Quote:Original post by hplus0603
In the meanwhile, you have three choices for authentication:
1) Use public key cryptography, issue a certificate to the client using some trusted means, and use the possession of that certificate as proof of identity. Possession of the certificate is the main risk, as is distribution of the certificate.
2) Store a hashed password, have the client provide the cleartext password, hash it yourself. Sniffing the clear-text password is an added risk, although you don't have a certificate distribution problem. (Additionally, SSL communications may reduce the risk of in-transit sniffing, but again requires at least one level of certificate distribution)
3) Store the cleartext password (possibly obfuscated), and issue a challenge to the client. Client sends back hash(password+challenge). This is fairly immune to the risk of in-transit sniffing, but instead there's a risk that your password database may be compromised.
Those were the options I found in GPG too, but I like to come up with option 4, which I would prefer for a hobby project (and which I added in my network-wrapper):
4) Store only hashed password on server. Send only a hashed password on login.
How it works:
The client sends a login-request to the server. The server sends a sequence of random numbers to the client and saves this for later login-check.
The user enters the password, which is instantly hashed. Now you calculate another hashsum from the random sequence and the attached hashed password. This is the authentification you send to the server.
The server calculates the hashsum of the random sequence and the attached hashed password from its database and compares the result with the sent login authentification. If they match, the client is allowed to enter.
SUM UP:
- No plaintext password is saved or transmitted nor repeated login packet can be sent (the random numbers messes with this).
- No public key algorythm has to be used.
- If your DB is compromised, the thief will not get the users plain passwords but will be able to send valid authentification logins.
- Someone (the infamous MITM) sniffing the Random number sent by the server and the authentification from client can still use brute force to guess passwords and compare the resulting authentifications against the authentification the client sends to the server, so the client should not allow passwords with less than say 10 characters.
-----The scheduled downtime is omitted cause of technical problems.