Is this authentication method secure?

I

Israfil222021-01-24 13:49:18

User identification

Israfil22, 2021-01-24 13:49:18

I create a system where there are users without registration (data storage). After connecting to the server, the client sends a couple of fields - login and password. Further, this data is mixed (adding a field to json) with a secret phrase and the hash is sent back to the user. The user shares this identifier as his identification key for other users who can interact with it (ie, sends this key to the public).
What underwater can be? Hashes seem to be irreversible, and brute force and rainbow tables are useless when using salt (i.e. my given secret in the field).

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

H

hint000, 2021-01-24
@hint000

The problem is salt.
If the salt is different for each user, then it must be stored on the server, and this contradicts the original conditions.
If the salt is the same for everyone, then there is no point in salt - it breaks about the same as without salt.
I can't think of any cryptography in which the salt was made a secret (although this in itself is not a problem).