On Feb 15, 2009, at 7:30 AM, Rene Veerman wrote:
Recently, on both the jQuery(.com) and PHP mailinglists, a question has arisen on how to properly secure a login form for a non-ssl web- application.

What's the threat model?

users[user_id].user_login_hash = onewayHash(user_login_name + preferences.pref_system_hash);

That you're hashing the username suggests you're worried about eavesdroppers identifying the user at login time. But without SSL, it'll almost certainly be trivial for an eavesdropper to identify the user _after_ they login. What's the threat model?

//checks since when [browser IP] has last received a new challenge, if < threshold : make a new challenge. else return old challenge.

It is incorrect to rely on a bijection between IPs and users.


What you're calling a system hash is usually referred to as salt.

// walk through all the records in users table, for each, calculate:

This is a completely broken approach, and prohibitive for applications with more than a handful of users.

I suggest you start by trying to write down a clear, brief and coherent threat model. Once that's done, you can solicit feedback until you're satisfied with the definition of what you're trying to build. Once you can focus on implementation, I suggest looking at things like bcrypt, PBKDF2, and SRP as background reading.


Ivan Krstić <krs...@solarsail.hcs.harvard.edu> | http://radian.org

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to