OK, that might sound like a weird question. Please read carefully before jumping on me. OK?; -)
Imagine this situation:
- We have a server and a client.
- They connect using SSL.
- The client creates an account on the server with a password.
- But what he actually sends to the server through the wire is the hash (+ salt) of the password (NOT the password)
- The server stores this received password hash in the database (hashed AGAIN with salt)
- During login, the user re-sends the password hash (NOT the password!) For authentication.
Well, yes, I understand, that sounds weird. Yes, the whole conversation is in SSL, so you can just send an open password. And yes, I understand that you can safely store a secure password in a hashed form.
Here's what I'm going to: it’s good for our business to sincerely say: “We will never know your password.”
Note. I do not say "we do not keep your password in the clear," but we really never know that; you never give it to us.
(The reason for this is not relevant, suffice it to say that the user's password is used for other things, such as file encryption).
Yes, I understand, you can say that with the usual way of doing it, “okay, the password will only be in clear text in memory for 5 ms while you do hashing”, but this is more related to the negation. those. we can say that 100% we don’t even get your password.
OK, so here is the question:
I try my best to see the flaw. For example:
- ( SSL, )
- , , erm..., hashed
, :)
, .
,
: : , - . "" , . , , , , .
, , .