|
|
|
|
|
|
by optimiz3
4512 days ago
|
|
|
Just looked up CRAM-MD5, and the password is used as a key to HMAC-MD5, which means you can at least store MD5'ed versions of the passwords. Add on a layer of encryption (unique key per password, keys in a separate encrypted table) and you're way better off than you are now. Also, since MD5 can be collided, consider SSL for the login process. |
|
|
In real CRAM-MD5 this is not true. It uses HMAC-MD5 of the key directly. To be able to calculate that, you need to do
Which means that you either store "key XOR opad" (not meaningfully different from storing key), or an intermediate result from MD5, which is tricky.Quakenet's authentication mechanisms, except for LEGACY-MD5, call MD5, SHA1 and SHA256 before using it as the key, so they could store just each of those different hashes (unsalted). The LEGACY-MD5 mechanism does require the plain text password to be known by the server.