Cascade Hashing

security cryptography

Definition

Cascade Hashing

Cascade hashing (also called iterated hashing or key stretching) is a technique that makes password hash computation more expensive by applying a cryptographic hash function $h$ repeatedly.

For an iteration count $c$, the hash is computed as

$$\text{Hash}=\underset{c\text{times}}{\underbrace{h\circ h\circ \cdots \circ h}}(\text{Password}\Vert \text{Salt})$$

or, with the salt re-injected at each step,

$$\text{Hash}=h(h(\cdots h(\text{Password}\Vert \text{Salt})\Vert \text{Salt}\cdots )\Vert \text{Salt})\Vert \text{Salt}).$$

Parameters

Iteration Count

The iteration count $c$ is typically chosen between $10^5$ and $10^6$. This range is large enough to slow down an attacker by a factor of $c$, yet small enough that a legitimate user experiences only a brief delay (under one second).

Effect on Attacks

Attack Slowdown

The computational cost for an attacker performing a dictionary or brute-force attack is increased by a factor of $c$.

A single hash evaluation is fast; repeating it $c$ times multiplies the total attack time proportionally.

Examples

Pure Iteration

$$\text{Hash}=h(h(h(\cdots h(\text{Password}\Vert \text{Salt})\cdots )))$$

Salted Iteration

$$\text{Hash}=h(h(h(\cdots h(\text{Password}\Vert \text{Salt})\Vert \text{Salt}\cdots )\Vert \text{Salt})\Vert \text{Salt})$$