undefined

points

[-]

You actually want to one-way passwords both client-side, for transport, and again server-side, for storage/comparison.

Otherwise, there's a hole, between the end of the TLS connection and where the server-side encryption happens, where the password is in plain text. Think logs and load-balancers and proxies.

While the client-side hashing doesn't help protect your site a lot (as you say, the hashed value the client sends effectively becomes the password), it helps protect the users who use the same password across multiple sites.

Notice in this case, that's exactly what the brothers are accused of doing: using credentials harvested from their site to log into other, potentially more lucrative accounts.

I didn't see if that's the hole the brothers exploited but it very well could have been.

The client-side encryption may have been all that was missing in this case.

by PunchyHamster26 days ago|

parent|

[-]

If you're worried about MITM in the TLS web connection between client and server, you already lost and no prevention method client side will work, because if you own the connection you can just give client malicious JS to extract the password when they enter it

by fc417fc80226 days ago|

prev|

[-]

Hashing client side is sufficient because the only service you can breach with the hash is the one you already had to breach in order to read the database.

Of course performing an additional server side hash on top of the client side one is good defense in depth because there's at least some chance that it might make things more difficult for a rogue insider and doing so costs approximately nothing. But it certainly isn't critical because by the time you're dealing with a rogue insider things are already looking quite bad.