客户端密码散列与纯文本 [英] Client side password hash versus plain text

问题描述

我正在组建一个android客户端（可能在将来的iOS，门户网站等）和php mysql服务器。服务器端我目前正在使用PHPass库来散列和加密传入的密码。

我应该让客户端通过HTTPS / SSL发送纯文本密码，还是客户端应该某种形式的哈希首先。例如，每个客户端都应该简单地使用sha1（或其他算法）的每个外发密码？ 大多数网站将通过加密连接SSL / HTTPS发送密码纯文本。哈希密码客户端可以完成，但优点很小，并且通常客户端语言（JavaScrypt）速度很慢，所以您可以在同一时间计算较少的轮次，这会削弱哈希。在任何情况下，服务器都必须计算一个哈希以保证安全。

优点很小，因为如果攻击者可以进行ManInTheMiddle攻击，他也可以修改/删除做哈希的脚本（JS）。只有使用SSL / HTTPS进行加密连接才能防止MITM攻击，因此无论如何您都需要使用SSL。

对于使用应用的情况，它看起来有些不同。由于用户首先必须安装软件，因此不需要向客户端发送脚本，因此MITM无法修改此脚本。此外，该应用程序可以相对快速地计算散列（如果它可以运行本机代码），因此可以在客户端进行足够的回合。

这就是我要做的：

1. 为了便于通过加密的SSL / HTTPS连接发送纯文本密码并计算慢BCrypt哈希服务器端，就像您一样。
   
2. 只有当服务器上的负载变得过重时，才可以将缓慢的BCrypt散列计算移至客户端应用程序。仍然使用HTTPS发送散列，然后在服务器上计算额外的快速散列（例如SHA-256）。这是更复杂的，因为你必须分开交换和储存盐。

I'm putting together an android client (and possibly in the future iOS, web portal, etc) and php mysql server. Server side I am currently using the PHPass library to hash and salt the incoming passwords.

Should I make the client send plain text passwords over HTTPS/SSL or should the client do some form of hashing first. For example should every client simply sha1 (or some other algorithm) every outgoing password?

解决方案

Most websites will send the password plain-text over an encrypted connection SSL/HTTPS. Hashing the password client-side can be done, but the advantage is small and often client-side languages (JavaScrypt) are slow so you can calculate less rounds in the same time, what weakens the hash. In every case the server must calculate a hash as well to be safe.

The advantage is small, because if an attacker can do a ManInTheMiddle attack, he can also modify/remove the script (JS) which does the hashing. Only an encrypted connection with SSL/HTTPS can protect against a MITM attack, so you need SSL anyway.

In your case with an app, it looks slightly different. Because the user first has to install your software, there is no need to send a script to the client, so a MITM cannot modify this script. Moreover, the app can calculate the hash relatively fast (if it can run native code) and therefore can do enough rounds on client-side.

This is what i would do:

1. For easiness send the password plain-text over an encrypted SSL/HTTPS connection and calculate the slow BCrypt hash server side, as you do now.
2. Only if the load on the server grows too heavy, then you can move the calculation of the slow BCrypt hash to the client app. Still use HTTPS to send the hash, and then calculate an additional fast hash (e.g. SHA-256) on the server. This is more complex, because you have to exchange and store the salt separately.

这篇关于客户端密码散列与纯文本的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！