Hacker News new | ask | show | jobs
by hansel_der 1660 days ago
passwords are a symetric key, hence if the server is compromised, so is the password. with asymetric keys, a compromise of the public key is no problem.

but you are right, key-files on a disk are more vulnerable to theft than secrets in your head. keyfiles with a password ontop are most secure but also most uncomfortable.
1 comments
zamfi 1660 days ago
> passwords are a symetric key, hence if the server is compromised, so is the password

Pretty sure that’s not how it works, iirc passwords are stored one-way encrypted. And if it were true, then anyone with root access to a box could comprise every other (Unix) user’s key, which seems like a potentially bigger problem…

link
atoav 1660 days ago
Passwords are (or rather should be) indeed stored using crypt. However at login the provided password needs to be compared to the hashed one, which means the clear text password needs to be rehashed. I am not sure this happens on the client.
link
wang_li 1659 days ago
It definitely doesn’t happen on the client. If it did then the server’s password file would effectively be plaintext.
link
zinekeller 1659 days ago
> If it did then the server’s password file would effectively be plaintext.

Send seed and hashing parameters to the client, then client does hashing, client sends hash, server compares hashes. It's vulnerable to replay attacks, but it's the same with client sending plaintext password to server (assuming that you're not using SSH or similar).

link
dsr_ 1659 days ago
You two are working your ways towards defining a zero-knowledge password proof:

https://en.wikipedia.org/wiki/Zero-knowledge_password_proof

I think SRP is the most widely implemented version. https://en.wikipedia.org/wiki/Secure_Remote_Password_protoco...

link
throw0101a 1659 days ago
Note that SRP is an older protocol, and things have moved on from there. See various PAKE algorithms:

* https://en.wikipedia.org/wiki/Password-authenticated_key_agr...

link
oxapentane 1659 days ago
Quick google led me to RFC4252[0], section 8 of which (as far as I understood) describes ssh auth sending password as UTF8 plaintext string (and the whole packet is encrypted at transport layer). While passwords in /etc/shadow are hashed, if someone got access to your server he can just put malicious listener that will catch this UTF8 string.

I'm not a SSH guru, so if I'm mistaken please shout at me ;D

[0] https://datatracker.ietf.org/doc/html/rfc4252#section-8

link
throw0101a 1659 days ago
Anything that is not PAKE (which SSH is not) generally sends the password to the server:

* https://en.wikipedia.org/wiki/Password-authenticated_key_agr...

* https://blog.cryptographyengineering.com/2018/10/19/lets-tal...

   A Password-Authenticated Key Exchange (PAKE) attempts to address this
   issue by constructing a cryptographic key exchange that does not
   result in the password, or password-derived data, being transmitted
   across an unsecured channel.
* https://datatracker.ietf.org/doc/html/rfc8125

I'm sure there are other zero-knowledge protocols besides PAKE-like ones, but I'm not an expert here.

link
icedchai 1659 days ago
I wouldn't worry about storage. Anyone with root access can modify the sshd daemon (along with imap, pop3, and whatever else) to log all the passwords received.
link
hansel_der 1660 days ago
pretty sure passwords are sent to the server in a way that reveals the actual password to the server. any chance you are thinking about key-agent?
link