Hello Everyone,
I am currently reviewing some source code for a custom CMS on behalf of a
client.
All of it looks pretty good to me except for the line of code that does the
actual login.
It looks like...
(Yes this is PHP)
if(sha1($user_password) == $password_from_db){
login($user_name);
}
What has me worried is that $user_password is hashed prior to this function
by an SHA1 function written in Javascript, prior to being passed in to PHP.
This means that we are comparing the hash of a hash, which we all know is
generally considered bad practice.
When I confronted the original developer about this, he remarked that he did
it "for security reasons, and because the design docs said the password
should not ever be transmitted or stored in plain text".
Thats all well and good except that what has effectively happened in my eyes
is an increased chance for hash collision.
Thats about the only reason I can think of why this is a bad idea.
I need some advice here...
Should I just give this code a nod? I mean most passwords tend to be
insecure to begin with, and transmitting them in plain text is always a bad
idea.
Or should I reject this due to the increased chance of has collisions and/or
some other reason I can't remember off the top of my head?
Thoughts?
Sincerely,
Steve
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
