On Sun, 07 May 2000, you wrote:
> So, if someone can see those hashes, why don't they just create
> themselves a new user, grant it full privileges to the database and
> play?
I know, they can do anything. But creating a new user is something very
obvious that the admin will see. The breach of security would be detectable.
If they can get in with the hashes, they can be very sneaky and it would take a
long time to detect. The cracker shouldn't able to compromise a current
users account without having to even change the password on it. Its better to
force the cracker have to create an account than to let him do bad things as
you whenever he wants. Would you like the feeling of never knowing that maybe
someone has your hash and is able to get in without you knowing? Your
password becomes useless. Really, sensitive information in the database could
be insecure over a long period of time and it would never be detectable. You'd
just have to change your password frequently to ensure that you are the only
one that can get in. Its better to make a security system where the alarm will
go off.
If your competitor is able to get into the database as you, because he got your
hash after hiring some cracker to get it, he can learn all your trade secrets
and always find a way to have the advantage. You and your company might have a
hard time figuring out whats going on because, so to speak, the security on the
database has no alarm.
I agree that the MD5 double hash solution fixes the immediate problem. Its
just not going to be a complete security solution.
--
Robert B. Easter
reaster@comptechnews.com