[standards-jig] Re: [Foundation] Last Minute JEP 78 Concerns
dizzyd at jabber.org
Tue May 27 21:10:24 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Tuesday, May 27, 2003, at 14:05 America/Denver, Tijl Houtbeckers
> Unix doesn't use the hash as authenitcation. It only uses a hash to
> store the password. Once you use the hash to authenticate you lose most
> of the advantages of not storing the password in plaintext. Imagine
I see you're missing a critical part of this discussion. We're not
talking about authenticating using ONLY the digest -- we're
authenticating with a hash(StreamID + Auth Hash).
> *NIX would allow me to authenticate using the hash it actually stores.
> That would mean that if I'm the BOFH at a *NIX server where you have a
> shell acount I could log into every other shell accounts you have where
> you use the same password. In other words, there's a good reason *NIX
> does exactly *not* what you propose here.
> The *least* you could do, is concat a random key to the password before
> you hash it and store both the hash and the random key in the database,
> and send this key to the client before it SHA1's the password. Then you
> at least protect other accounts on the server (unless the admin changes
> the password, wich you would notice),and other servers/applications.
> Then we solve some actual issues, without having to worry other people
> will think it's a good idea.
Having a key which is available on the server doesn't solve anything.
If I'm a malicious sys admin, I can still make guesses at people's
passwords since I have access to both the hash and the "key". So what
"actual" issue does this solve?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)
-----END PGP SIGNATURE-----
More information about the Standards