tags:

views:

54

answers:

4
+1  Q: 

Client-side hashing/salting over HTTPS

I'm wondering what the serious issues are with the following setup:

Username/password login scheme Javascript/ajax requests the salt value from the server (we have established in previous questions salt is not a secret value) Javascript preforms an SHA1 (or otherwise) of the password and salt. Javascript/ajax return the hash to the server The server applies another salt/hash on-top of the the one sent via ajax.

Transactions are over HTTPS.

I'm concerned about problems that may exist but can't convince myself that this is that bad of a setup. Assume that all users need javascript enabled as jQuery is heavily used on the site. It's basically attempting to add an additional layer of security to the plain-text of a password.

+1  A: 

This doesn't add any additional security. The JavaScript code is present in the client, so the hashing algorithm is known. You gain nothing from doing a client-side hash in this case.

Also, there's no reason why the client should know about the hashing salt. It actually should be a secret value, especially if you're using a shared salt.

Jacob  2010-09-16 14:34:06
The salt would not be shared against users.
 2010-09-16 14:45:33
A: 

You're not gaining anything. There's no point to a salt if Joe Public can see it by clicking View > Source, and the old maxim about never trusting client input goes double for password hashing.

If you really want to increase security, use a SHA-2 based hash (SHA-224/256/384/512), as SHA-1 has potential vulnerabilities. NIST no longer recommends SHA-1 for applications that are vulnerable to collision attacks (like password hashes).

C-Mo  2010-09-16 14:38:46
Password hashes aren't vulnerable to collision attacks http://en.wikipedia.org/wiki/Collision_attack#Attack_scenarios
orip  2010-09-18 22:21:20
+2  A: 

All that effort of passing salts and hashes between the client and server is already built into the underlying HTTPS/SSL protocol. I would be very surprised if a security layer in javascript is going to help very much. I recommend keeping it simple and use plaintext over SSL on the client-side. Worry about encryption on the server-side.

jojaba  2010-09-16 14:54:49
+1  A: 

As always: be very careful about designing cryptographic protocols yourself.

But that being said, I can see the advantage in the scheme. It will protect against the password being revealed through a man-in-the-middle-attack and it will ensure that the server never sees the actual password, thus preventing some inside attacks. On the other hand it does not protect against man-in-the-browser, fishing etc.

You might want to read through RFC 2617 about HTTP Digest access authentication. That scheme is similar to what you propose.

Rasmus Faber  2010-09-16 17:20:47

related questions

What JavaScript patterns do you use most?
Javascript events
What style do you use for creating an "class" in JavaScript?
Graphing JavaScript Library
What's the difference in closure style
Getting the text from a drop-down box
How to specify javascript to run when ModalPopupExtender is shown
Length of Javascript Associative Array
How Do I Post and then redirect to an external URL from ASP.Net?
How to set up a CSS switcher in ASP.NET
Wrapping lists into columns
Javascript keyboard events primer? (or rather: help me with my custom dropdown)
Http Auth in a Firefox 3 bookmarklet
Best Debugging Tools for JavaScript/xulrunner Development
How can I turn a string of HTML into a DOM object in a Firefox extension?
Call ASP.NET Function From Javascript?
Javascript troubleshooting tools in IE
MAC addresses in JavaScript
Capturing TAB key in text box
CSS Background Color in Javascript
How can I make the browser see CSS and Javascript changes?
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP .Net Custom Client-Side Validation
What JavaScript library would you choose for a new project and why?
Detecting font in JavaScript