0

Please hear me out. I used to scoff at people who asked this question because client-side hashing is "so obviously wrong." I have read similar questions on this site but haven't found a satisfactory answer.

Why hash on the server instead of the client?

If the goal is to prevent someone with access to the password database from logging in, then server-side hashing is an absolute must (otherwise someone could just send to the server whatever they stole from the passwords database).

However, my understanding is that the purpose of hashing is to help people who share the same password across many sites. When a password is properly hashed & salted, an attacker cannot as easily brute force the plaintext password then try it on a bunch of other websites.

If mitigating password-reuse attacks is the goal, apart from clients having less hashing power, hashing & salting [0] on the client side makes sense because it means that even a fully compromised server would never see a client's plaintext password.

What am I missing?

[0] salting is important so that a compromised server cannot re-use hashes to log into other services hashing passwords on the client

user171782
  • 31
  • 1

2 Answers2

1

Your technical analysis makes sense, but one basic assumption is flawed. The purpose of hashing is not to help people who share the same password across many sites. This is a absolute no go and should neither be encouraged nor supported.

The main goal of hashing is protecting passwords against offline attacks. If an attacker is able to access the password hashes on the server, he should not be able to crack them offline and use them on the same site. Sure, if a user doesn't follow best practice and re-uses the password on different sites, this is even worse, but ultimately the user's fault.

Your approach, hashing on client side, opens the system up to a pass-the-hash attack, where you don't need to real password but can authenticate by sending the hash value only.

By stating, that the server never sees the real password, if the client hashes it, you are technically correct. But, when using this scheme, the hash actually is the password.

Demento
  • 7,249
  • 5
  • 36
  • 45
1

If the goal is to prevent someone with access to the password database from logging in, then server-side hashing is an absolute must

Well, yes. There's your answer right here.

my understanding is that the purpose of hashing is to help people who share the same password across many sites

Hashing mostly doesn't help there. If Eve compromises server S2 and obtains Alice's password there by snooping on Alice's login attempt, she can try that password on server S1, regardless of how S1 stores its passwords. Hashing on S2 helps if Eve obtains the password database on S2 but not the password itself. And because the hashing is done on the server, it helps protect S2, not just S1.

Gilles 'SO- stop being evil'
  • 50,912
  • 13
  • 120
  • 179