[colug-432] password survey

[Rob Funk]

Scott McCarty wrote:
> Personally, I do not consider hashing of any kind secure because it
> is plausible to crack some of the passwords. Worse, it's a moving
> target with ASICs and video cards cracking faster, and faster. I am
> not trying to preach, but prefer keys, and session encryption for
> anything production. By very nature, keys are two factor and revocable.

I'm not understanding this. How does having a key make it implausible
to crack some passwords? Doesn't advancing hardware affect symmetric
encryption just as much as hashing? I'm not seeing how "two
factor" applies here; maybe we're not agreeing on the meaning of that
phrase. Finally, keys aren't inherently revocable; there's a lot of
infrastructure involved in making them revocable. Though certainly
having keys allows re-encrypting passwords with new keys at will.

The problem with using symmetric encryption for passwords is that each
account now has two ways of getting in: knowing/cracking the password,
and knowing/cracking the encryption key. And unlike with hashing, if
that encryption key is stolen then everyone's passwords are exposed.
Generally it's not considered a good idea for anyone to get access to
plaintext passwords. (Authentication protocols that involve passing
the hashed password across the wire complicate things though, since
the protocol does need access to the plaintext password.)