Question about quick password check?

I

ionicman2012-03-26 13:10:07

Passwords

ionicman, 2012-03-26 13:10:07

I have a question for practicing cryptographers :)
Actually, files are encrypted via mcrypt on the server.
Algorithm MCRYPT_RIJNDAEL_256, the vector is embedded in the source, the mode is MCRYPT_MODE_CFB.
The question is this - for any request to the server, I need to check the password for correctness.
It is possible to decrypt some key phrase each time and check it for validity, but as I understand it, if this phrase is small, then I make it much easier to crack the password - because the vector is known, the algorithm is also plus the phrase for which I check?
like if ( decrypt( "somethingcrypted", pass ) == "something" ) { ok }
Is there any solution to this problem?
How are passwords checked in large systems? Are hashes stored? like if hash(passw) == hash?
Again, this is a vulnerability, from my point of view.
Maybe there is some standard solution, bcrypt or something else to use?
Many thanks in advance for your help.

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

V

vajadhava, 2012-03-26
@vajadhava

On the login, we check the match of the password hash + salt + username hash + something else. If everything is valid, we create a temporary identifier, token, with a short lifetime, check it as we go, increment the lifetime. Remove obsolete identifiers. We use secure connections to organize data exchange between the client and the server.
In your case, if you check the hash of at least 70% of the entire password with each operation, the client side constantly transfers this password to the server for comparison, which is unsafe.

I

ionicman, 2012-03-26
@ionicman

They suggested one solution, quite as an option:
To quickly check the password, use sha1 hash, but not hash the entire password, but 70%.
Those. something like if ( sha1_hash( truncate( pass, (int)(len * 0.7) ) ) == hash ) {} in this case, even if you downloaded a server with all the giblets, it will slow down the decryption.
If you got access to the server with a 70% password, then when you download the file, you will receive a file.

A

ANUFRiY, 2012-03-27
@ANUFRiY

Another note:
We do not transmit the password in clear text over the network.
We generate salt when generating the login page, hash the password with salt on the client side, and then on the server side we look for what we need in the database like this:
select * from 'users' where login = '%login%' AND MD5(CONCAT('%salt%', `password`')) = '%hash%');
% login% and % hash% come from the form.
%salt% - in this case, your generated salt. It can be either static or dynamic (which is better). But in the second case, salts need to be stored somewhere.
As a result, when intercepting a password, they will intercept something indistinct, indecipherable and not driven so easily through the hash databases.

A

ANUFRiY, 2012-03-27
@ANUFRiY

If you want to keep passwords in such a way that they can be decrypted to the original value, do this separately. And do authorization by hashes.

M

mt_, 2012-03-27
@mt_

Just in case, I will say that storing the password in clear text on the client PC is not a very good idea. Because it will be stored in cookies (well, maximum - in the browser's local storage), and they can be accessed in a number of ways. Therefore, I would think about the protection scheme itself.