<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">The present standard practice is for clients/users to establish an HTTPS connection and then send username and password over the wire, where the server will encrypt it using a rate-limiting function such as pbkdf2, bcrypt, or scrypt, to
protect it against hackers or bad employees who have access to the password file or database or whatever. But wait! We should assume, that hackers and bad employees who can access the password file can also access the encryption programs (drupal, wordpress,
apache, etc that run bcrypt etc) and have access to the password in-memory before it's encrypted.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Worse yet, even if the server is never breached and the employees are always perfect, users sacrifice their legal right to privacy by merely making it possible for the employees to see it.
<a href="https://en.wikipedia.org/wiki/Third-party_doctrine">https://en.wikipedia.org/wiki/Third-party_doctrine</a> This is like a person writing their password on a postcard and assuming the mail carriers will never bother to look at it. Why do we make a distinction
between the employees operating the routers on the internet, and the employees operating the web servers at google and facebook and everywhere else? We know we should never login to an http:// site because the random unknown employees who operate internet
routers could see the credentials in-flight. We've all been trained to only login on valid https:// sites, even though potentially thousands of random unknown employees might be at work on the other end, able to see the credentials in-flight.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">tl;dr<o:p></o:p></p>
<p class="MsoNormal">There is no good reason to do the encryption on the server. It should be ok to reuse passwords on different sites, as long as the passwords are never exposed to the servers.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I work at Concept Blossom, and we're promoting awareness about this issue. We produce
<a href="https://cbcrypt.org">https://cbcrypt.org</a> MIT open-source crypto library to address this issue. We're resource constrained on development, so development is taking place, but slower than we wish. Please spread the word and raise awareness as you
wish. Even if some other implementation eventually becomes dominant instead of CBCrypt, this is a big important issue that I don't want affecting my daughter when she grows up.<o:p></o:p></p>
</div>
</body>
</html>