Hash passwords before transmitting? (web)_问答_开发者

Hash passwords before transmitting? (web)

开发者 https://www.devze.com 2023-01-03 09:30 出处：网络

I was reading this Ars article on password security and it mentioned there are sites that \"hash the password before transmitting\"?

相关专题：passwords

I was reading this Ars article on password security and it mentioned there are sites that "hash the password before transmitting"?

Now, assuming this isn't using an SSL connection (HTTPS), a. is this actually secure and b. if it is how would you do this in a secure manor?

Edit 1: (some thoughts based on first few answers)

c. If you do has开发者_运维问答h the password before transmission, how do you use that if you only store a salted hash version of the password in your user credentials databas?

d. Just to check, if you are using a HTTPS secured connection, is any of this necessary?

This is only secure if the server sends a non-reusable salt (and, of course, if you use a secure hash).

Otherwise, the attacker can simply sniff the users hash, then replay the hash to log in as the user.

Note that the login is vulnerable to a man-in-the middle attack.

I wouldn't call it secure, but it's better than nothing. If you let the server pick a hash salt every time a user logs in, that will protects against replay. However, there's nothing protecting users from man in the middle attacks while they are logged in.

You will have to store the salt you generated somewhere on the server while the user is logging in. If that is a problem, you could hash the salt with another (fixed) salt, use the result as a checksum and add both to your login form as hidden fields.

There are some JavaScript SHA-1 implementations around that should do the trick. Don't use MD5 if you can help it.

You can protect this scheme against man-in-the-middle attacks by using the salted database hash to generate a secret key for symmetric encryption.

It would work like this:

Server looks up the password hash in the database H_D along with salt S_D
Server chooses a random salt S_R
Server generates a secret key K by hashing the database hash with S_R
Server sends S_D and S_R to the client

Client calculates H_D by hashing the user's password with S_D
Client calculates K by hashing H_D with S_P
Client encrypts all server communication with K

This scheme creates a random session key K based on the user's password.
A man in the middle would not be able to derive K without knowing the user's password (or H_D, which must be kept secret), and therefore cannot impersonate the server.