Secure login system
Author
Hi,
I have read some articles about this topic, most of them for php. What I need is a secure login procedure for client/server structure using tcp.
Everywhere I find this approach:
Having hash(pass+salt) saved in DB.
1. client send pass
2. server add salt and hash it, compare to DB stored hash
3. if they match - good, otherwise - bad
Is this enough? If someone sniffed packed, he knows the password. Same is true even if I use some encryption of password in client, since client will be public and easily decrypted, so they could find the encryption system and therefore decrypt the sniffed password.
I found something called RSA. Would this be enough for security?
1. client connect
2. server creates public key and send it
3. client encrypt pass with public key and send it
4. server decrypt using private key, add salt, hash it and compare to DB stored hash
Can password encrypted with public key really decrypted only by using private key? I'm not that good in math (no time to learn it on my own, and school didn't teach me anything about these things yet)
Use SSL/TLS to protect the password in transit. Public key encyption security is computationally infeasible to break - provided there are no implementation issues. Which is why you should use an existing implementation.
Note that you need a third party system to authenticate certificates to prevent man in the middle attacks.
Note that you need a third party system to authenticate certificates to prevent man in the middle attacks.
Author
If I understand this, by using TLS I would need some third party server to authenticate certificate. It's not that big project so I would like to stay at simple client/server without other things in it.
I don't need to keep all communication secure. I only want to provide some degree of safety for user's password.
With that man in the middle thing... If user is not connecting from unsecured wifi... There shouldn't be many possibilities for that kind of attack, should there?
I don't need to keep all communication secure. I only want to provide some degree of safety for user's password.
With that man in the middle thing... If user is not connecting from unsecured wifi... There shouldn't be many possibilities for that kind of attack, should there?
Or you could implement (or use a pre-existing framework) Kerberos which is a secure authentication mechanism, irregardless of the level of encryption on the channel.
Quote:Original post by Antriel
Hi,
I have read some articles about this topic, most of them for php. What I need is a secure login procedure for client/server structure using tcp.
Everywhere I find this approach:
Having hash(pass+salt) saved in DB.
1. client send pass
2. server add salt and hash it, compare to DB stored hash
3. if they match - good, otherwise - bad
This method is obviously inadequate as it reveals the password to any twelve-year-old with Wireshark. Even sending a hashed password doesn't offer much security these days, since most hashing algorithms used for such purposes (notably MD5 and SHA1) are quite easily cracked on modern hardware. At least for short (<10 character) passwords. Besides, if someone sniffs the hash they can just modify their client to send the hashed password that they sniffed. So while the hashing may protect you against recovering the password (if you're lucky), you'll still not protect users from having their accounts accessed.
If you don't want to implement SSL or something similar, a simpler approach might be to do something like this:
1. Client connects.
2. Server sends a block of truly random data.
3. Client puts password + data block into a secure hash function, and sends it to the server.
4. The server repeats the same procedure, and compares the two hashes for a match.
The advantage is that even if an attacker were to sniff the hashed password, it's still useless because the random data block will change on every connection. That means that a hash is only useful once. However, it's still possible to crack the password by treating the challenge block as the salt.
Send salt to client, calculate salt + password on client, send result back.
You might want to add some more salts here and there also so lookup password recovery cant be used.
1 client connect
2 server sends db-salt + server-session-salt
3 client uses secure hash on password + db-salt + server-session-salt + client session-salt
4 client sends hash + client-session-salt
5 server verifies hash = password + db-salt + server-session-salt + client-session-salt
This should make it fairly difficult to recover password.
You might want to add some more salts here and there also so lookup password recovery cant be used.
1 client connect
2 server sends db-salt + server-session-salt
3 client uses secure hash on password + db-salt + server-session-salt + client session-salt
4 client sends hash + client-session-salt
5 server verifies hash = password + db-salt + server-session-salt + client-session-salt
This should make it fairly difficult to recover password.
Kerberos does require additional servers, which makes it a rather complex solution.
Public key authentication doesn't (the term I should have used is an "out of bound" authentication system - not "third party"). The client can't blindly trust public keys sent to it from the server - anyone can generate a public key. However, if you create a special certificate (a "certificate authority" cert) you can include it with the client program. Then, servers can generate their own certs, and get them signed by the certificate authority cert. Finally, the clients can try verify certificates they get with the certificate authority cert. If it isn't signed, you can give the client the option of continuing anyway. OpenSSL includes a suite of applications to create and sign certificates, and a library you can use for your program.
The main downside is the cost of authorising the certificates for the servers in the first place. It is still a pretty complex solution though.
Another alternative is a "trust on first use" system. This is similar to SSH. In this setup, we assume that the probability of a man in the middle is low on individual connections. If the client chooses to accept the certificate in the first use, it can cache the certificate. Each subsequent connection to the same server is as safe as the first one. If the initial connection is made on a network you trust (such as your home network) then the probability of a MITM should be extremely low.
Can you tell us more about your setup though?
Public key authentication doesn't (the term I should have used is an "out of bound" authentication system - not "third party"). The client can't blindly trust public keys sent to it from the server - anyone can generate a public key. However, if you create a special certificate (a "certificate authority" cert) you can include it with the client program. Then, servers can generate their own certs, and get them signed by the certificate authority cert. Finally, the clients can try verify certificates they get with the certificate authority cert. If it isn't signed, you can give the client the option of continuing anyway. OpenSSL includes a suite of applications to create and sign certificates, and a library you can use for your program.
The main downside is the cost of authorising the certificates for the servers in the first place. It is still a pretty complex solution though.
Another alternative is a "trust on first use" system. This is similar to SSH. In this setup, we assume that the probability of a man in the middle is low on individual connections. If the client chooses to accept the certificate in the first use, it can cache the certificate. Each subsequent connection to the same server is as safe as the first one. If the initial connection is made on a network you trust (such as your home network) then the probability of a MITM should be extremely low.
Can you tell us more about your setup though?
Quote:Original post by Antriel
With that man in the middle thing... If user is not connecting from unsecured wifi... There shouldn't be many possibilities for that kind of attack, should there?
This requires physical proximity, and is not viable in general case.
For trivial and robust solution, use SSL in their existing forms. This will not protect against even the most basic, and by far most commonly used attacks, such as keyloggers or social engineering attacks.
For robust and "unbreakable" solution, one one-time pad solves the above problem. See WoW for example.
A combination of the above two concepts is about as robust as it gets when dealing with untrusted parties.
But at the end, attack vectors are determined solely by how valuable the thing you are protecting is. Experience shows that most services are simply not worth protecting, because nobody cares about them. This is very important since it directly affects sophistication of attacks. Banks need to cover not only all bases, but also the contingency case of what happens when the breach occurs.
So before going crazy with transport encryption, consider the important case - what happens if someone does steal the password? What is the worst possible thing they will do? How much work will you have to clean it up? How do you plan for it.
Work backwards from there. Putting 25 locks on door doesn't help if your window is open.
Author
Thank you all
I really don't want to spend money on something that can end up in development state forever.
How does big mmorpgs guard their users passwords?
I guess that MITM would have to be pretty skilled and making such an afford just for password for game account seems weird to me.
Basically MITM can't be only someone that can sniff packets, but he must also be able to stop, alter and resend packets in both directions. Something like that must be hard even on unsecured wifi or shared college internet.
Is making this much effort into security worth for just a game?
EDIT: Antheus, you got the point.. but I didn't understand this:
I really don't want to spend money on something that can end up in development state forever.
How does big mmorpgs guard their users passwords?
I guess that MITM would have to be pretty skilled and making such an afford just for password for game account seems weird to me.
Basically MITM can't be only someone that can sniff packets, but he must also be able to stop, alter and resend packets in both directions. Something like that must be hard even on unsecured wifi or shared college internet.
Is making this much effort into security worth for just a game?
EDIT: Antheus, you got the point.. but I didn't understand this:
Quote:For robust and "unbreakable" solution, one one-time pad solves the above problem. See WoW for example.
Quote:Original post by Antriel
EDIT: Antheus, you got the point.. but I didn't understand this:Quote:For robust and "unbreakable" solution, one one-time pad solves the above problem. See WoW for example.
Blizzard Authenticator.
This type of devices can typically be ordered in bulk from overseas for cents per piece. While order needs to be large, by the time you need it, you would be able to offer not only that, but also considerable markup on it as extra means of income.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
