how to properly secure non-ssl logins (php + ajax)
Ivan Krstić
krstic at solarsail.hcs.harvard.edu
Tue Feb 17 20:36:40 EST 2009
On Feb 15, 2009, at 7:30 AM, Rene Veerman wrote:
> Recently, on both the jQuery(.com) and PHP mailinglists, a question
> has arisen on how to properly secure a login form for a non-ssl web-
> application.
What's the threat model?
> users[user_id].user_login_hash = onewayHash(user_login_name +
> preferences.pref_system_hash);
That you're hashing the username suggests you're worried about
eavesdroppers identifying the user at login time. But without SSL,
it'll almost certainly be trivial for an eavesdropper to identify the
user _after_ they login. What's the threat model?
> //checks since when [browser IP] has last received a new challenge,
> if < threshold : make a new challenge. else return old challenge.
It is incorrect to rely on a bijection between IPs and users.
> "preferences.pref_system_hash">
What you're calling a system hash is usually referred to as salt.
> // walk through all the records in users table, for each, calculate:
This is a completely broken approach, and prohibitive for applications
with more than a handful of users.
I suggest you start by trying to write down a clear, brief and
coherent threat model. Once that's done, you can solicit feedback
until you're satisfied with the definition of what you're trying to
build. Once you can focus on implementation, I suggest looking at
things like bcrypt, PBKDF2, and SRP as background reading.
Cheers,
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list