On 20/08/10 00:12, Jonathan Leybovich wrote:
Tim Starling wrote:
So the time has probably come for us to come up with a "C" type password hashing scheme, to replace the B-type hashes that we use at the moment.
What about using public key cryptography? Generate a key-pair and use the "public" key to produce your password hashes. Store the private key offline in an underground vault just in case someday you'll need to recover the original passwords in order to rehash them. Needless to say the key-pair must be entirely for internal use and not already part of some PKI system (i.e. the basis for one of Wikimedia's signed SSL certificates).
You don't need to store the original passwords in a recoverable form in order to rehash them. You can just apply extra hashing to the old hash. This is how the A->B transition worked, and it's how the B->C transition should work too, unless someone knows of some kind of cryptographic problem with it. It's a convenient method because it saves the cost of underground vaults, with no loss in security.
-- Tim Starling