[BW-dev-discussion] Passwords and encryption
Callum Macdonald
bw-lists ...
Wed Oct 17 12:52:10 UTC 2007
G'day,
I've only very lightly followed the passwords / encryption discussion,
so forgive me if this has already been covered (I'm confident it hasn't
though).
As I understand it (although I may be wrong) we store an md5 of the
user's password. If we also use this password as the basis for the
encryption, an attacker who gained a copy of the database could use a
rainbow table attack[1] to reveal user's passwords and then proceed to
crack the encryption.
I'm still sceptical about the need for encryption at all, but I like
Thomas's idea about off-server storage of private keys, so if it can be
implemented in that format, I guess it would be a good idea.
A simple solution to avoid rainbow attacks is to generate a random (or
pseudo-random) salt value for each user, which is stored in the user
table, and then we store an md5 (or sha1) of the user's password
combined with the salt. Each user has an individual salt, so this
negates the rainbow attack method.
Cheers,
Callum.
[1] http://en.wikipedia.org/wiki/Rainbow_table
More information about the bw-dev-discussion
mailing list