how to properly secure non-ssl logins (php + ajax)

[Ivan Krstić]

On Feb 15, 2009, at 7:30 AM, Rene Veerman wrote:
> Recently, on both the jQuery(.com) and PHP mailinglists, a question  
> has arisen on how to properly secure a login form for a non-ssl web- 
> application.

What's the threat model?

> users[user_id].user_login_hash = onewayHash(user_login_name +  
> preferences.pref_system_hash);

That you're hashing the username suggests you're worried about  
eavesdroppers identifying the user at login time. But without SSL,  
it'll almost certainly be trivial for an eavesdropper to identify the  
user _after_ they login. What's the threat model?

> //checks since when [browser IP] has last received a new challenge,  
> if < threshold : make a new challenge. else return old challenge.

It is incorrect to rely on a bijection between IPs and users.

> "preferences.pref_system_hash">

What you're calling a system hash is usually referred to as salt.

> // walk through all the records in users table, for each, calculate:

This is a completely broken approach, and prohibitive for applications  
with more than a handful of users.

I suggest you start by trying to write down a clear, brief and  
coherent threat model. Once that's done, you can solicit feedback  
until you're satisfied with the definition of what you're trying to  
build. Once you can focus on implementation, I suggest looking at  
things like bcrypt, PBKDF2, and SRP as background reading.

Cheers,

--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com