[jdev] plaintext passwords hack
Peter Saint-Andre
stpeter at stpeter.im
Thu Dec 17 13:37:07 CST 2009
On 12/17/09 11:03 AM, Simon Josefsson wrote:
> Peter Saint-Andre <stpeter at stpeter.im> writes:
>
>>>> Agreed. That's the main reason we won't deploy hashed-only on the
>>>> backend plus SCRAM-only on the wire at jabber.org.
>>> So will you 1) not support SCRAM at all, or 2) derive the hash keys from
>>> the plaintext passwords during authentication, or 3) cache the derived
>>> hash keys for a user?
>> I'm not sure yet. Definitely not #1, probably #2, maybe #3.
>
> For #2, how many authentications happens per minute?
>
> My laptop does around 1.000.000 SHA-1 hashes on small data per second,
> so using a 4096 iteration count leads to a limit of around 250
> authentications per second just counting the hashing. So if you aren't
> anywhere near that (or can use multiple machines), the delay because of
> hashing may be irrelevant.
At the jabber.org service we typically have ~15,000 users online at any
one time, but they have long-lived sessions so they don't all log in at
once (unless we reboot the server). I doubt that we would ever have 250
authentications per second, but on reboot we might have something like
50 or 100 authentications per second (not all SCRAM, though).
> However, making sure you use the same salt for each user may be the
> problematic part in some environments. Otherwise you will cause clients
> to have to re-compute the keys every time too.
Right, that's not very friendly.
Peter
--
Peter Saint-Andre
https://stpeter.im/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6820 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://www.jabber.org/jdev/attachments/20091217/4a404cc7/attachment.bin>
More information about the JDev
mailing list