Hi there.
Im searching for the most secure (but yet doable) way of password management in a web app.
Right now, I save the password as hash. The DB account of the app is restricted to excecution of stored procedures and I authenticate users by giving the username and the hashed password to a stored procedure that returns 1(true) or 0(false).
So there is no chance of getting the password from the server, even if you have the DB account of the app. Thats what i like about this solution. But to use this, the client has to submit his password over the web, or at least a static hash that could be catched.
So I came to idea of using a handshake like this:
- Client asks server for salt.
- Random salt is given to client and stored on server for this single client.
- Client makes Hash(salt + password) and returns this hash to server
- Server makes Hash(salt + password) and checks if its same then from client
Using this handshake makes it possible to check the password without sending itself or a static hash of it. Just a dynamic salted hash, that is different each time the user logs in => Highly secure.
But for this handshake i need the password or at least the hashed password from the DB. But this enables someone to get at least the hashed password and bruteforce it outside the app.
What would you prefer? Keeping password inside DB and make anything there(secure server), or get it out of DB and do it outside(secure transmission)?
Thanks in advance, Marks