[Moin-user] Re: On logging out and hashed passwords
Malte Helmert
helmert at informatik.uni-freiburg.de
Sun Feb 13 19:29:50 EST 2005
Brian Gallew wrote:
> Actually, there is one very good reason for storing an encrypted version
> of the password: people re-use passwords. Yes, effectively you end up
> with a new, unencrypted password (that just happens to look like a lot
> of random garbage), but it's highly unlikely that string will match the
> end user's password anywhere else. OTOH, it's quite likely that the end
> user has two or three passwords they use for personal stuff. This means
> that getting their "real" password off the wiki might give the attacker
> access to some other resource unrelated to the wiki in question.
It actually does in the current setting if that other resource is
another MoinMoin wiki!
Actually that's why I brought this up in the first place. I am using the
same password for several MoinMoin wikis [1], and everybody who can
obtain the encrypted password for any of them can log in as myself in
any of them.
Problems of this kind are typically solved by "salting" the password.
Effectively, the wiki would not store sha1(password) in the database,
but rather sha1(password + salt), where salt is a string that is likely
different for the same user on different wikis, e.g. the time when the
account was created.
Malte
[1] You can call that careless, but there is no way I could remember all
the passwords that I need regularly if they were all different. Of
course I am not using the same password for "critical" things.
More information about the Moin-user
mailing list