[Q] password encryption

Duane Maxwell dmaxwell at san.rr.com
Tue Jan 15 08:05:28 UTC 2002 

> Duane also did a DES plugin; a newer version is attached with a few
> trivial changes so that the code is compatible with the VMMaker unix
> makefile rules (needs uppercase letters at fron ot plugin name)

DES alone is probably not the best choice for password encryption, since
it's reversible and the key could be scavanged from Squeak pretty easily,
since it must be a shared secret between the client and the server to work.
A one-way hash like MD5, MD4 or SHA is a better choice, but not much better.

A simple interception of the message between the server and the client could
compromise the security.  Scenarios:

1) Client sends plaintext password, server does hash and compares against
saved hash.  Interception of plaintext password results in compromise.

2) Client sends hashed password, server compares against saved hash.
Interception of hashed password results in compromise.

A much better way to do security is to create a public/private key pair.
Server sends public key to client, client encrypts password with that key,
then sends the result to the server.  The server decrypts with the private
key, performs a hash, then compares the result with the saved hash (this is
to make the saved password list secure should the server become
compromised).  If the key pair is randomly created per session, then the
system is pretty secure (unless you have a man in the middle replacing the
public key it it passes by - which is why eventually you need digital
signatures, and ultimately, trusted certificates).

If the message is long, one typically uses public/private key pairs to
exchange a symmetric key like DES, since encryption with DES is relatively
cheap compared to, say RSA.  Client supplies public key to the server,
server encrypts a new DES key and sends to client, client decodes the DES
key using private key from pair, then uses it to encode the body of the
message.

Luciano Notarfrancesco wrote an implementation of RSA quite a while ago -
it's now legal to use.  If he's lurking, he might be inclined to post it.

-- Duane

More information about the Squeak-dev mailing list