On Fri, Feb 20, 2015 at 9:52 AM, devunt <dev...@gmail.com> wrote: > We should consider some edge cases like: > > * More than two accounts with exactly same email and password. > -> In this case, which account should be chosen for logged-in? Maybe > account selector could be one of the answers. > > * If there's a 42 accounts with same email. > -> Should mediawiki try to check password forty two times? It will > takes _very_ long time as enough to cause gateway timeout. Which means > nobody can log in to that account. > -> To avoid timing attack completely, should mediawiki calculate hash > of all users forty two times as same as above user?
Minimum viable product assumption: Given that authentication is attempted with an (email, password) pair When more than one account matches email Then perform one data load and hash comparison to mitigate timing attacks and fail authentication attempt A community education campaign could easily be launched to notify users that this invariant will hold for email based authentication and give instructions on how to change the email associated with an account. The target audience for email based authentication (newer users who think of email addresses as durable tokens of their identity) will not be likely to be effected or even aware of the multiple account disambiguation problem. Bryan -- Bryan Davis Wikimedia Foundation <bd...@wikimedia.org> [[m:User:BDavis_(WMF)]] Sr Software Engineer Boise, ID USA irc: bd808 v:415.839.6885 x6855 _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l