I gave up reading the conversation since it is essentially the same one we had with Jeff’s last posting on password storage. I know I brought up a couple points which with further reflection turned out to be incorrect (Not sure what I was thinking). No need for details though, since obviously the conversation continues.
The logical and mostly correct outcome of the discussion is good, stored password hash + random salt = good security. Question is, will this design withstand the test of time.
Everyone is aware of the botnets, and the amount of spam being put out, which is almost an entirely seperate issue. I’m just curious if anyone else is scared to death that these botnets could be turned against our authentication systems themselves. You have a generally accepted good security practice, HASH + random salt stored in database, how long do you think this can stand up against a million or more PC botnet?
What is the targetted lifespan of your system?
What if your end user uses the same password for 10 or more years?
I have nothing against a good password scheme, but rule number 1 should always be, don’t give away your database. Your system security architecture should be so good that the “evil” bad guys are unable to obtain your database from forgetten backups and all the other methods. The true reason we need to secure the passwords in the database, is we’re not sure we can keep the data safe, and it’s also very easy to implement rudimentry protection, that as it stands can discourage your script kiddies.
Rudimentry protection will not always be enough.