4

I'm writing a Java EE application, which allows new users to register themselves and then log in over the Internet. I'm storing the credentials an a db.

Now, there are several ways to do that, e.g.:

  • send username and password, preferably over a TLS/SSL connection
  • send username and a hashcode of the password, preferably over a TLS/SSL connection
  • use the Secure Remote Password protocol (preferably over a TLS/SSL connection ?)

Reading some articles, it seems the Secure Remote Password Protocol (SRP) is the way to go.

But then reading some other articles it seems as this is only used on some low-level layers, e.g. such as TLS/SSL itself.

I still think, it's recommended to use the Secure Remote Password Protocol on application level.

Is this correct? Or are there some good reasons why this is not needed on application level?

asked Aug 27, 2012 at 19:15
4
  • 3
    Sending raw password over SSL is secure enough. Of course passwords on the server side need to be hashed and salted. Commented Aug 27, 2012 at 19:19
  • But aren't there possible attacks against hashed passwords? E.g. when someone manages to get the list of usernames and password hashes (happened to LinedIn lately). SecureSafe seems to use the SRP protocol for some reason as well... (securesafe.com/en/security.html) Commented Aug 27, 2012 at 19:44
  • Yes, brute-force attacks can be implemented against hashed passwords. In this regard SRP is no more secure than hashed passwords as the server-side keys are similarly vulnerable to this form of attack. Commented Sep 26, 2012 at 20:15
  • ThinbusSRP has a demo of using SRP to log into a JEE Spring MVC app and another one using only a rest app. bitbucket.org/simon_massey/thinbus-srp-js Commented Mar 11, 2015 at 8:33

2 Answers 2

1

There are a few tradeoffs to consider. First, sending raw passwords over an SSL link is reasonably secure if, and only if, the client is properly validating the server's SSL certificate. However, even when proper SSL certificate validation is preformed, sending the raw password to the server is not completely ideal. A hacked server could expose the user's password. As passwords are frequently re-used in other places, this kind of exposure has potentially serious implications.

An advantage to SRP is that it avoids both of these issues. The users's password never leaves their machine and proper SSL certificate validation is not necessary. The mutual-authentication properties of SRP renders SSL certificates redundant. In fact, some applications take advantage of this to completely avoid the headaches associated with proper SSL certificate management. They just use anonymous, self-signed certificates on the servers for data encryption purposes only and leave the authentication up to application-level SRP.

Specifically to your question, I think applicability of SRP to low-level vs application-level use really depends on your application. It can function well in both arenas but where it's best employed really boils down to the particular set of design constraints you're working with.

answered Sep 26, 2012 at 21:00
Sign up to request clarification or add additional context in comments.

2 Comments

So SRP has an advantage to server-side attacks in that the password is never shared with the server, but what about phishing attacks client-side? Wouldn't SRP be just as vulnerable when a client's key presses are being monitored as they enter their password?
Yep. It provides no protection at all against client-side snooping.
1

People should use SRP over TLS/SSL as they are complimentary.

If your users register or reset their SRP password verifier over the network then you need to encrypted the connection; as the verifier should to be kept secret so that it is not subjected to an offline brute force attack. TLS/SSL/HTTPS are perfect for this. They are well established, encrypt all data, and gives the protection of server certificates which try to ensure that the browser does not talk to a spoofing server.

SRP means that the password your users authenticate with does not cross the network. If your users use a company supplied computer going via a corporate web proxy then HTTPS may be decrypted and monitored. The Hearbleed bug also shows that well configured HTTPS can have problems. Laptop manufacturers have deliberately compromised HTTPS on the laptops they sell with Superfish so they can inject ads into encrypted pages. There could be compromised root certificates as deployed by the French government to snoop on employees. Even with a perfect encryption setup an application may leak passwords into logs by accident; whereas SRP does a one-time password proof using randomised inputs. So SRP protects the password from leaving the client machine which is inherently more secure than having it come into memory (from where it can be leaked) on two machines.

The upshot is that people should use both SRP and HTTPS/TLS/SSL.

answered Dec 22, 2014 at 22:45

Comments

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.