Moving to client-side hashing for online authentication

Blanchard, Nikola K.; Coquand, Xavier; Selker, Ted

Moving to client-side hashing for online authentication

Links to Files

http://koliaza.com/files/Client_Password_Hashing.pdf

Permanent Link

http://hdl.handle.net/11603/15964

Collections

UMBC Computer Science and Electrical Engineering Department
UMBC Faculty Collection

Full item page

Author/Creator

Blanchard, Nikola K.

Coquand, Xavier

Selker, Ted

Type of Work

journal articles
Text

Citation of Original Publication

Blanchard, Nikola K.; Coquand, Xavier; Selker, Ted; Moving to client-side hashing for online authentication; http://koliaza.com/files/Client_Password_Hashing.pdf

Rights

This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.

Subjects

Hashing
Web standards
Authentication

Abstract

Credential leaks still happen with regular frequency, and show evidence that, despite decades of warnings, password hashing is still not correctly implemented in practice. The common practice today, inherited from previous but obsolete constraints, is to transmit the password in cleartext to the server, where it is hashed and stored. We investigate the advantages and drawbacks of the alternative of hashing client-side, and show that it is present today exclusively on Chinese websites. We also look at ways to implement it on a large scale in the near future.

Moving to client-side hashing for online authentication

Links to Files

Permanent Link

Collections

Author/Creator

Author/Creator ORCID

Date

Type of Work

Department

Program

Citation of Original Publication

Rights

Subjects

Abstract