CGI question: safe passwords possible?

[Paul Rubin]

Peter Hansen <peter at engcorp.com> writes:
> Doesn't this implementation also suffer from requiring the server
> side to store the password somewhere effectively in the clear?

Yes.

> (Paul, I don't understand why you did a double hash above, since it
> doesn't seem to add any extra value over a single one, in this case.)

It's similar to HMAC, it avoids some possible attacks on the hash
function.  Probably not needed in this case.

> Also note: you won't be able to have your users change their passwords
> securely with any such approach.  For that, I believe SSL is going to
> be the only secure option, to avoid ever sending a password to the server
> in the clear.  (Or generate passwords on the server side and email to the
> user, though that has obvious other problems...)

You could use the old password as a key to encrypt the new password.
Of course that's not too clever if the reason for changing the password
is that the old one is compromised...