我仍然认为客户端的哈希密码更好.我错了吗? [英] I STILL think hashing password on client side is better. Am I wrong?
问题描述
我已阅读以下内容:
...而且我仍然认为在客户端对您的密码进行哈希处理会更好.让我解释一下.
... and I STILL think that hashing your password on the client side is better. Let me explain.
引用的第一篇文章主张您应该使登录页面独立,因为无法信任客户端使用的整个代码库.我认为这是有道理的.
The first cited article advocates that you should make the login page stand alone since there's no way to trust the entire codebase used in the client side. I think it makes sense.
如果有道理,您如何信任服务器端使用的整个代码库?
And if it makes sense, how can you trust the entire codebase used in the server side?
上面有许多如此高调的答案声称由于TLS存在,所以不要在客户端进行哈希处理".确实可以防止密码被窃听,但是与我们的潜在恶意服务器端代码无关.
So many upvoted answers above are claiming that "don't hash on client side, because TLS exists". That's true for preventing the password from sniffed, but is not related at all if it's about our potentially-evil server side code.
此外,如果已经对密码进行了哈希处理,则我看不到服务器端对密码进行哈希处理的任何原因.如果您的服务器被破解,那么无论密码如何,您都已经完成了,但是破解者无法在其他任何地方使用获得的密码.
Also, I don't see any reason for the server side to hash the password if it's hashed already. If your server is cracked, you're done - regardless of the passwords - but the cracker can't use the obtained passwords anywhere else.
但是,由于我找不到这样的答案,因此我的说法似乎从根本上是错误的.我想念什么?
But since I can find no such answer, my statement seems to be fundamentally wrong. What am I missing?
推荐答案
如果您认为使用现代密码哈希算法(例如PBKDF2,BCrypt,SCrypt或Argon2)以较高的工作因数/迭代次数对客户端和服务器端进行哈希计算是更好,然后我同意.
If you think hashing BOTH client AND server side with a modern password hashing algorithm like PBKDF2, BCrypt, SCrypt, or Argon2 with a high work factor/iteration count is better, then I agree.
如果您认为仅客户端哈希更好,那么我对您的威胁模型持严重保留态度.
If you think hashing ONLY client side is better, then I have serious reservations about your threat model.
存在服务器端可以防止哈希密码的威胁,以及客户端可以防止的哈希威胁;这是一个简短的列表:
There are threats that hashing passwords server-side protects against, and threats that client-side protects against; here's a brief list:
- 两者:泄漏的密码数据库条目使查看者可以查看用户以明文形式输入的内容.
- 客户:具有数据包/流量拦截访问权限的服务器端内部人员,可以查看用户直接输入的内容
- 这是客户端散列除服务器散列之外的两个主要威胁之一,很容易缓解.
- BOTH: leaked password database entries allowing viewers to see what the user typed in cleartext.
- CLIENT: Server-side insiders with packet/traffic interception access seeing what the user typed in directly
- This is one of the two major threats that client side hashing IN ADDITION to server side hashing is a good fit for mitigating.
- 如果仅在客户端对密码进行哈希处理,则可以通过客户端请求将服务器DB中的所有内容馈送到系统,以根据服务器以合法"用户身份登录.这将使所有服务器审核日志记录谁做了谁的嫌疑.
- 如果密码是服务器端的哈希值,则无论客户端发生了什么,如果通过正常的身份验证渠道输入,服务器中的内容都不会对用户进行身份验证.
- 这是客户端散列除服务器散列之外的另一主要威胁,很容易缓解.
- MitM攻击可以来自客户端的公司IT部门,网络提供商或其他ISP,服务器组织的IT部门(负载均衡器或具有实际证书密钥的高级安全设备等),或来自许多其他来源. li>
- 无论您是否对客户端进行哈希处理,通过网络发送到服务器应用程序的内容都是服务器用来对您进行身份验证的内容.
这篇关于我仍然认为客户端的哈希密码更好.我错了吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
