1

I am looking for best practice for username/password login. People have different views for client side hashing on password.

From Google's recommendation https://cloud.google.com/solutions/modern-password-security-for-system-designers.pdf

The client side hashing should be implemented as below:

Have the client computer hash the password using a cryptographically secure algorithm and a unique salt provided by the server. When the password is received by the server, hash it again with a different salt that is unknown to the client. Be sure to store both salts securely.

My questions are

  1. I agree the server should send a (unique) salt to the client. But why does the server need to hash the client result again with another salt?

  2. Does the above mechanism suggest the server should store both salts as separate columns in the database table? And assume both salts are static (not changed per each login?)

  3. SSL/TLS have mechanism to avoid replay attack. Does the above mechanism provide extra value to counter replay attack? I don't see any random factor about the static salts and I cannot relate anything can address replay attack.

Frankie Hung
  • 111
  • 1
  • Potential duplicate: https://security.stackexchange.com/questions/8596/https-security-should-password-be-hashed-server-side-or-client-side?rq=1 – schroeder Jan 03 '20 at 08:32
  • The short answer is that then the hash becomes the password. If you can capture the hash client-side, then you can just pass that to the server and log in. – schroeder Jan 03 '20 at 08:34
  • Thank you both. I now understand why server hash is necessary. In fact, it is more important than client side hashing. – Frankie Hung Jan 03 '20 at 10:05
  • @schroeder, the problem you said is also applicable to do server-side hash. If we can capture anything from the client side, we can replay it anyhow. – Frankie Hung Jan 03 '20 at 10:13
  • One further question: why the second salt has be unknown to the client? – Frankie Hung Jan 03 '20 at 10:15
  • @frankiehung because if the client knows it then a potential attacker can know it – LTPCGO Jan 07 '20 at 16:40

0 Answers0