January 19th, 2004


A secure password protocol for LiveJournal

LiveJournal wants to offer clients a way of logging in without presenting their plaintext password, for security reasons.

The existing proposal is a challenge-response protocol. It has a lot of problems, but in some ways the most serious problem is at the core: passwords are so low entropy that CR protocols don't do a lot to protect them, because someone who sniffs the session can run an offline guessing attack, and few people are good at generating passwords that resist such attacks.

Why muck about? Cryptographically, this is caveman stuff, and we have much better technology now: real secure password protocols. Probably the best known is SRP, which is available worldwide, royalty-free:


The only tweak I can see that might be needed would be running the password through MD5 before handing it to SRP for backwards compatibility reasons. Apart from that, we can use SRP exactly as specified, for a genuine leap in security over the existing protocol.