[jdev] plaintext passwords hack
Simon Josefsson
simon at josefsson.org
Thu Dec 17 09:58:35 CST 2009
Tomasz Sterna <tomek at xiaoka.com> writes:
> Dnia 2009-12-17, czw o godzinie 14:35 +0100, Simon Josefsson pisze:
>> If you don't store the hashed password for SCRAM, you need to burn CPU
>> time for every login to derive the SCRAM hash keys. That doesn't scale
>> well.
>
> Why do you say so?
>
> It scales well vertically by CPU upgrade, and horizontally by putting
> more machines/CPUs to handle user connections.
Sure, but caching the hashed values scales better. Remember, we are not
talking about just one hash call, typically there is 4096 hash
iterations when deriving the keys from a password in SCRAM.
If you do want to hash the password on every authentication with SCRAM,
make sure you use the same salt and iteration count every time,
otherwise clients cannot cache ClientKey&ServerKey (or SaltedPassword)
which will cause performance problems for mobile devices...
...unless you use a very low iteration count value (e.g., 1). Is that
what you are suggesting?
/Simon
More information about the JDev
mailing list