ansaurus

Question

Answer 1

+1 A:

If ssl is not an option, then I suggest the following scheme, which many sites use instead of SSL:

On the client side, combine the user name and password, then calculate a hash from it (MD5 is a popular choice).
Send the user's name and hash over to the server
On the server side, retrieve the password for that user from the database.
From the user name and password, calculate the hash and compare it with the client's hash. If the two match, then the passwords match.
For added security, add a little random text to the user+password mix. This random text, AKA the "salt", must be known on both the client and server sides.

Here is a suggestion on how to calculate the hash using MD5:

package require md5

proc calculateHash {user password salt} {
    return md5:md5 -hex "$user:$salt:$password"
}

How to use it:

set user "johnny"
set password "begood2mama"
set salt "myDog_is_meaner_than_yourDog"

set hash [calculateHash $user $password $salt]

Hai Vu 2010-08-10 14:11:59

Just to clarify: you do you mean for the salt value to be generated randomly by the server for every logon attempt and passed to the client (probably as part of the page data). This means you get a different MD5 hash for every logon even with the same username and password.

Jackson 2010-08-10 15:02:14

The application needs to pass username/password to database, in original form. Is there a way to un-salt it, once the script receives the salted data?

superNobody 2010-08-11 03:10:25

Or can you help me to translate this C/C++ to Tcl? I think that will do okay. [http://osix.net/modules/article/?id=96]for(int i = 0, y = 0; i <= strlen(data); ) { for(int o = 0; o <= BLOCK_SIZE; o++) { if(data[i] != '') { data[i] ^= key[y]; } i++; } y++; if(key[y] == '') { y = 0; } }

superNobody 2010-08-11 05:11:53

@superNobody: To do that you first decide what encoding to work with (and use `encoding convertto` to transform to the byte sequence) then use `binary scan` to convert the binary string to a list of values. That done, you're iterating over the values, applying the xor, and then converting back to bytes with `binary format`. If you want this expanded, ask as a proper question!

Donal Fellows 2010-08-13 09:29:28

@HaiVu: I'll vote for you if you give the client-side JavaScript ;)

Gra 2010-08-15 21:12:20

@Jackson: The salt value is agreed upon between the server and *all* clients. The reason: many attackers has a dictionary of commonly used passwords and their MD5 hash. They can use that to carry a brute-force attack. By adding salt, you lessen the risk as such dictionary will be used less. For this reason, the salt value is not a secret: anyone who write a client to log in will need to know it.

Hai Vu 2010-08-16 17:28:09

@superNobody: No, the hash function is one way: it is nearly impossible to take an MD5 hash and get back the user/password/salt combo. That's what hash functions do: they perform a one-way transformation.

Hai Vu 2010-08-16 17:30:12

@gra: I appreciate your intention to vote for my answer. If you google for javascript and md5, you will find plenty of answers.

Hai Vu 2010-08-16 17:32:18

@Hai Vu: I think you have missed my point; if the salt value is the same every time then the hash value produced will be the same every time. So if an attacker can monitor the network traffic they may be able to gain access by replaying the response without ever knowing the actual password.

Jackson 2010-08-17 09:13:08

@Jackson: I got it now. That's the problem of not using SSL.

Hai Vu 2010-08-17 16:06:29

Answer 2

+1 A:

superNobody,

You should consider alternatives to storing plain-text passwords in the database. See:

http://www.codinghorror.com/blog/2007/09/youre-probably-storing-passwords-incorrectly.html

Instead of encoding the password in Javascript, then decoding the password in Tcl to compare with the database, you should consider SHA1 hashing in Javascript, and storing SHA1 hashed values in the database.

There are several available examples of a SHA1 hash function in javascript (just Google 'sha1 javascript'). The tcllib Tcl library has SHA1 support.

As HaiVu mentioned, you should also consider hashing / storing more than just a straight password hash, but instead use something like SHA1( username + websitename + password ). You can calculate this on the client in Javascript, and store it in the db.

bsterne 2010-09-10 03:30:18

+1. Never store plain text passwords. Also, don't reinvent the wheel, especially with Cryto and security.

RBerteig 2010-09-10 03:45:06

ansaurus

tags:

views:

answers:

Simple XOR a message (Javascript/Tcl)?

related questions