All geek questions in one place

Strong secure password recovery algorithm

I am working on the robust development of a robust algorithm for resetting passwords and searching for feedback from the user community. Here is what I have come up with so far (using What are the best practices for activation / registration / password - reset links in emails using nonce )

The reset password works as follows: When the user asks for the reset link to be emailed to them ...

  • Generate $ salt
  • Tell the user the email address $ to which they want to send the reset password link.
  • Get the key $ (= secret user-predefined account information that only they know, for example, the city in which they were born, or SSN # Last4).
  • Create $ nonce = hash ($ email. $ Key)
  • Save to table:
    • $ nonce (PK)
    • $ salt
    • $ EXP_DATE
  • Create $ hash = hash ($ salt. $ Email. $ Key)
  • Send the user a link to reset your password @URL = ...? hash = $ hash

When the user clicks on the link that we sent, it leads them to the form:

  • Enter $ email
  • Enter $ newPassword
  • Validate $ newPassword
  • Requesting the key field ... i.e.: "Enter the city in which you were born:" Enter $ key

When a user submits this form ...

  1. Get hash from URL
  2. Recover $ nonce = hash ($ email. $ Key)
  3. Use $ nonce to extract $ salt from our table (if not implemented).
  4. If hash ($ salt. $ Email. $ Key) == $ hash from the URL, then the check is correct !, so we ... Update the user password in the database
  5. Otherwise, we refuse the attempt to change the password.

Notes:

  • All email responses and $ key responses are trimmed and omitted before processing to avoid confusion.
  • A regular sproc maintenance job should periodically delete all expired characters to keep the table clean.

What do you think?

+4
source share
1 answer

A couple of questions. By storing nonce in the database, you completely destroy the nonce value and therefore weaken the overall security of the application. By preserving the salt, you also weaken security, because if I get access to the database, I know the "random" value of the salt that you used for the account, so opening up attacks on rainbow tables.

When a user submits this form ...

Retrieve $hash from the URL Recreate $nonce = hash($email . $key) Use $nonce to retrieve $salt from our table (if unexpired). If hash($salt . $email . $key) == $hash from URL, then the Validation is GOOD!, so we... Update the user password in the database Otherwise, we refuse the attempt to change the password

The foregoing is violated. Since I know that you store nonces, you reduced the security of your application, and then, while maintaining salt, also weakened security. Given the above scenario, I can get salt and output nonce if I have an email + hash algorithm (you should assume that I know your algorithm). Therefore, I can "quickly" break the entire database.

-one
source

Source: https://habr.com/ru/post/1395399/

More articles:


All Articles