User Authentication and Password Security

[Jack-Edwards]

User Authentication and Password Security

Crypter uses a password-based user authentication system. This means the user must provide a username and password during user registration. The same username and password must be provided whenever a user wishes to login.

One deviation from a "normal" password-based system is Crypter does not send the user's real password to the authentication server. Instead, the Crypter front-end will send a value derived from the user's real username and real password. The derived value, or authentication password, is currently a 512-bit hash of the user's password, keyed using the user's lowercase username. This hash is computed using the Argon2id password hashing algorithm. Argon2id can be configured to require a maximum number of computations and a maximum amount of dedicated memory. The values configured in Crypter strike a balance between usability and security.

Note: The Crypter authentication server also performs several hundred thousand rounds of standard PBKDF2 password hashing.

One benefit to hashing passwords on the front-end is users may provide whatever password they wish. There are no length or character requirements. Every password is hashed to be the same length and then encoded using a supported character set.

Despite having unlimited password possibilities, this does not relieve users from needing to provide strong passwords. Adversaries can still guess and brute-force weak or commonly used passwords using standard password cracking techniques.

So what is the point of front-end password hashing?

The other benefit is users never disclose their real password to the Crypter back-end or the Crypter team. This makes it impossible for the Crypter team to mishandle user passwords. But more importantly, this allows the Crypter front-end client(s) to derive a secret encryption key from the user's real password.

This secret encryption key, dubbed a credential key, is a 256-bit hash of the raw password, keyed using the user's lowercase username. Credential keys are not stored in the Crypter cloud. They are calculated each time a user provides their username and password on the front-end. A user's credential key is only used to encrypt the user's randomly generated master key. Encrypted master keys are stored in the Crypter cloud. No additional hashing or encrypted is performed by the server on the encrypted master key. A user's master key is used to encrypt all other secrets uploaded to the Crypter cloud, including the user's X25519 private key.

Because Crypter is a hosted solution, a system needed to be designed such that users could easily encrypt and upload data without disclosing their key or how the key was derived. This is what enables the Crypter application to encrypt user data without even the Crypter team being able to decrypt it.

Follow-up articles

• What items are encrypted with a user's credential key?
• What happens if a user forgets their password? Account Recovery
• How are passwords stored in the Crypter database?
• Why does a user need to provide their password when uploading a master key or when requesting their master key recovery proof?