[fc417fc802]

There are substantial differences between database access, snooping the logs, internal (no TLS) wiretap, and full MITM of the frontend.

Hashing client side minimizes the risk of any blast radius exceeding the bounds of your own service. There's obviously no way to prevent an adversary who achieves full MITM from gradually harvesting credentials over time. The only solution there is to use keys instead of passwords.

[necovek]

We are not disagreeing, but I am not getting my answer: how is client side hashing really helping, what are the circumstances it helps with if you do have the basics right?

In your enumeration, what is breached for this to be meaningfully impactful for other services where customers might be reusing credentials?

[fc417fc802]

As opposed to what? Your question seems unclear to me.

I already answered you that if you assume full MITM of the frontend then it is physically impossible to prevent gradual credential harvesting. Did you have a different scenario in mind?

> how is client side hashing really helping

Compared to what? Server side hashing? It prevents the plaintext from ever hitting your infra which minimizes to the greatest extent possible an insider or intruder gaining access to the plaintext. Since preventing access to the plaintext is the primary purpose of hashing it's the sensible option if you're forced to pick only one.

Of course there's really no good reason to pick only one of the two. You might as well elect for defense in depth against rogue insiders with full db access even though it's difficult to imagine what use they would have for a password based login at that point.

[necovek]

There is certainly good reason to do server-side hashing: you do not keep a persistent record of the customer's secret, yet keep the ability for them to authenticate with it.

If you are never logging a clear-text secret and storing a hashes version to validate against, and using TLS between client and server, client-side hashing does not bring much benefit other than protecting customers' reused passwords against people who have sufficient access to the infrastructure to MITM the client but no ability to modify the client side code where they could extract the password directly.

When IT has write access to code, client side hashing protects only against accidental log leakage and similar.

[fc417fc802]

> There is certainly good reason to do server-side hashing: you do not keep a persistent record of the customer's secret, yet keep the ability for them to authenticate with it.

That is not a property of server side hashing but rather hashing in general.

> If you are never logging a clear-text secret

Yeah good luck with that. /s

It's better not to need to worry about logging plaintext. The less of your infra that falls within any given security boundary the easier it will be to properly secure. The difference between server and client side hashing is how much of your infra touches the plaintext. Less is always better.

Sure, an insider could make direct use of hashes pulled from the logs. However if the attacker already has access to your systems then they are already inside the security boundary (or at least most of them) and likely have many other (probably better) options available to them.

It's important to keep in mind that the primary purpose behind hashing credentials is to minimize the degree to which your systems come into contact with the plaintext. The goal here is to contain the blast radius of any intrusion to only your own systems and only the immediate intrusion (ie to prevent future abuse after you've cleaned everything up) given the unfortunate reality that end users will frequently reuse credentials.

It's also important to keep in mind that hashing is cheap enough that you should probably be doing both. Hash it on the client so that you don't need to worry about logs (or snooping the LAN or whatever other way an employee might come up with to obtain plaintext passwords) and then hash it again before it enters the db so that you don't need to worry about the logs that contain hashes leaking.

[necovek]

I am not disputing client side hashing brings some value, just claiming that it is the least useful of the techniques applied.