Is there any reason why I wouldn't want to verify passwords client side to ensure they are correct before submitting to the server? Let's say that when creating a password I generate two hash values (using salt1 and salt2). Then, when a user tries to log in I could send the hash made with salt1, so that the client can verify if the entered password matches. Then, it would only send the hash made with salt2 to the server, which would of course verify that it is correct.
That way the user could see that they entered the wrong password quicker (without waiting for a response from the server), and the server would have to handle fewer login attempts with invalid password.
Would this be a security risk, or if not, why is it not common practice?
CodePudding user response:
There are several problems with this approach.
- You would reveal valid password-hashes. An attacker could request the hash for any user (s)he wants and use them for an offline brute-force attack with a GPU. But this is actually not the main problem.
- If you calculate the hash2 on the client machine, and it is accepted directly by the server, it acts as the actual password. An attacker which can read the database containing the hashes (SQL-injection), can use them directly to gain access.
- A password-hash function should take as much time as your server can afford (key-stretching) for a single calculation, to make brute-forcing harder or even impossible. If you have to calculate two hashes, you split the available calculation time in two, which would be better invested in one calculation with a longer waiting time. Keep in mind that client side hashing usually needs much more time (JS) than a compiled language.
That said, client side hashing can be done, but it can never replace server side hashing. One could split the time consuming part between the client and the server to lift the workload on the server, though not to give fast feedback to the user (the client needs more time to get the same level of protection). This would also require a more complex setup (salt handling) which is often seen as an enemy to security.