On 4/13/08, Holger Lampe <[EMAIL PROTECTED]> wrote:
> Oh, I think I misunderstood the whole thing, or didn't I?
A salt is just a bit of random data that when hashed with the password
yields a value that is different every time even when using the same
password. The purpose is to make it impossible to perform a dictionary
attack where the attacker has a copy of your password database (e.g.
because the server was hacked).
For example the SMD5 (salted MD5) hash is computed as follows:
$salt = substr(md5(mt_rand(), false), 0, 4);
$ctx = hash_init('md5');
hash_update($ctx, $password);
hash_update($ctx, $salt);
$hash = hash_final($ctx, true);
$hash = '{SMD5}' . base64_encode($hash . $salt);
Note that the salt is also separately concatenated with the password
in plain sight because you'll need it to compute the hash during
authentication. Specifically you split the salt and hash from the
value in the DB, compute the hash with the salt and the user supplied
password and compare the two values. If they match, the password was
correct.
Another common source of a salt is the username. Since you know the
username at authentication time there's no need to keep track of the
salt at all. HTTP Digest authentication does this.
One thing that I've thought about doing is storing the HTTP digest in
the DB. Then you could compute the digest on the client side and never
send the plain text password over the network. Below is a JavaScript
function that can be called on submission of the login form that will
replace the password entered by the user with it's Base64 encoded HTTP
digest hash:
function digest() {
realm = document.f.realm.value;
username = document.f.username.value;
password = document.f.password.value;
text = realm + ":" + username + ":";
hash = MD5.base64(text + password);
document.f.password.value = MD5.base64(text + hash);
}
When the server receives this they Base 64 decode it and compare it
directly to the value in the DB.
Of course the hash value itself is as good as the password in this
case - an interloper could capture the hash and submit it as the
password. But it is still better than passing the password clear-text
and the hash serves its purpose in protecting user's password if the
server is compromised.
Mike
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
