On 28 June 2010 09:55, Grega Bremec <gregab (at) p0f (dot) net [email concealed]> wrote:
> On Sat, 2010-06-26 at 07:13 -0400, Tom Ritter wrote:
>> You covered several of the arguments: the password moving down the
>> stacks and being intercepted there, the maintainability.
>>
>> But there's two more things I'd raise.  First off, you really shouldn't
>> be hashing your passwords.  It's better to use something I don't know
>> the correct term for (I've heard adaptive hashing and iterative hashing.
>>  I usually just call them by name).
>
> I agree on not hashing.
>
> Short of mentioning encryption in the transport layer (which is a must
> in any such scenario), by far the most secure method involving passwords
> known to me would be a challenge/response mechanism which completely
> eliminates the need to transfer any kind of sensitive information over
> the wire.
>
> If the client produces the right token, the response to the challenge
> will be identical to the one that the server calculated based on the PSK
> at hand and the authentication can be thought of successful.

Nice once the PSK has been shared but when the user enters a password
for the first time you still have to protect it. I prefer systems
where I send out random passwords so can handle this kind of thing but
unfortunately a lot of clients, despite attempted education, prefer to
be able to let users enter their own passwords.

Robin

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]