|
On May 21, 2012, at 4:19 PM, Paco Willers wrote:You should still use salt, even if it is bad salt. If you have few users, even appending a single site-specific string will help frustrate people with pre-generated tables. "openssl rand -base64 36" will produce something Lua-friendly; drop it into the source code if necessary for now.[1]
>
> I now use http://www.keplerproject.org/md5/. The md5.sumhexa(message) function is what I was looking for. This library also contains several other functions which have my interest.
>
> About bcrypt and others... As mentioned, they are safer, but as long as my application in development (a telnet game) receives transmitted passwords as plain-text, there is a new challenge for me to solve that first. :-)
The reason is the period of vulnerability. An attacker must listen while a plaintext password is entered; if the attacker is limited to this they can only get passwords as people log in. However, if the attacker can obtain the hashed password file, they can attack the passwords of all your users immediately and offline. Probably some of your users have reused their password on other sites.
A bunch of MMO gold-selling game account cracks were probably traceable to this; people often use the same game username and password on a crappy PHP forum with unsalted passwords. Attackers only needed a PHP exploit to get read-only access to the account table once. They could then run the hashes through a rainbow table, and then log into the MMO and strip the character naked. No, there was not necessarily a plague of keyloggers in cheat software--just some web forums too lazy to salt passwords.[2]
The /usr/bin/openssl command can also be used to create and verify salted passwords (see "man 1ssl passwd") so if you can shell out you don't have to deal with any of this.
Plaintext authentication is bad, but it's bad in different ways. max(plaintext, unsalted) < bad <= (plaintext+unsalted).
Jay
[1]: Don't forget to fix your authentication code later. Once you become popular or paranoid, you can upgrade people to per-password salts gradually as they log in.
[2]: Plus PHP. I find it's generally safe to blame PHP for about anything, as it usually makes doing the correct/secure thing hard, and the wrong thing easy. Don't let this happen to your web framework.