Hacker News new | past | comments | ask | show | jobs | submit login

The problem with client-side hashing in password forms is that the hash is now the password; as such, it provides no defense at all against even a passive attacker impersonating you. The only attack it provides any defense against is password reuse.



Not when the password is hashed with a nonce from the server.


This is digest encryption. While it's a great alternative to sending passwords in cleartext, it does have some major disadvantages.

> It prevents the use of a strong password hash (such as bcrypt) when storing passwords (since either the password, or the digested username, realm and password must be recoverable) [1]

Much better to have bcrypt'ed passwords stored on the server and your private SSL keys. If your compromised, revoke the SSL keys, and force users to change their passwords. With strong bcrypt'ed passwords, you can be reasonably sure passwords can't be recovered, but best to enforce resets anyways. With digested passwords, those will be recovered and end up in Troy Hunt's Pwned Passwords database.

[1] https://en.m.wikipedia.org/wiki/Digest_access_authentication...


Those disadvantages are based on the particular implementation. You could replace MD5 with bcrypt.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: