0

I have been reading questions and answers related to this in here but none proposed this, does it have flaws?

  1. The user has his password that I stored hashed in my server
  2. He visits login and I supply a cleartext random string
  3. The javascript in the login page hashes his password, appends the cleartext, rehashes the whole string and sends it to the server
  4. The server takes the hashed password from the DB appends the cleartext, rehashes and compares

I think this method protects against password disclosure and replay attacks as long as the random string is not predictable and cannot be reused in a reasonable amount of time.

Are there any flaws in this algorithm?

Improve this question

2 Answers 2

Reset to default
1

The biggest issue that I see is that you're solving a problem that has already been solved (by SSL) and if you don't use SSL in your scheme, you're still exposed to man-in-the-middle and session hijacking vulnerabilities. If you are using SSL already, this is all unnecessary complexity, and as we know, complexity is bad for security.

So, the flaw in your algorithm is that you're not protecting the communication channel. Without that, your algorithm is not particularly secure, and with that, your algorithm is not particularly necessary.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

You make a good point, I guess about stealing cookies etc.. but I am interested in removing SSL from the common practice of only using it for login form and then keep clear HTTP for the rest. SSL can be expensive and most providers will not give it to you on a free plan.
0

I agree with the previous answer about using SSL, but I will address the algorithm specifically here.

To break your algorithm, an attacker would need to do one of the following:

  1. Learn the user's plaintext password
  2. Learn the user's hashed password
  3. Learn the cleartext random string plus the double-hashed password

Assume that an attacker knows or can guess the hash algorithm that you use.

There are several ways to achieve (1) that lie outside your algorithm. Common-passwords, password reuse, etc.

The hashed password (2) is essentially a password as well, since you will accept anybody who submits the hashed password + the random plaintext. So if an attacker can find the hashed password on either the client or the server, then he can login to your site.

(3) is interesting, and is a likely attack vector. Without SSL, an attacker can sniff to find both elements from (3) - he will hear the random plaintext coming from the server and then the double-hashed password going to the server. Then he can use password-guessing tools to determine the original password. Start with a list of common passwords, hash them, add the cleartext, and then hash again. The time that it takes to crack will depend on the strength of the password and the size of the hash algorithm. He could also try using a rainbow table to find the 'hashed password'+'random plaintext' string.

Your security would be improved by finding a way to prevent the attacker from sniffing the exchange at all.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.