Hello!

UPD I apologize, my head was cooking poorly, the question was not put right, as a result of which the discussion went in that direction, so I’d make some corrections that I was afraid to make earlier.

Everyone knows that using the md5 hash algorithm is no longer a solution to all problems.

In the task: there is no SSL, unprotected channel, the Man in the Middle attack can be easily implemented.

  1. How to protect the cookie?

  2. Actually, what algorithm (s) of hashing would you use when developing a web page, or rather, designing a database and authentication system, in such "conditions"?

  3. What do you think about sha (md5 (pass))?

  • and explain, please, than md5 is bad? - yapycoder pm
  • Read md5-collisions, RainbowTables. Not to mention smaller databases for recovering md5 passwords. And on the wiki there is something about the vulnerabilities of md5, pay attention to the Chinese. - Dex
  • CHAP solves all problems. And if you have such a terrible secure site, then use a good authentication protocol. Choosing a hash function is not critical when using cryptography correctly - yapycoder
  • and collisions in sha are only 4 billion times less common - yapycoder
  • Actually, I didn’t want to choose between sha and md5. I asked about their combination. And, unfortunately, CHAP does not solve all problems, but creates new ones. First, since every time a new challenge is generated, it seems difficult for me to save a new response in a cookie. Secondly, in this case, the system for creating md5 on the client side is necessary, and since not everyone favors JavaScript, this idea is also not entirely acceptable. - Dex

6 answers 6

If you are not satisfied with MD5, then you can try SHA-256 or SHA-512 in case it’s some kind of paranoia.

SHA + MD5 should not be used. It is not recommended to cross two cryptographic algorithms at all, since security may not increase, but rather decrease. So just choose a good algorithm and use.

And you can try to encrypt all passwords with some key hidden in a safe place.

If we are talking about some really paranoid case, then, as we noted earlier here, then in reality there are a bunch of different authentication schemes (for example, the Auth Token pattern) and they do not oblige you to use the hash function.

And here’s another thing: sessions are often cracked either through cookies and sometimes through IP + cookies. Thus, it is impossible to protect oneself from theft of cookies except for issuing new cookies for each request (generate a new session key)

Quite another thing - storing in the database. If you are afraid that someone will steal the base itself .. then this is a completely different task. It is worth separating these two problems.

UPD

And remember that one of the principles of cryptographic strength states that the secrecy of the algorithm or some initial data (for example, salt) does not guarantee security.

  • No, it's not in the database. Thank. Something clarified. - Dex

I saw an article where they suggested using the following algorithm:

  • we take the password
  • make hash (md5)
  • break the hash with its function
  • make the resulting hash

its function involves replacing letters in a hash by position in the original record of certain letters by others, for example:

a = @ s = $ o = 0 can still be added to replace the capital letter

initial password: password

hash: 5f4dcc3b5aa765d61d8327deb882cf99

broken hash: 5 @ $$ c03b5 @ $$ 60d61 @ $$ 20deB @ $$ c099

second hash: 212fee4334b1eea4911bea4051a61c7d

You can also not repeat the replacement and replace part of the word, as an option to start a replacement from the position = password length, use fantasy.

    Dear Dex, it was necessary to immediately ask the question how to protect against theft of cookies. There is a popular scheme for this, using the same autologin is done on sites:

    there is a table of approximately the same structure:

    id | user_id | token1 | token2

    when the user logs in to the site (enters the login and password) you put a record in the table. token1 and token2 are some sort of random data hash (which hashing algorithm is not so important)

    In cookies, these tokens are placed, for example, in this form: token1: token2 (or, knowing the length of the hash, you can not use the separator ":")

    So, now the situation: User1 (the true owner of these cookies) returns to the site, we parse the cookie and see that for token1 and token2 there is such a record, let it go inside, at the same time! change the value of token2 to another random hash, both in the database and in the cookies themselves.

    Now imagine that the attacker pulled our token1 and token2, naturally after visiting the site token2 has changed. After this, User1 comes to the site, we see that token1 is in our database, but token2 is different from what was expected, so we:

    • delete this entry from the token table
    • delete all active sessions of this user with token1

    thus, cookies by the attacker become invalid. However, User1 must re-enter the password to get into the system.

    If you say that you can change the password using cookies, then for this system you need to provide for changing the password with confirmation via email, the change of mail should also be with confirmation.

    • An interesting idea, but I did not quite understand the principle, can I link to an article or something? - Sergey
    • To my shame, I don’t know the name of this method :( Or at least some key word that allows you to google the article on this subject. What exactly is not clear to you? I will try to clarify - Alex Kapustin
    • Firstly, I didn’t say about changing the password, it would be enough just to do (in the absence of the User) some nastiness with his account (for example, if it was a bank account, then transfer money and that’s all, a utopian situation for example); Secondly, if such attacks are constantly performed on the user, he will not be able to work. - Dex

    You can apply this method. We refuse cookies in general, but in each request we send a security token: hash(<пароль>+<URL страницы>+<текущая дата-время с точностью до минуты>) . For example, http://example.com/some/page?security=12345678 . It is clear that the server can verify the correctness of the token, since it knows the password. And the attacker cannot compose this token, since he does not know the password, and by intercepting an HTTP request, he will recognize the token for only one page, which is valid for a minute.

    Of course, we do not want to force the user to calculate and drive a hash into the address bar. We can either create an absolutely dynamic Javascript website, which asks for a password at the beginning of the session, and then loads all pages with Ajax, secretly adding tokens to URLs. Or you can store the password in the local storage of the browser (LocalStorage), and add Javascript to each page, which rules all links after loading - then we can make a less dynamic website with real page reloads.

    It is clear that this is all trash, but, as I understand it, you have a problem with some local site, for example, an enterprise site. In this case, the transformation of the site into a web application can probably be justified. If the site is public, then these perversions will not go unnoticed, and users will not love you for them.

    The given scheme is quite safe, but only if we have read-only man-in-the-middle. But if he can edit the information transmitted from the server to the client, then everything is bad - he will simply replace his home page, which will not store the password locally, but send it directly to him. And nothing can be done with this, except for what has already been done in SSL, namely, server identification with the help of a certificate. Well, it is impossible to find out if the server is correct, whether the authorization page is correct (whether the salt was sent by the server, etc.), without agreeing with it about some general secret that can be checked, revealing this secret, or not agreeing with someone else, who agreed with the server. A secret that can be verified without opening it means using public key cryptography. A third party contract is the use of a third-party certification server whose certificate is preinstalled on the client system. These two things, by and large, make up the SSL protocol, so the best thing you can do is overcome your certain problem that prevents you from using SSL.

      Better so md5 (pass. $ Salt) Salt, any value, not random.

      • Well, what is better? In my option to hang cookies, and pass them off as easy as that. Read the comments in question. - Dex
      • Hang my cookies. They are not so easy to whistle. Just from xss it is better to protect and draw conclusions from the database and files (where the information is stored) via htmlcpecialchars (); - Ruzarh
      • It all depends on the project, on Facebook they did a great job on some countries, they ask you when you enter, show all your friends out of 10, did not guess, went to .... - Ruzarh
      • And we are not talking about XSS. The fact is that the network in which I inhabit is far from ideal and you can drag off everything that is not encrypted from the people. - Dex

      Everyone knows that using the md5 hash algorithm is no longer a solution to all problems.

      1. To everyone? Many do not know how MD5 works!
      2. The solution to all problems is only death!

      What kind of hashing algorithm (s) would you use when developing a web page.

      When developing a web page, I would use an IDE.

      or rather database design and authentication systems?

      You can store the user's password in the database in the form of MD5 or use special language functions (in PHP you can use hash_hmac to encrypt the password with your favorite algorithm and salt)

      PS You have a very incorrect question. I would correct it in your place.

      PPS I didn’t understand what your problem is with MD5 with salt (for example, more than 8 characters are chosen long enough - for an average statistical service).

      • one
        You seem to understand how MD5 works. Then explain how MD5 even with salt placed in a cookie can be protected from intercepting packets on a public Wi-Fi network, or on a network built on unmanaged switches? But at the same time, note that SSL is unavailable, and the channel is not encrypted - Dex
      • I don't understand how MD5 works. You can protect MD5 by changing the salt depending on the time (limit the lifetime of the session to 5 minutes). Refuse unmanaged switches. Start using SSL. You put some utopian conditions ... - vit1251
      • one
        Limit session lifetime to 5 minutes = kill all desire to visit your resource, refuse unmanaged switches = spend money on managed switches or spend money on another provider, use SSL = spend money on a valid certificate, load the server with SSL processing. You can protect the MD5 by changing the salt = Cookies can still steal. Judging by your comment, you do not understand not only MD5 but also do not understand computer security. - Sergey
      • @ Sergey, to the point! @ vit1251, I have a wonderful program from the bank, in which the login and password is not saved, I therefore do not use it. In addition, there is a banking front-end on the Internet, login + password (which are stored in the Opera) + Challenge-Response, which I get with the help of a chip card and a device + SSL - do their job. In my case, the Login + Password is not enough, since there is no SSL (and it doesn’t matter for what reasons), but I can’t issue a card with the device either, so I asked how you would solve this problem. Without passing the password or hash over the network. - Dex
      • one
        @Dex you followed the path taken by the creators of 3DES. The text of your message is extremely bad. Your final question is: "As without transmitting: password, hash over the network, authorize the user on the site." Correct the question !!! - vit1251