Your company establishes an E-Commerce website that sells toys around the world. All traffic is protected by HTTPS. Which of the following is the most feasible approach for the browser to submit the user’s password to the webserver? (Wentz QOTD)
A. Raw password
B. Hashed password
C. Salted password
D. Digital signature
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is A. Raw password.
“Raw password” and “hashed password” are feasible solutions. However, raw password under HTTPS is more commonly used, e.g., Google and Facebook. The following reasons explain why the raw password is more feasible because information security should align with business needs:
- If the attacker can breach the HTTPS connection, sending a raw password or hashed password makes no difference because he can steal the access token and hijack the session. The residual risk is almost the same.
- Moreover, sending a hashed password means the user’s password has to be hashed or salted and becomes irreversible. However, some websites may need to support the “retrieve password” feature where passwords are encrypted, and customers can query their forgotten passwords.
A salted password refers to the hash value computed from the concatenation of the raw password and a salt, which is a “random variable incorporated as secondary input to a one-way or encryption function that is used to derive password verification data.” (ISO/IEC 11770-4:2017) The salt is typically generated at the server-side and kept secret from the client, so it’s not possible for the client to submit a salted password.
The digital signature is technically feasible but practically infeasible for an E-Commerce website to require customers to install a digital certificate for authentication.
- Why is client-side hashing of a password so uncommon?
- Why almost no webpages hash passwords in the client before submitting (and hashing them again on the server), as to “protect” against password reuse?
- You Are (Probably) Doing Login Systems Wrong
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
貴公司建立了一個電子商務網站，在世界各地銷售玩具。 所有流量均受HTTPS保護。 對於瀏覽器將用戶密碼提交到Web服務器，以下哪項是最可行的方法？ (Wentz QOTD)
A. 原始密碼(Raw password)
B. 散列密碼(Hashed password)
C. 鹽密碼(Salted password)
D. 數字簽名(Digital signature)