Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think the Stanford folks were on to a better solution for this problem. (I have no affiliation)

Use all of the authentication data as the seed for generating a key pair. When you create a new password you send the public key to the server, where it is stored. The private key is regenerated on the client on every authentication challenge.

I submit for your perusal:

http://srp.stanford.edu/



The serverside authenticator, which the server stores, is crackable back to a password.


In SRP? Ah that's a shame, but explains why it didn't get adopted.

But now that I RTFA'd these guys seem to be using the same basic concept so I'll be keeping an eye on them.


Can you point me towards a short explanation?


The client sends the server

    [salt, modexp(g, H(salt, password), n)]
The exponentiation makes the brute-force attack a little bit harder than a simple salted hash, but not that much. You can obviously replace the salted hash with something else, and that's a good idea, but the point of this post is that password hashes are insufficient to protect user secrets.

I disagree with the post, of course.


I may be dense, but is the problem the same as with the usual discussions of salted password hashing, i.e. if H were bcrypt() it would be fine, or am I missing some simple mathematical thing?

Edit: okay, you just answered that. Thanks! :-)


If the user authenticates to the server by typing in a password into their computer, then that has to be true.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: