It would be nice if the password scheme you finally settle on can be
optionally replaced (compile-time) by the password hash available native
on the OS. In the case of OpenBSD, the Blowfish-based replacement for the
DES or MD5 based crypt(3) is better suited to resisting dictionary and
other offline attacks by fast processors.
This suggestion is useful in case the shadow password file is compromised.
It is independent of any challenge-response protocol you apply upstream.
Ciao--Louis <louis@bertrandtech.on.ca>
Louis Bertrand http://www.bertrandtech.on.ca
Bertrand Technical Services, Bowmanville, ON, Canada
OpenBSD: Because security matters. http://www.openbsd.org/
On Fri, 9 Jul 1999, Gene Sokolov wrote:
> I would be happier even with storing passwords at the server as a reversible
> hash. For example, xor all user passwords with some value (for example
> "PostgreSQL") and store base64(xor) strings instead of plain text.
>
> Challenge-response authentication based on MD5 or SHA hashing would be
> better, of course. A scheme like this would be reasonably secure:
>
> 1. Client initiates connection.
> 2. Server generates a long (16 byte) random value and passes it to the
> client.
> 3. Client generates a one way hash of the user ID, SHA(password), and the
> random number:
> hash := SHA(uid [+] SHA(password) [+] randomval)
> and sends openly uid and the hash back to the server
> 4. Server reconstructs the hash using stored SHA(password) and compares it
> with the received hash.
>
> Even more secure: don't store SHA(password) at the server but store
> SHA(password) XOR <mastervalue>.
>
> Gene Sokolov.
>
>
>
>
>
>