I just published “Password and Credential Management in 2018
”https://medium.com/p/password-and-credential-management-in-2018-56f43669d588 …
-
-
Replying to @harwoeck
I like what you write, but I also have criticism: You give several valid reasons for the domain-personalized client-side pre-hashing, however this may sound like it provides the equivalent of unique passwords even when actual passwords are reused, which it doesn't.
2 replies 0 retweets 4 likes -
Not criticism: BTW, you actually can enforce a trivial password policy - a blacklist of top N otherwise-most-common and/or leaked passwords - even with this pre-hashing, by similarly pre-hashing that blacklist. A Bloom filter can make the check very fast even for huge blacklists.
2 replies 0 retweets 1 like -
Then, you suggest normalizing with SHA3-512 to 64 arbitrary bytes, yet at the same time mention bcrypt's truncation at first NUL. For passing into bcrypt (or another function accepting C string), you need to e.g. hex-encode HMAC-SHA256 (giving 64 ASCII chars, which fits in 72).
1 reply 0 retweets 1 like -
No reason to prefer SHA-3, but a reason to have something like HMAC in there is to avoid the ambiguity in e.g. "passwor" + "domain" vs. "password" + "omain". BTW, bcrypt was introduced in 1997 (code already in use), not 1999 (paper published).
2 replies 0 retweets 1 like -
Replying to @solardiz
I'm not sure if I understand your example. Could you explain that a little bit more? Thanks
Regarding SHA3 and HMAC: I had a short discussion in Reddit about using KMAC instead of SHA3, but dropped the thought, as I have never used it and therefore won't recommend it to others1 reply 0 retweets 0 likes
The example shows that concatenating two variable-length strings can produce a collision. I also wouldn't recommend KMAC. My recommendation of HMAC-SHA256 is because it's widespread. It's especially good fit for use with yescrypt, which includes it in the tree anyway.
-
-
BTW, you would need to do this pre-hashing server-side for the relatively few clients that lack client-side computation (JavaScript disabled, e.g. like it often is in Tor Browser).
0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.