Moving to client-side hashing for online authentication - Archive ouverte HAL Access content directly
Conference Papers Year :

Moving to client-side hashing for online authentication

(1) , (2) , (3)
1
2
3
Xavier Coquand
  • Function : Author
Ted Selker
  • Function : Author
  • PersonId : 1020025

Abstract

Credential leaks still happen with regular frequency, and show evidence that, despite decades of warnings, password hashing is still not correctly implemented in practice. The common practice today , inherited from previous but obsolete constraints, is to transmit the password in cleartext to the server, where it is hashed and stored. We investigate the advantages and drawbacks of the alternative of hashing client-side, and show that it is present today exclusively on Chinese web-sites. We also look at ways to implement it on a large scale in the near future.
Fichier principal
Vignette du fichier
blanchard-2019-movingclientsided.pdf (523.53 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-02560695 , version 1 (02-05-2020)

Identifiers

  • HAL Id : hal-02560695 , version 1

Cite

Enka Blanchard, Xavier Coquand, Ted Selker. Moving to client-side hashing for online authentication. 9th International Workshop on Socio-Technical Aspects in SecuriTy, Sep 2019, Luxembourg Ville, Luxembourg. ⟨hal-02560695⟩
122 View
158 Download

Share

Gmail Facebook Twitter LinkedIn More