[jdev] plaintext passwords hack

Peter Saint-Andre stpeter at stpeter.im
Thu Dec 17 13:37:07 CST 2009


On 12/17/09 11:03 AM, Simon Josefsson wrote:
> Peter Saint-Andre <stpeter at stpeter.im> writes:
> 
>>>> Agreed. That's the main reason we won't deploy hashed-only on the
>>>> backend plus SCRAM-only on the wire at jabber.org.
>>> So will you 1) not support SCRAM at all, or 2) derive the hash keys from
>>> the plaintext passwords during authentication, or 3) cache the derived
>>> hash keys for a user?
>> I'm not sure yet. Definitely not #1, probably #2, maybe #3.
> 
> For #2, how many authentications happens per minute?
> 
> My laptop does around 1.000.000 SHA-1 hashes on small data per second,
> so using a 4096 iteration count leads to a limit of around 250
> authentications per second just counting the hashing.  So if you aren't
> anywhere near that (or can use multiple machines), the delay because of
> hashing may be irrelevant.

At the jabber.org service we typically have ~15,000 users online at any
one time, but they have long-lived sessions so they don't all log in at
once (unless we reboot the server). I doubt that we would ever have 250
authentications per second, but on reboot we might have something like
50 or 100 authentications per second (not all SCRAM, though).

> However, making sure you use the same salt for each user may be the
> problematic part in some environments.  Otherwise you will cause clients
> to have to re-compute the keys every time too.

Right, that's not very friendly.

Peter

-- 
Peter Saint-Andre
https://stpeter.im/


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6820 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20091217/4a404cc7/attachment.bin>


More information about the JDev mailing list