undefined | Better HN

0 pointstptacek11y ago0 comments

No, of course not. The CS problem behind a password hash (or KDF) is to exploit time and memory to convert a low-entropy secret into something with the strength of a high-entropy secret. But when you're securing individual HTTP requests with session tokens, you simply use high-entropy secrets, and thus don't have the password hash problem.

0 comments

3 comments · 1 top-level

proksoup11y ago· 2 in thread

If users picked really good passwords, full sentences with high entropy --- would we not need to encrypt them?

Sorry I think you already explained this, I'm just swimming. I probably should have basic CS understanding to be in this conversation ....

tptacekOP11y ago

If users picked 128 bit random numbers as their passwords, any hash function would suffice to store authenticators for them. You'd still want to hash them, because presumably users will re-use the same 128-bit random number on several machines. But it would be infeasible to brute force them, so MD4 would do just fine.

There is no reason to hash a secure cookie, because they aren't used across several machines. The compromise of a stored session key implies that every system where that cookie is valuable is also compromised.

zaroth11y ago

A reason to hash cookies/tokens on the server side is so you don't have to reset them if your server database is compromised. A fast cryptographically secure hash with digest size equal to the token size is a good choice.

This also has the benefit of defending against timing attacks, for example, if you don't completely trust your code or the compiler / interpreter to not optimize your "constant time" comparison.

2 more replies

j / k navigate · click thread line to collapse