Hi, > Do the same thing as at present, in that the client sends the password hashed > and not in cleartext. > > The server takes that hashed value and the user name, hashes again (perhaps > with a different algorithm) and compares to what it has stored. Neither the > original password (stored in the local machine or entered by the user) nor > the value sent on the wire (first hash) are stored in the server. > Cryptographically this is equivalent to sending a cleartext password over HTTP and storing a hash of the password.
C: username, password --> S S: compute H(salt, username, password) and compare against stored hash What you are proposing is to substitute password = H(password) in the above protocol. If you can sniff the interaction then you will recover H(password), which is sufficient for you to log in to the server. The only thing this change buys you is that the attacker would need a modified client (so that he can enter H(password) directly, instead of entering password). The existing (now "old") fossil protocol secures the wire interaction against compromise. It is generally believed that it is easier to sniff HTTP traffic than the compromise a server and retrieve a file with passwords. Also, unless I am misunderstanding drh's followup message, the "new" fossil protocol is similarly no more secure that the old protocol, just very slightly more irritating for an attacker. Instead of the client and server sharing the secret cleartext password p, they share the secret hash H(p). If you can compromise the server then you know the shared secret H(p), and can use it with a small modification to the client. The only way to solve this problem - securing both the wire and the server storage - is to move to a more advanced cryptographic protocol (preferably asymmetric crypto). That is not workable however, as it would leave no way to log on through the web interface (which is limited to the mechanisms reasonably supported by browsers). Fossil is not alone in this dilemma. Regards, Twylite _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
