-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Simetrical wrote:
(While we're on the topic of hashes, by the way, vBulletin has JS-enabled browsers hash and salt their passwords before they even send them. Thus man-in-the-middle attacks are impossible. Seems like a nifty idea to consider, anyway.)
I did a demo implementation of that a couple years ago (might be in SVN somewhere, or might be lost) on this model:
- - server sends a challenge string C with the login form - - JavaScript takes over on form submission, asking server for the salt (user id) for the given name - - client calculates the salted hash H - - client calculates a combined hash, something like MD5(c + H), and submits that with the form instead of plaintext - - server confirms that the submitted combined hash matches what it can calculate with the challenge string and its copy of H
Is it more secure than sending plaintext passwords? A bit. But even if the challenge can armor against replay attacks, anyone sniffing can just hijack the session cookie and do all manner of nasty things right then and there.
There was some muttering at the time that just using HTTPS is safer and it's not worth the bother. Agreement? Disagreement?
- -- brion vibber (brion @ pobox.com)