Not a typo, but a suggestion. Feel free to direct me elsewhere if this is not the proper channel.
The Authentication chapter of the Security section states:
That’s what modern systems should do with password hashing: use a cryptographic hash that has been thoroughly studied and has no known flaws. At any given time, which cryptographic hashing algorithms meet those requirements may vary. At the time of this writing, SHA-3 [B+09] is the US standard for cryptographic hash algorithms, and is a good choice.
I believe this should be corrected to recommend using a password hashing algorithm, not just any cryptographic hashing algorithm as-is. That is, an algorithm that involves key stretching, specifically designed for securing passwords (or any other a low-entropy secret) against brute force attacks. Such password hashing algorithms include Argon2id, scrypt, bcrypt, and PBKDF2, with Argon2id being a good recommendation at the time of this writing.
The issue with using a cryptographic hashing algorithm such as SHA-3 without the use of multiple iterations or as part of some other key stretching technique, is that it is computationally efficient, relatively speaking. The algorithm used to hash a password should be slow and/or memory-intensive, thereby decreasing the feasibility of brute-force attacks. Of course, a balance must be struck with respect to the computational cost of the hash such that the performance impact is acceptable to a legitimate user logging in, while still preventing a malicious user from mounting an efficient brute-force attack. All of the above mentioned password hashing algorithms support configuring the computational cost of the hash in some manner, allowing one to fine-tune this trade-off and stay ahead of hardware improvements over time.
Each of the above mentioned password hashing algorithms also expect or include a salt, which the Authentication text goes on to describe. Thus, recommending the usage of a proven password hashing algorithm can still lead nicely into the introduction of the concept of a salt by explaining its purpose and usage within a password hashing algorithm.
As a sidenote, I'd like to express how much I love the book and how much I appreciate you making it available for free online and for a reasonable cost in print! I own a paperback copy and devoured it in the last few weeks.
Not a typo, but a suggestion. Feel free to direct me elsewhere if this is not the proper channel.
The Authentication chapter of the Security section states:
I believe this should be corrected to recommend using a password hashing algorithm, not just any cryptographic hashing algorithm as-is. That is, an algorithm that involves key stretching, specifically designed for securing passwords (or any other a low-entropy secret) against brute force attacks. Such password hashing algorithms include Argon2id, scrypt, bcrypt, and PBKDF2, with Argon2id being a good recommendation at the time of this writing.
The issue with using a cryptographic hashing algorithm such as SHA-3 without the use of multiple iterations or as part of some other key stretching technique, is that it is computationally efficient, relatively speaking. The algorithm used to hash a password should be slow and/or memory-intensive, thereby decreasing the feasibility of brute-force attacks. Of course, a balance must be struck with respect to the computational cost of the hash such that the performance impact is acceptable to a legitimate user logging in, while still preventing a malicious user from mounting an efficient brute-force attack. All of the above mentioned password hashing algorithms support configuring the computational cost of the hash in some manner, allowing one to fine-tune this trade-off and stay ahead of hardware improvements over time.
Each of the above mentioned password hashing algorithms also expect or include a salt, which the Authentication text goes on to describe. Thus, recommending the usage of a proven password hashing algorithm can still lead nicely into the introduction of the concept of a salt by explaining its purpose and usage within a password hashing algorithm.
As a sidenote, I'd like to express how much I love the book and how much I appreciate you making it available for free online and for a reasonable cost in print! I own a paperback copy and devoured it in the last few weeks.