On 20/08/10 00:12, Jonathan Leybovich wrote:
Tim Starling
wrote:
So the time has probably come for us to come up with a "C" type
password hashing scheme, to replace the B-type hashes that we use
at the moment.
What about using public key cryptography? Generate a key-pair and
use the "public" key to produce your password hashes. Store the
private key offline in an underground vault just in case someday
you'll need to recover the original passwords in order to rehash
them. Needless to say the key-pair must be entirely for internal
use and not already part of some PKI system (i.e. the basis for one
of Wikimedia's signed SSL certificates).
You don't need to store the original passwords in a recoverable form
in order to rehash them. You can just apply extra hashing to the old
hash. This is how the A->B transition worked, and it's how the B->C
transition should work too, unless someone knows of some kind of
cryptographic problem with it. It's a convenient method because it
saves the cost of underground vaults, with no loss in security.
-- Tim Starling