views:

325

answers:

2

I have WCF service that being used by clients, and the following is my current implementation for user authentication, I want a recommendation to enhance it or better mechanism.

  • I am using RSACryptoServiceProvider class (RSA implementation) to save encrypted user passwords into database

  • The client should encrypt password every log-in using public key (stored in file) and send it to logging method with user name

  • On the server side the log-in method select the encrypted password for the supplied user name and compare decrypted passwords (sent by user and db one) using private key

    Note: every time you encrypt the string using RSA with the same public key a new encrypted bytes generated, so I can not compare encrypted passwords and I have to decrypt them to compare

P.S The answers say "For authentication purposes you should avoid storing the passwords using reversible encryption"

I am asking if no one can decrypt the password except if he has the private key, so what is the problem, even the hashing is not reversible but it is broken!!

+3  A: 

It's not common practice to store passwords encrypted instead of hashed. Do you have any particular reason to do so?

If no, I would suggest to store the passwords hashed (SHA-2 or something like that) with a salt.

Henri
Cannot recommend this strongly enough. Never, ever store anything that can get back to the user's password. Always use a hash and compare hashed passwords, not original passwords.
Andrew
I assumed I can prevent password crackers even if the database stolen
Ahmed Said
As an attacker I'd prefer a database with hashed passwords to a database with RSA encrypted passwords. Even if the passwords are salted the attacker can still perform a dictionary search. The attacker just can't use precomputed tables. When the database is properly encrypted with RSA dictionary attacks are not possible.
Accipitridae
I do agree that in _some_ cases hashed passwords have an advantage for attackers. Since cracking hashes _may_ be easier for the reasons you (Accipitrdae) enumerate. However, there is a flipside. If someone gets hold of your private key, you lose ALL the passwords, while with hasheds passwords that is not the case. So one should outweighth the benefits of both.
Henri
A: 

I think there are two issues that need attention:

  • How are the passwords transmitted securely?
  • How should the passwords be stored securely?

Existing password based key agreements such as SRP address both problems.

Your solution to encrypt passwords with RSA is not bad idea but is a partial solution only: Since RSA randomizes the encryption, it prevents offline dictionary attacks. From your description it is unclear if your proposal prevents replay attacks. Can an attacker login by sending a previously intercepted encrypted password or do you have a countermeasure such as time-stamps?

Accipitridae