Login protocol

views:

117

answers:

How should i design a login protocol to be more secure the way i have it right now is

the client connects and sends his username
the server sends the salt(always same) for the user
the client adds the salt to the password hashes it and sends it to the server

This way the password is hidden all the time but it does not stop a hacker to just copy the hash if he can come over it and send it after he recived the password...

+1 A:

If the server only accepts the salted password on a connection which originally challenged with that salt then the hacker would have to keep connecting until he got the same salt as the one he saw the hash for. I'm not saying this is ideal (and a Diffie-Hellman key exchange followed by fully-encrypted authentication may be more secure, although still susceptible to a man-in-the-middle attack unless you're careful) but I think that simple tweak would at least be beneficial.

Then again, I'm not a security expert and you arguably shouldn't take security advice from any non-experts.

Jon Skeet 2009-03-04 11:56:41

Well its allways the same salt that is sent :( as the server does not store the password just the salt and the hash of it..

Petoj 2009-03-04 12:01:03

If the server always sends the same salt, then it's basically pointless. It should send a different salt each time.

Jon Skeet 2009-03-04 19:45:56

+4 A:

Leave security to a higher level protocol (SSH, SSL) and keep yours simple.

ssg 2009-03-04 12:00:41

Check this question to get some more idea(s).

Shoban 2009-03-04 12:06:54

Step 2 seems to be the bigger weakness, there. If you can make sure that the server sends a "sufficiently large" salt and NEVER the same salt, twice (I suspect a small portion of decent random numbers, plus an incrementing counter, then hashed MAY be enough, but I cannot prove that it is), that'd probably be enough. Alternatively, follow ssg's lead and encapsulate the whole thing in an SSL session.

Vatine 2009-03-04 12:08:13

As the server does not have the password just the hash it cant send a new salt every time as it dosent know the out come of the hash then :P

Petoj 2009-03-04 12:16:11

Well, that'd be a problem, then, because sending a known-salt-hashed password where the salt never changes isn't (security-wise) much different than sending the password in clear text (you still only need a single captured session to re-establish credentials later on).

Vatine 2009-03-04 12:35:16

thats why i was wondering what i could change :P as i understand that this is not secure.. but i hope i will learn some thing new from this question i posted here :)

Petoj 2009-03-04 12:40:27

Security is hard.

Don't roll your own login protocol, either use an existing proven one or do something trivial and robust over an encrypted (SSH, SSL...) connection. There are so many robust drop-in implementations of proven protocols out there, and so many examples of systems failing due to flawed reinvention of wheels - if the login is protecting anything of any importance at all, there is simply no excuse.

That said, if your purpose here is to learn to design such algorithms, I strongly recommend Bruce Schneier's "Applied Cryptography".

moonshadow 2009-03-04 12:28:10

about the book, im a c#/vb.net developer and i have used some c++ along time ago but that was only the basic stuff, so my question is it easy to read c code as the book contains c code...

Petoj 2009-03-04 12:32:25

If you're a C# developer, you shouldn't have much trouble at all with C/C++ code snippets in algorithms textbooks. Generally they are only used to illustrate the main text / provide worked examples anyway.

moonshadow 2009-03-04 12:57:19

ansaurus

tags:

views:

answers:

Login protocol

related questions