0

I am trying to implement random salt md5 algorithm on an existing application. User passwords are stored in database as md5 hash. For existing users the following steps are followed

On client side (javascript)

client_password = md5(md5(plain_password) + random_salt)

On server side

server_password = md5(md5_password + same_random_salt),
check client_password to server_password

I am struggling to find solution to store user md5 password without salt in database for the case of change password.

Thanks

gideon
  • 19,329
  • 11
  • 72
  • 113
Sunny
  • 27
  • 3
  • 8
  • For the 100th time, stop using MD5 to presumably store passwords in a secure manner. http://www.win.tue.nl/hashclash/rogue-ca/ – John Leidegren Mar 29 '11 at 05:17
  • You shouldn't be doing the salting/hashing on the client side. The salts should be kept private. If you don't want to transmit the passwords in the clear for the server to do the salt+hash, consider enabling SSL, or use public key cryptography to cloak it. Either way, the salt should not be exposed. In either case, depending on Javascript to do this isn't particularly reliable. – Marc B Mar 29 '11 at 05:17

2 Answers2

3

First off : Do not use MD5 : It is not strong enough.

Excellent suggestion by @Shaggy Frog, use bycrypt. These posts should help you out:

https://stackoverflow.com/questions/2299434/bcrypt-implementation-in-javascript

Do I need to store the salt with bcrypt?

JS implementation of Bcrypt on Google Code

See th bCrypt JavaDoc.

What you would do is on the server when someone saves a password:

BCrypt.hashpw(plain_password, salt);

When someone tries to login:

if(BCrypt.checkpw(password_typed_by_user, stored_hash)
{
  //itmatches.. log him/her in.
}

What you could do is use the username (or maybe a few letters from the username) for the salt, so you don't have to store that somewhere too.

When the password changes you need to take the plain text password again (on the server) and hash it again just like you would do when you saved it initially. If you are thinking of retrieval, there is no way, thats the point of hashing. Like most websites, you can change the password to some random numbers and then email this off to the requested address.

Community
  • 1
  • 1
gideon
  • 19,329
  • 11
  • 72
  • 113
  • Thanks for help, I am using Java Struts 1.1 on server. Basically I am trying to encode password traveling on the network. But I am unable to understand your solution to check user password in javascript, how can i know which user is trying to log in. – Sunny Mar 29 '11 at 07:29
  • 1
    I don't understand myself why you would even need javascript. The second question I pointed out uses a Java bCrypt lib. It should work for you. Why are you trying to authenticate users on the client, when a user logs in you would contact your server, hash the users password with bCrypt on the **server** and then check if it matches your database records for the username in question. – gideon Mar 29 '11 at 07:32
  • Thanks, would definitely try bCript. So, I should use SSL to communicate with client browser and bCript to store salted password hash in database. – Sunny Mar 29 '11 at 08:10
2

Client-side encryption is useless since you ultimately can't control the result. Only server-side encryption works.

Storing passwords as MD5 hashes is not a best practice. This is how websites get easily hacked. Salts will not help you.

Use bcrypt.

Shaggy Frog
  • 27,575
  • 16
  • 91
  • 128