I've readed README.md5_passwords where idicates a vulnerability:=20
"When you change your password, the MD5-hash
of your PW is transmitted down the wire. An enterprising cracker could
manage to fake a login form and supply the page with the MD5-hashed
password, which would then authenticate them. "
In the same way, i think that md5 crypt storage isnt a good system when
the user password is md5 crypted in client side. The cracker who has =
readed
database passwords has the same possibilites than with clearly text =
storage
without the necessity of "break" md5 hash. He only have to manage the =
fake=20
login form as in the readme example using directly pasword hash.
Im thinking in use two passwords for authentication. One using =
Challenge_Auth
with clear storage, and other using md5 storage but clear send in the =
form.
The second password will be crypted in server side before comparison.
Thus both attacks will be necessary: database read for the first =
password and=20
sniffering for the second.
Observe that sniffering the register form send or a password change will =
get
the first password (if we allow it) and a second sniffering during =
authentication
could get the second.
If its correct, i'll use it for admins authentication. I think its so =
hard for customers
whose usually one password is enough.
If somebody wants see the code, i could post it.
Readme file also say:
" If you need security you should consider running SSL or no webserver =
at all.
I looked into public-key encrypting the form response when changing
passwords..."
I'm interested in SSL authentication examples or pk encryption. Using =
phplib
or php only (i'm newbye at php too).
Thanks,
Virilo Tejedor. Email: vi...@su...
|
