My question is related to What to do about websites that store plain text passwords. There are a few websites that I use that when I click "forgot password" my password is sent in plain text to the registered email account. Ignoring the obvious compromise of sending my password without any encryption, does this also highlight security issues on the back end? For example, I thought generally passwords are supposed to be saved in a hashed format such that the actual password is not retrievable. I also know that banks do something funky that lets them check individual characters of the password.
-
1How is you question different from the linked one, and why the answers there do not answer it? If you do not clearly answer these 2 remarks, your question is likely to be closed as a duplicate... – Serge Ballesta Mar 09 '17 at 16:43
-
@SergeBallesta the linked question asks about what to do if the website is storing the password in plain text. I am asking if given the behavior of the website that it means my password is saved in plain text. My thought is maybe they are using some sort of HSM. – StrongBad Mar 09 '17 at 16:48
-
Banks don't necessarily have to do funky things to be able to verify password characters. They usually ask for a few characters, and it wouldn't be difficult to hash all possible combinations: for 12 character passwords, you'd have 220 combinations, which isn't a huge number. However, when you're a bank, you can generally afford a decent HSM, which is a much better option! – Matthew Mar 09 '17 at 16:58
-
See also https://security.stackexchange.com/questions/4830/how-do-some-sites-e-g-online-banks-only-ask-for-specific-characters-from-a-pa – PwdRsch Mar 09 '17 at 17:35
2 Answers
Storing a hash of the password is now the best practice, because even if the password database is compromised, it is not possible for the attacker to get the original password. But if the attacker cannot, it means that neither the site admin nor the application can.
So if the site could send you back your password, it means that it has been stored in plain text or which is mostly equivalent in a security point of view in an invertible encryption. Compromission of a password database normally involves passing multiple barriers, and the last encryption is only one more, not necessarily harder than the other ones: the key must be accessible to the application so it must be present somewhere.
TL/DR: if a site could send you back your password, it stores the password in plain text and not in a hashed form.
- 25,636
- 4
- 42
- 84
-
i thought KDFs are best practice and that mere hashing is trivial to undo, no? – dandavis Mar 09 '17 at 22:05
-
@dandavis hashing is a non invertible operation. Encryption is invertible. – Serge Ballesta Mar 09 '17 at 22:09
If a site can send you your password, it is not hashed. There are basically two ways this can be exploited:
Someone working at the place who has access to the password database can impersonate every single user/customer, including you, without any effort at all. So hashing passwords helps in protecting clients from some of your own staff.
If the password database is stolen, your password is immediately known, and if you use the same password on other sites, you have a problem because there won't be any time to change your password on the other sites before the thieves can access your accounts there. Password hashing can be seen as a measure to protect a user's plain text password in case of a successfull password db theft.
(You can mix and match the two exploits, too - an employee might try your password on another site, and an external password thief might only be interested in impersonating you on the site)
Hashing passwords doesn't add any security beyond making the above two exploits harder (or impossible, depending on how the passwords are hashed).
For example, to steal a password database, an attacker usually needs access to the password database, and this usually means that he has gained access to other parts of the system too; for example the database that stores your transaction history with the site, or private messages, or whatever business the site is in. Whether the passwords are hashed or not doesn't matter in that case.
Another example: An employee of the site which stores your passwords in plaintext might not even need your password in the first place. If we're talking about a system administrator, for example, he might have access to all the data you store on the site without your password, so whether it is hashed or not doesn't matter.
The use of plaintext passwords (and especially their retrieval via e-mail) might point to a lax attitude when it comes to security, which might mean there are other security problems which aren't all that visible. But there could also be valid reasons for storing the password in plaintext. There are some authentication and/or encryption protocols that require access to the plain text password.
- 9,150
- 1
- 21
- 30