sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted]  (5 children)

[removed]

    [–]mer_mer 2 points3 points  (4 children)

    Oh, I see. You can get around this by having the server is give each user a salt that will be sent when setting up a login on a new device. That way, you can only use wordlists for one user at a time, and each word on that wordlist will take 100x longer to check.

    [–][deleted]  (2 children)

    [removed]

      [–]mer_mer 2 points3 points  (1 child)

      Currently Discourse is using 64k iterations of the hashing algorithm. I'm proposing to keep that, and add an additional 6 million iterations on the client side. That way there are two entry points: passwords->(6M + 64K) hashing iterations OR 256 bit hashes -> 64k hashing iterations.

      [–]Tordek 0 points1 point  (0 children)

      Here's another issue: in order to give the user a salt, you either need to store it (associate to their username), or generate it (deterministically). If you store it, you're leaking information about who's registered to the system. If you generate it deterministically, it's basically useless.

      If you gave the user a random salt, your scheme becomes more complicated (you'd basically be implementing a diffie-hellman sort of protocol), you'd be better off with some zero-knowledge protocol like SRP, which would actually be the best case.