Moving to client-side hashing for online authentication
| dc.contributor.author | Blanchard, Nikola K. | |
| dc.contributor.author | Coquand, Xavier | |
| dc.contributor.author | Selker, Ted | |
| dc.date.accessioned | 2019-10-23T15:19:44Z | |
| dc.date.available | 2019-10-23T15:19:44Z | |
| dc.description.abstract | Credential leaks still happen with regular frequency, and show evidence that, despite decades of warnings, password hashing is still not correctly implemented in practice. The common practice today, inherited from previous but obsolete constraints, is to transmit the password in cleartext to the server, where it is hashed and stored. We investigate the advantages and drawbacks of the alternative of hashing client-side, and show that it is present today exclusively on Chinese websites. We also look at ways to implement it on a large scale in the near future. | en_US |
| dc.description.sponsorship | This work was supported partly by the french PIA project “Lorraine Université d’Excellence”, reference ANR-15-IDEX-04-LUE. | en_US |
| dc.description.uri | http://koliaza.com/files/Client_Password_Hashing.pdf | en_US |
| dc.format.extent | 17 pages | en_US |
| dc.genre | journal articles | en_US |
| dc.identifier | doi:10.13016/m2yrru-suxe | |
| dc.identifier.citation | Blanchard, Nikola K.; Coquand, Xavier; Selker, Ted; Moving to client-side hashing for online authentication; http://koliaza.com/files/Client_Password_Hashing.pdf | en_US |
| dc.identifier.uri | http://hdl.handle.net/11603/15964 | |
| dc.language.iso | en_US | en_US |
| dc.relation.isAvailableAt | The University of Maryland, Baltimore County (UMBC) | |
| dc.relation.ispartof | UMBC Computer Science and Electrical Engineering Department Collection | |
| dc.relation.ispartof | UMBC Faculty Collection | |
| dc.rights | This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author. | |
| dc.subject | Hashing | en_US |
| dc.subject | Web standards | en_US |
| dc.subject | Authentication | en_US |
| dc.title | Moving to client-side hashing for online authentication | en_US |
| dc.type | Text | en_US |
Files
License bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- license.txt
- Size:
- 2.56 KB
- Format:
- Item-specific license agreed upon to submission
- Description: