WebApp Sec mailing list archives
Re: Re[2]: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection)
From: Chuck <chuck.lists () gmail com>
Date: Wed, 17 Aug 2005 17:22:34 -0400
Hi, comments below. On 8/17/05, Oleg Topchiy <edge () ua fm> wrote:
It's true, but if the whole database is comporomised, there is a good chance that vast number of the passwords won't stand against even dictionary attack, leave alone bruteforce. Although this method provides best balance between complexity and security.
A couple issues here: 1. The database shouldn't contain the hash of just the password. It should store a random salt and the hash of the password+salt (or some mix of hashing and salting like H(Salt+H(Password)), for example). Sometimes you will see the username used instead of a salt, but a random salt is better because it prevents pre-computation of password hashes or username+password hash pairs. 2. The client should not send the hash of the password or the salted hash. It should receive a random challenge and usually the fixed salt and send back something like H(challenge+salt+password). This challenge should only be valid once to prevent replay attacks. This is essentially the system used by Yahoo! (see http://us.i1.yimg.com/us.yimg.com/a/1-/java/login/login_md5_1_12.js). That being said, the hashing of passwords doesn't do anything to help in the case of a compromised client machine. It does protect against eavesdropping, which is a significant problem with people using insecure wireless connections. It is vulnerable to a MITM attack, but while that is not overly hard on wireless, it is harder than eavesdropping. Have a good one. Chuck
Current thread:
- Re: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection) mike (Aug 16)
- Re: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection) Noam Eppel (Aug 16)
- Re[2]: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection) Oleg Topchiy (Aug 17)
- Re: Re[2]: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection) Chuck (Aug 17)
- Re: MD5 Password encoding, "straight" vs "salted" hashes Peter Watkins (Aug 17)
- Re: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection) Thomas Chiverton (Aug 17)
- Re[2]: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection) Oleg Topchiy (Aug 17)
- <Possible follow-ups>
- RE: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection) Cyrill Osterwalder (Aug 17)
- RE: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection) Bond Masuda (Aug 17)
- Re: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection) Gary Gwin (Aug 18)
- Re: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection) Jean-Jacques Halans (Aug 22)
- Re: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection) Serban Ghita (Aug 23)
- Re: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection) Noam Eppel (Aug 16)
- Re: RE: MD5 Password encoding (was: Defeating Citi-Bank Virtual Keyboard Protection) mike (Aug 17)