OK this might sound like a strange question. Please read carefully before jumping on me OK? ;-)
Imagine this situation:
- We have a server and a client.
- They connect using SSL.
- Client creates account on server with password.
- But, what he actually passes to server over the wire is the hash (+salt) of the password (NOT the password)
- Server saves this received hash of password in DB (hashed AGAIN with salt)
- At logon time, to authenticate, user re-sends hash of password (NOT the password!).
OK, so yes, I realise this sounds strange. Yes the whole conversation is in SSL, so you COULD just send password plaintext. And yes, I realise one can store the plaintext password safely in a hashed form.
Here is the point I'm driving at: it is useful for our business to genuinely say "We will never know your password".
Note I'm NOT saying "we don't store your password in plaintext", but that we really, never, ever know it; you never give it to us.
(The reason for wanting this is not relevant, sufficed to say that user's password is used for other stuff, e.g. file encryption).
Yes, I realise you might say that with the normal way of doing this "well the password would only in plaintext in memory for 5ms while you do the hashing", but this is more about deniability. i.e., We can say 100% we don't even receive your password.
OK so here's the question:
Has anyone done or heard of this kind of thing before?
What are the safety implications of doing this?
I'm struggling to see a downside. For example:
- No replay attacks (since the conversation is encrypted using SSL an attacker can't see the hash)
- Can't look in the DB because the hash is itself, erm..., hashed
OK you may now jump on me :)
Thoughts, comments welcome.
Thanks,
John
Update: Just wanted to clarify: I'm not proposing that this is somehow an improvement to the security of the authentication process. But, instead that it allows the user's "real" password to remain secret, even from the server. So, if the real password is used for, say, encrypting files, the server doesn't have access to that.
I'm completely satisfied in my reasons for wanting this, the question is whether it is a hindrance to the security of the authentication process.