undefined | Better HN

0 pointshahn-kev9mo ago0 comments

No it's not. Did you ever think that you can hash something twice? Hash it once on the client, then hash and salt it server side, like normal. It means that the server never actually knows your password, but that's about all it gives you.

0 comments

mejutoco9mo ago

> It means that the server never actually knows your password

If the client is hashing it without a salt the server could simply check a Rainbow table (https://en.wikipedia.org/wiki/Rainbow_table) to know which password it is. For short inputs this could be trivial.

const_cast9mo ago

Sure, but I still think this is preferable to sending the password in clear text even over HTTPS. You're trusting the server doesn't do anything with the password and immediately hashes it, but it might not. It might store it, or even if it doesn't, your password will stick around in RAM for an indeterminate amount of time.

If the server is compromised in any way, passwords could be exfiltrated. Companies are, sometimes, wildly incompetent. Zoom historically stored private keys on the same server as their "encrypted" data. I would not be surprised if your password is just stored for "convenience" or some other bullshit reason and just waiting to be breached.

mejutoco9mo ago

> Sure, but I still think this is preferable to sending the password in clear text even over HTTPS. You're trusting the server doesn't do anything with the password

My point is in both cases the server has access to the password. As I mentioned, without salt the server can get the original password (by checking the pre-computed rainbow table of hashes up to n length), so the trust issue is the same.

If this is slightly better (more obfuscated) or the same thing + a false sense of security is debatable, but I could agree.

const_cast9mo ago

Well no, because rainbow tables are quite small. You don't have precomputed hashes for all passwords 24 characters and under that contain numbers and symbols.

I mean, even with just letters, you're looking at 620448401733239439360000 hashes required. x 128 / 8 bytes, you're looking at ~ 9000 zettabytes. So, a few order of magnitude larger than the entire internet.

If you have a strong password, it's not comparable. In scenario one the server has the password immediately. In scenario two, it would require the heat death of the universe to precompute the hash to find out the password.

1 more reply

j / k navigate · click thread line to collapse

0 comments

mejutoco9mo ago

> It means that the server never actually knows your password

const_cast9mo ago

mejutoco9mo ago

> Sure, but I still think this is preferable to sending the password in clear text even over HTTPS. You're trusting the server doesn't do anything with the password

If this is slightly better (more obfuscated) or the same thing + a false sense of security is debatable, but I could agree.

const_cast9mo ago

Well no, because rainbow tables are quite small. You don't have precomputed hashes for all passwords 24 characters and under that contain numbers and symbols.

1 more reply

j / k navigate · click thread line to collapse