Harry Callahan’s profile

Latest Comments


To follow up on my previous comment, here's a "trivial" PIR (private information retrieval) scheme suitable for this scenario which requires zero cryptography and would provide significant privacy benefits to the user. Instead of sending the full hashed password to the web server, send only the last four characters. The web server can then provide the client with a list of all of the hashes that match those last four characters, which for this particular list of hashes is a pretty good size (not too big, not too small). Then you use a little Javascript to check (client-side) whether or not the full hash is present in the list that the server returned.

For users whose passwords were already compromised, there is no difference in privacy -- their passwords are still just as compromised as before. But for users whose passwords were not compromised, there is a huge benefit: the act of using your web page does not further compromise their password (e.g. by sending an unsalted hash of their password over the internet in plain text, which is what you're doing right now).

Posted in LeakedIn.

Thu, 07 Jun 2012 at 05:01:13 GMT


Chris, asking web site visitors for plaintext passwords, even client-side hashed, is super bad form. The correct way to implement this kind of application while keeping your geek creds intact is to use private information retrieval, which is a cryptographic technique specifically designed for exactly this kind of situation:


Posted in LeakedIn.

Thu, 07 Jun 2012 at 04:31:13 GMT