W3C home > Mailing lists > Public > public-html-comments@w3.org > August 2012

Re: Securing Password Inputs

From: Cameron Jones <cmhjones@gmail.com>
Date: Thu, 30 Aug 2012 21:33:19 +0100
Message-ID: <CALGrgevigjkwkbi4DN-nyVMokOeAGBFm6S8e8dGixpMJQSYRMA@mail.gmail.com>
To: Jason H <scorp1us@yahoo.com>
Cc: Seth Call <sethcall@gmail.com>, "Thomas A. Fine" <fine@head.cfa.harvard.edu>, "public-html-comments@w3.org" <public-html-comments@w3.org>
On Thu, Aug 30, 2012 at 8:49 PM, Jason H <scorp1us@yahoo.com> wrote:
> 1. It does eliminate rainbow tables. [1] http://en.wikipedia.org/wiki/Rainbow_table#Defense_against_rainbow_tables Mybe the word "eliminate" is too strong but computationally infeasible. You' d have to generate a rainbow table specific to the site as you note, but it takes time and memory to do that. When you double hash it, you move the keyspaces to increcible sizes, 1.7 *10^62 entries, which is 6.3 *10^48 PETAbytes in size.

The keyspace may be theoretically large but the volume of used
passwords is relatively small. Attackers generally focus on the top X
number of most common passwords. Generating rainbow tables for the
most popular sites with the most popular passwords is moving to less
than "computationally unfeasible".

> 2. I'm suggesting that HTML5  make it not optional, and we'll get there "eventually". What kind of phishing attack uses the host site? All the ones I know use a copy. No big deal, I enter my password into the phishing site, the HTML5 password protocol kicks in, they get a double-hashed password. Then they have to unhash the first hash (impossible) then unhash that hash (also impossible) then unsalt it (trivial). Only after they perform two impossible steps will they know my password.

Phishing attack will direct users to a fake version of the site, they
can implement this in any way they like as long as it looks like same
site. When the user enters their credentials the phishing site can do
anything it wants with the plaintext, it definitely won't send it
through a one-way hashing algorithm.

> 3. If they are already registered and have a server-computed hash, then there are a couple approaches. How the site is configured now will greatly influence the method. The easiest is to add a column to the user table and indicate if it is the new style or not, and continue to apply the corresponding algorithm. This seems overkill unless a user has a 40 character hexadecimal password already, otherwise the software can detect this pattern and know how to use it. The application can then encourage the user to update their password. I would consider this an upgrade path.

HTML *never* implements new features which break existing sites, too
many sites never get updated. The only possibility is to implement new
features and get people to use them, the new features must be
compelling for people to even take the time to know what they are let
alone implement them. Added to this, authentication processes in
servers (good ones) are heavily audited and severely locked down. The
concept of introducing a new password mechanism is logistically
impossible to roll out on a global scale.

> It does not mean that the salt is a nonce. Unless we somehow figure out a way to have the entire SHA1 keyspace (which is 6.8 *10^48 petabytes in size) mapped to the hash space  (another 6.8 *10^48 petabytes)  and do the fast look-up it has significant value.

The nonce is a value which changes over time to avoid replay attacks,
and rainbow tables. Its way more secure to use than a salt and you get
it for free with mod_digest, no application changes, database changes
or password introspection.

Cameron Jones
Received on Thursday, 30 August 2012 20:33:47 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:28 UTC