[jdev] plaintext passwords hack
Simon Josefsson
simon at josefsson.org
Fri Dec 18 00:38:36 CST 2009
Kurt Zeilenga <Kurt.Zeilenga at Isode.com> writes:
> On Dec 17, 2009, at 9:55 AM, Simon Josefsson wrote:
>
>> Low iteration counts removes one nice features of SCRAM (mitigating
>> dictionary attacks on stolen hash databases).
>
> It's only a nice feature if you can take advantage of it. If you need
> to support multiple password mechanisms, each either their own hashed
> password, you'd end up storing each. And then the attacker need only
> attack the weakest. And with need to service providers to support
> DIGEST-MD5 and CRAM-MD5, to the most popular password-based
> mechanisms, the weakest is not much stronger than cleartext.
I agree, if you assume that servers are the weakest link in the chain.
This is a typical goal for service providers to optimize for, since they
want to do what they can to make the server a hard link in the chain.
Unfortunately, this server-side security optimization cause other chains
in the link to be weakened:
It is not only servers that can take advantage of hashed passwords,
though, the clients can make use if it too. If servers sets a norm of
using a low iteration count, clients will be an even weaker link in the
chain.
The weakest link could also be the network -- if low iteration counts is
the norm, dictionary attacks on the traffic may be feasible.
/Simon
More information about the JDev
mailing list