-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2009-12-17 01:43, Kurt Zeilenga wrote: > > On Dec 16, 2009, at 4:17 PM, Tobias Markmann wrote: > >> On 17.12.09 00:56, Peter Saint-Andre wrote: >>> And even if you do have hashed passwords, if someone breaks into your >>> machine then it's not that much work to de-hash them all. It just looks >>> scarier if they're in cleartext to start with. >>> >> That more or less depends on what you store in your authentication >> database. Considering SCRAM for example which has been designed to >> address the issue of clear text password ([1] Point 3) you'd ideally >> store the SaltedPassword, the salt and the iteration count for your >> users in the authentication database. >> Since SaltedPassword is generated like using Hi(hmac_sha1, password, >> salt, iteration_count) even if you had the database with all the >> SaltedPasswords you'd need brute force to find out the clear text >> passwords which can take quite some time considering the variable >> iteration count. > > Computing power on the black market is quite cheap. > > -- Kurt For a start you should really have you server very well secured. Very restriced access to anything, not letting mysql server or whatever to be accessed by anything else than localhost. No root ssh login, only certificate login, and so on and so on... So I think keeping anyone from even near the database seems a better solution for now. Also, since many users use easy passwords cracking hashes is not a huge problem. I remember some projects which were focused on pre-cracking hashes, but this goes back to when I used IRC so I dont remember that well what it was about. I think they were collecting windows password hashes and cracking them so if they found another hash that is the same they would already have the password. With distributed computer systems this does not take a long time and it would be easy to get any jabber password. So really, focus on not giving the database away, however that can happen. A more secure way is keeping the database encrypted as a whole, which would mean server administrators have to decrypt the database on server startup which again is very bad on server crashes and so on... Again, while its de-crypted someone could access the plain database.
Securing a server in general seems like a very sane idea IMHO Mihael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksphY8ACgkQr+feV2OERJ59WgCgqP23+UEeypZGbFpTYHBH4h5d D9EAoM+z4QK+yWYQXe7hhoVLWAIjAFDW =Mb3f -----END PGP SIGNATURE----- _______________________________________________ JDev mailing list Forum: http://www.jabberforum.org/forumdisplay.php?f=20 Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
