Password Verification

So, how should password verification be arranged? Of course an option of saving a password and later comparing the entered password with it will not work due to its evident silliness. No matter how deeply a saved password is hidden there will be a hacker who can 'excavate' it and create a program which will extract and convey the password. Therefore the following scheme is generally used: an array of random numbers is being generated at the stage of the password generation. The data array is encrypted by any algorithm whereas the password chosen by the user is used as the key. The encrypted array is stored with the original one for the verification. (The password itself is not stored anywhere.) To verify the password it is enough to encrypt the original: if the password is correct, the result will match the stored encrypted array (or an encrypted array may be deciphered - it doesn't matter at all). Obviously, to break this scheme it is necessary to calculate the ciphering key having both the plain text and the ciphered text. This method is called the 'known plain text attack' in cryptoanalysis. Yet, any decryption-resistant algorithm guarantees this cannot be done in any way other than a complete search.

Sometimes this method is complicated further. There may be a message digest obtained with MD5 stored instead of the original. If RC4 is used as the ciphering algorithm the scheme will closely resemble the one preferred by Microsoft and used in Windows and MS Office.

Still, a hacker always has a method of the complete search at his disposal to pick the password. Therefore, using the RC4 algorithm and the aforementioned scheme in its pure form does not seem to be the best idea. The reason is that the password check may be very fast in this case, because all of the mentioned algorithms work fast. Meanwhile, if an algorithm took much time for the verification, it would not hamper consumer properties of a system (would anyone notice a fraction of a second delay while entering a password?) but in effect would deprive a hacker of an opportunity to use the direct search. With a half second delay it would take more than a month to pick a four-character password . It is not hard to slow down an algorithm. The length of the array may be increased, slower encryption algorithms may be used, or just one algorithm may be repeated many times. For example, an array of data may be encrypted with a password, than the password may be transformed according to some rule and the encryption may be repeated. Several thousand such cycles would be enough to do the trick. After all, it's much easier to make a slow program than a fast one :-).