[standards-jig] Re: [Foundation] Last Minute JEP 78 Concerns

Dave Smith dizzyd at jabber.org
Tue May 27 21:10:24 UTC 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Tijl,

On Tuesday, May 27, 2003, at 14:05 America/Denver, Tijl Houtbeckers 
wrote:

> Unix doesn't use the hash as authenitcation. It only uses a hash to
> store the password. Once you use the hash to authenticate you lose most
> of the advantages of not storing the password in plaintext. Imagine

I see you're missing a critical part of this discussion. We're not 
talking about authenticating using ONLY the digest -- we're 
authenticating with a hash(StreamID + Auth Hash).

> *NIX would allow me to authenticate using the hash it actually stores.
> That would mean that if I'm the BOFH at a *NIX server where you have a
> shell acount I could log into every other shell accounts you have where
> you use the same password. In other words, there's a good reason *NIX
> does exactly *not* what you propose here.
>
> The *least* you could do, is concat a random key to the password before
> you hash it and store both the hash and the random key in the database,
> and send this key to the client before it SHA1's the password. Then you
> at least protect other accounts on the server (unless the admin changes
> the password, wich you would notice),and other servers/applications.
> Then we solve some actual issues, without having to worry other people
> will think it's a good idea.

Having a key which is available on the server doesn't solve anything. 
If I'm a malicious sys admin, I can still make guesses at people's 
passwords since I have access to both the hash and the "key". So what 
"actual" issue does this solve?

Diz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)

iD8DBQE+09RAYNE3chVHHsMRAiKDAJ9eFXKneExkYjHILHxe2VKaIrIknACfZjFS
1uuJbcDpUecjfo/1E12+how=
=p0Hl
-----END PGP SIGNATURE-----




More information about the Standards mailing list