11 comments

[ 7.7 ms ] story [ 44.2 ms ] thread
If we take encrypt to mean hash (which is probably what the implementation would most likely mean), this still has the same problem that server-side hashing does. Hashing is fast, GPUs can burn through creating rainbow tables at incredible speed (see http://stacksmashing.net/2010/11/15/cracking-in-the-cloud-am... ). Now if it's talking about implementing bcrypt (http://codahale.com/how-to-safely-store-a-password/) in the browser that would be a real solution, but them the problem becomes adoption (at which point, you basically need to implement it on the server anyways). Plus, users would need to be signaled that this was a safe password box, vs. an unsafe one (which could easily be spoofed by malicious sites).
To summarize a prior discussion:

First, read: http://codahale.com/how-to-safely-store-a-password/

Next, note that rainbow tables don't enter into the Gawker break; Gawker used DES crypt(3) passwords, which can't readily be "rainbow tabled".

Finally, note that if you're going to advocate for a browser authentication change, there are cryptographically sound protocols that have been studied for over a decade that fit the bill far better than half-measures that do nothing but break "rainbow tables". A good one to start reading up on is SRP.

Thank you for consistently adding a voice of reason to all these reactionary blog posts. I would go insane were I in your shoes.
No TV and no beer makes Homer something something.

No TV and no beer makes Homer something something.

No TV and no beer makes Homer something something.

Does anyone have any more specific information on whether they just called crypt(key,salt) or actually used a larger salt with a call to encrypt()? The crypt() function only takes a 12 bit salt which is marginally helpful against rainbow tables.
Because you're worried about attackers constructing four thousand rainbow tables?
You wouldn't need 4096 if the choice of the salt was non-random; some versions of Unix used the first 2 characters of the username. What's the space requirement for a single rainbow table?
I don't know, but none of what they did was even marginally useful against iterated password crackers, so, change your password.
I think this should be server side....
It would require nothing more then the browsers to implement it in the same way

Oh dear. That'll never happen (examples: CSS, Html5 video, Javascript), which means this idea is dead in the water.