Hi there, I recently read this github ticket: https://github.com/wamp-proto/wamp-proto/issues/128 and it concerns me. Has this been fixed? If it has not, does anyone know how to make passwords impossible to determine once gaining access to the database?
There is now support for the wamp-scram authentication method as well (or you could use wamp-cryptosign).
I have not found a client for iphone that supports wamp-scram or wamp-cryptosign. In fact, the only client for IOS that I can find that works is MDWamp which only supports wamp-cra and is objective-c so I have to bridge all the code to Swift. I guess I’m hoping to make one of the more basic methods work more securely rather than have to implement the newer method in the iphone client. Ultimately I need something that works across python, Android and iPhone; sorry for not mentioning that before.
Hmm, I see. I think supporting wamp-cryptosign is the best course of action, especially for a phone: users are unlikely to type in an actually-secure password so following some kind of “pairing” flow where you send the phone’s public key to your server seems best.
Obviously, that takes library support … but it’s “just” ed25519 which has good support on most platforms. wamp-cra (or any password-based method) is never going to be as secure as keypairs.
This is a very interesting solution to me because my app does already generate RSA keypairs and in some cases send the public key to the server. I will google on ed25519. Ok edit… I did and it is another asymmetric scheme like RSA.
Are there any recommendations on how to implement this with MDWamp?
Thinking about this, I guess a better way would be to register the public key with the server at first login and never let it change, or at least notify people if it does change. Also store it with the hash of the password. When needing to authenticate, calculate the hash client side and sign it with the private key. Send it to the server which would then use the stored public key which it can match to its hash. Is that along the right lines? The hashed password would be exposed but the main authentication would come from the impossibility of being able to produce the accurate signing.
This couldn’t be done on an open channel otherwise an attacker would only need to observe the signed packet and send that.