Reply to post: Re: Storing passwords in plain text?

For Foxit's sake: PDF editor biz breached, users' passwords among stolen data

Michael Wojcik Silver badge

Re: Storing passwords in plain text?

There are cryptographic protocols for verifiers that don't expose the secret to the verifying party. SRP is the best known, but there are also PAK variants, for example. The identity-asserting party (the browser in this case) completes a zero-knowledge proof that it holds the secret in response to challenges from the authenticating party (the server). The authenticating party just has the information it needs to conduct the ZKP protocol; nothing it holds or receives can be used to impersonate the holder of the secret, short of brute-forcing the secret.

That's safer and more elegant than having the browser hash or otherwise mutate the user's input. In particular, a passive MITM who can intercept the ZKP messages can't use them to subsequently impersonate the user.

One problem with doing SRP in the browser is that you have to trust the SRP implementation, and for that matter the browser, so the incremental strength over HTTPS is small. On top of that you have the usual network problem: it's not advantageous for browser manufacturers to add it until a decent number of servers support it, and it's not advantageous for servers to support it until a decent number of users are prepared to use it.

Hell, how often do you see HTTP Digest Authentication used in the wild? And that's been around for 20 years.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2019