[jdev] plaintext passwords hack
Simon Josefsson
simon at josefsson.org
Fri Dec 18 09:42:01 CST 2009
Alexander Holler <holler at ahsoftware.de> writes:
> Am 18.12.2009 02:33, schrieb Kurt Zeilenga:
>>
>> On Dec 17, 2009, at 9:55 AM, Simon Josefsson wrote:
>>
>>> Low iteration counts removes one nice features of SCRAM (mitigating
>>> dictionary attacks on stolen hash databases).
>>
>> It's only a nice feature if you can take advantage of it. If you need to support multiple password mechanisms, each either their own hashed password, you'd end up storing each. And then the attacker need only attack the weakest. And with need to service providers to support DIGEST-MD5 and CRAM-MD5, to the most popular password-based mechanisms, the weakest is not much stronger than cleartext.
>
> Storing a hash for every mechanism will not work. E.g. for DIGEST-MD5
> the server has to hash the clear-text password with a value the client
> provides.
That is true for CRAM-MD5, but not for DIGEST-MD5 and SCRAM-MD5. With
the latter two mechanisms, the server can store a hash and perform
authentications without access to the password. For CRAM-MD5 this is
not possible, and the server indeed needs to have access to the
cleartext password for things to work.
> So the server needs the clear-text password. And if the server is able
> to get the clear-text password, everyone with the same rights on the
> server can retrieve the clear-text passwords too.
Right.
/Simon
More information about the JDev
mailing list