[ejabberd] Re: Encrypted Passwords

Matthias Wimmer m at tthias.net
Tue Oct 12 21:53:44 MSD 2004


Hi Arioch!

Arioch /BDV/ schrieb am 2004-10-12 15:23:35:
> MW> authentication mechanisms NEED the password on the server. 
> May it be that challenge/response be done over hash?

Challenge response is done using a hash on the wire not on the server.
On the server there might be done some precompution resulting in a hash
being stored, but this hash is something like a plain password again. It
is all you need to authenticate against the server.

If you are doing challenge response, you need to know what is needed to
calculate the hash on the wire on both sides as you have to calculate it
on both sides. So if you get what is stored on the server - it is always
everything you need to know to authenticate - and therefore it IS a
plain password. Period.

If you want to remove plain password from the server and do not want to
transmit plain password on the wire, you have to switch to completely
different authentication schemes, that are not based on secrets at all:
e.g. using certificates.

> Keeping passowrd on server is easy, but it also might be risky.

If you don't trust your server, than you should not use authentication
schemes based on secrets at all. Period.

If you can't trust, using hashes on the server and plain text on the
wire is no option for you as on the server you can even see what is
transmitted over a SSL/TLS link.


Tot kijk
    Matthias


More information about the ejabberd mailing list