What method do you use? php with a database? cgi against a protected file? Clickpass.com like HN.
Or did you roll your own?
+ Server has your passwords stored as sha1(password+salt(password)). salt function isn't secret (eg. reverse the text)
- Client visits login page
- Website generates random token. Then sends back HTML with the random token
- Client generates passresponse = sha1(token + sha1(password + salt(password)))
- Client sends the passresponse, token, and username back
- Website checks for existence of token, removes it, then computes it's own sha1(token + password_hash_from_db) and checks against the sent passresponse.
This way the password is never sent in clear text. Unlike HTTP authentication, this works nicely with html forms since you can do all the crypt in js. Then again, this might be a bit overkill... and using SSL is probably a better option.
Just sharing another solution.
* First, because no browser bakes this crypto protocol in, you have to deliver it over Javascript. The protocol basically stipulates that you don't have SSL/TLS. So all you've done is move the goalposts. No matter what kind of dance you do (for instance: Meebo actually delivers a JS implementation of RSA!), the action is now in the JS delivery, which is trivially compromised.
* Second, secure authentication schemes aren't vulnerable to trivial dictionary attacks. This one is: the attacker is stipulated to have access to your traffic. She sees the nonce the server sends and the hash the client responds with. She can solve for the password by (very fast) brute force against a wordlist.
I agree with your second point, a eavesdropped can use a dictionary attack. It makes it just a tiny bit harder for them since they need to generate their own cleartext-crypttext and cannot use a pregenerated table.
I am curious, is there a better way to do this (other than SSL or using RSA)
On registration:
- Ask for username and password (do form validation, ie passwords match, xss clean, etc). toLowercase() the login.
- Create a hash of some type for the password. This becomes used in the database, and again on login. If you're not worried about security, md5 your password, store it in the db. Otherwise, look up a salt hash.
- I typically log the user out and then require them to log in and create a session after they registered.
On login
- Ask for username and password, toLowercase() the login when checking
- Run the same md5 or salt hash against the password, check if the # of rows in the database is > 0, if it is, log the person in and give them a session with a value of "is_logged_in" to true or something similar. Also pull the database user_id or e-mail and use that to remember which user you're dealing with.
- If the # of rows found in database is == 0 (where the login and pass equal those from your post variables), the login failed
http://www.matasano.com/log/958/enough-with-the-rainbow-tabl...
I'd personally advise: Use a respected library or at least an MD5 or SHA1 approach with a strong salt. There are better ways that you should consider (link), especially if you're writing an authentication package for reuse by others.
This is the best strategy for us because it allows us to offer a wide array of services running through our accounts, using out of the box software..
We can tie the forums into LDAP without writing our own, as well as our internal Jabber server, etc.
Once login has completed, we give the user a 128-bit sessionID, which we use for all further communication, until their session expires.
Anyway, if you don't use a nonce per user or a time consuming hashing method, then all tptacek's comments apply. His link in http://news.ycombinator.com/item?id=576021 is worth your time.
apache has modules to hook it up to just about any backend; it's supported by all browsers, and it's easy to automate against.
I would be interested in knowing why more people don't use it.
You can fail certain formal security audits for using HTTP authentication.
hm. I know you can logout by going to https://username:boguspassword@thesiteyouarelogingoutfrom.co... but that will ask you to re-input your password, usually, making it unsuitable for a 'logout' button usually, I think. I wonder if there is a js workaround for that.
It seems pretty straightforward (hash pass, place on server, and check against), but I need an easy way to compute an SHA hash in-browser, so the server doesn't have to receive the pass in plaintext.
Anyone know of a way to do it with Struts/JSP, or even JS if its not too slow?
* The hash you send will probably be password-equivalent; losing it to an attacker is just as bad as losing the password.
* If you're delivering the JS to generate the hash over HTTP, you have exactly the same threat model as with plaintext passwords (attackers will just subst a script that sends the raw password).
* If you have working HTTPS, you already have optimal communications security; just send the password.
* Even if you came up with a challenge-response protocol to make the hash non-replayable, the exchange itself would be vulnerable to a trivial dictionary attack.
Don't bother with this idea. Move on to something that will add real value to your app.
I always try new sites if I can get in with existing authentication - and I don't always if I need to register. So it depends how much you care about uptake.
