undefined | Better HN

0 pointsandreareina5y ago0 comments

Hashing the password client-side makes a leak of the password hashes (which happens all the time) equivalent to leaking the password itself.

https://en.wikipedia.org/wiki/Pass_the_hash

0 comments

staticassertion5y ago

It's definitely not equivalent. The plaintext isn't (as easily) recoverable, which means that if the user used the same plaintext password for another service it's (somewhat more) protected.

Pass The Hash is also protocol specific - if you try to replay a hash to your average HTTP service it won't go "oh, it's already hashed, thanks" it'll just hash it again and you'll fail to authenticate.

codexon5y ago

Then just add a time sensitive seed to it? I don't think it is equivalent to leaking plaintext. It can't be used to guess passwords on other websites.

If your SSL layer is compromised, you can't trust the client-side encryption. The attacker can send arbitrary javascript.

Kalium5y ago

> Then just add a time sensitive seed to it? I don't think it is equivalent to leaking plaintext. It can't be used to guess passwords on other websites.

You're reinventing password hashing and salting. Further, there's no guarantee that the has cannot be used to guess passwords on other sites. For what benefit, exactly? Your hash is now the password, and basically as dangerous as it was in a more conventional arrangement.

Pass-the-hash is a real kind of vulnerability that has been used to exploit real systems. We might be better off sticking with design approaches that don't have this problem instead of trying to fix out way out of the problem.

> If your SSL layer is compromised, you can't trust the client-side encryption. The attacker can send arbitrary javascript.

Are you sure this is what it's guarding against? A sophisticated application architecture might involve a load balancer decrypting and doing the initial routing, several sets of data handoffs, and then the application that needs it handling the password. Any one of them could mishandle or leak the password, but only the one at the end actually needs it in the clear.

codexon5y ago

How exactly is asking for my password to be hashed "reinventing password hashing and salting"? Seems like the opposite, no?

If your password is properly salted, it can't be used to guess passwords on other sites, that's the whole point of salt and hash.

The fact that RSA is being used means that your plain-text password is going to appear on their servers. Maybe it won't get cracked in the SSL layer, but it is still there.

> Are you sure this is what it's guarding against? A sophisticated application architecture might involve a load balancer decrypting and doing the initial routing, several sets of data handoffs, and then the application that needs it handling the password. Any one of them could mishandle or leak the password, but only the one at the end actually needs it in the clear.

Do you realize that if an adversary even only has read access to the SSL layer, they can just copy the cookie and steal the account that way?

1 more reply

j / k navigate · click thread line to collapse

0 comments

staticassertion5y ago

It's definitely not equivalent. The plaintext isn't (as easily) recoverable, which means that if the user used the same plaintext password for another service it's (somewhat more) protected.

codexon5y ago

Then just add a time sensitive seed to it? I don't think it is equivalent to leaking plaintext. It can't be used to guess passwords on other websites.

If your SSL layer is compromised, you can't trust the client-side encryption. The attacker can send arbitrary javascript.

Kalium5y ago

> Then just add a time sensitive seed to it? I don't think it is equivalent to leaking plaintext. It can't be used to guess passwords on other websites.

> If your SSL layer is compromised, you can't trust the client-side encryption. The attacker can send arbitrary javascript.

codexon5y ago

How exactly is asking for my password to be hashed "reinventing password hashing and salting"? Seems like the opposite, no?

If your password is properly salted, it can't be used to guess passwords on other sites, that's the whole point of salt and hash.

The fact that RSA is being used means that your plain-text password is going to appear on their servers. Maybe it won't get cracked in the SSL layer, but it is still there.

Do you realize that if an adversary even only has read access to the SSL layer, they can just copy the cookie and steal the account that way?

1 more reply

j / k navigate · click thread line to collapse