from decrypting it even if the outcome is effectively the same). As long as you’re salting (and ideally peppering) your passwords and the iteration count is sufficiently high, any sufficiently long password will be effectively unrecoverable via any known means (barring a flaw being found in the KDF).

    The defining characteristic that separates hashing from encryption is that for hashing there is no inverse function that can take the output and one or more extra parameters (secrets, salts, etc.) and produce the original input, unlike with encryption.

    • frezik
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      3 months ago

      OK. How do you reconcile that with “Hashing passwords isn’t even the best practice at this point”? Key derivation functions are certainly the recommended approach these days. If they are hashes, then your earlier post is wrong, and if they aren’t hashes, then your next post was wrong.

      • orclev@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 months ago

        The rest of that sentence is important. Hashing passwords is the minimum practice, not best practice. You should always be at least hashing passwords. Best practice would be salting and peppering them as well as picking a strong hashing function with as high a number of iterations as you can support. You would then pair that with 2FA (not SMS based), and a minimum password length of 16 with no maximum length.