On Friday, 27 November 2015 at 02:05:49 UTC, H. S. Teoh wrote:
For authentication, the password shouldn't even be sent over
the wire. Instead, the server (which knows the correct
password) should send a challenge to the client (i.e., a large
random number produced by a good RNG -- which is different each
time the user authenticates). The client should then prepend
this challenge to the password typed in by the user, and
compute the hash of the result. This hash is sent back to the
server, which does the same computation on its own, and checks
whether the two hash values match. Provided you're using a good
cryptographic hash, the only way the client will be able to
provide the right answer is if the user actually knows the
password. At no time is the password ever sent over the
network, encrypted or not.
--T
The issue I see with this is that the server has to _know_ the
password in order to hash it with the challenge. If the server is
compromised, guess who else knows the password now?
Some kind of public-key encryption/signing might work, though.