couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Candler <B.Cand...@pobox.com>
Subject Re: JavaScript bcrypt (was Re: authentication cleanup)
Date Wed, 27 Jan 2010 15:27:10 GMT
On Wed, Jan 27, 2010 at 06:33:12AM -0800, Jan Lehnardt wrote:
> I'm not a crypto expert, but it seems we can get away with sha1 if we use
> HMAC instead of just hashing + salting:

Errm, do you mean HMAC with a fixed server-side secret?

This means that if you replicate user records between servers, you must have
the same secret on both boxes.  This could be either a problem or a benefit,
depending on how you look at it.

But once your system has registered its first user, it will be impossible to
change to a different secret; in 10 years' time you'll have to be using the
same one.  Over time, the chances increase that the secret will leak somehow
(admin staff members leaving, for instance), at which point you are no
better off than a regular hash.

If you mean "use HMAC to mix in the salt", then that's an unnecessary
application of a HMAC.  The salt isn't secret, it's public.

Regards,

Brian.

Mime
View raw message