Why would you ever think this was a good idea? I guess non-security folks see the world differently?
This is a good example of the not-immediately-obvious ways types can help. Represent the password as a “zomg sensitive” type such that anything derived from it is also zomg sensitive (using a free-monad-like type). The only function that makes something not zomg sensitive is the password hashing function (and you enforce this). That at least forces you to ask the question “is this password-derived value somehow not sensitive?” when writing code to store it in the database.
Most of the industry’s worst security problems happened because smart developers approached security code the same way they did the rest of their code. The difference between security code and application code is, when application code fails, you find out right away. When security code fails, you find out 4 years from now, when a DVD with all your customer’s credit card and CVV2 information starts circulating
From talking with my friend, he expressed how they were working to enhance their system’s security. I think many an error in crypto / authentication occurs because devs ignorantly try to make their systems more secure. Wherein the above quote is applicable, they don’t realize that they’ve actually harmed the system, and have no immediate feedback until they get owned.
Why would you ever think this was a good idea? I guess non-security folks see the world differently?
This is a good example of the not-immediately-obvious ways types can help. Represent the password as a “zomg sensitive” type such that anything derived from it is also zomg sensitive (using a free-monad-like type). The only function that makes something not zomg sensitive is the password hashing function (and you enforce this). That at least forces you to ask the question “is this password-derived value somehow not sensitive?” when writing code to store it in the database.
Quoting Thomas Ptacek:
From talking with my friend, he expressed how they were working to enhance their system’s security. I think many an error in crypto / authentication occurs because devs ignorantly try to make their systems more secure. Wherein the above quote is applicable, they don’t realize that they’ve actually harmed the system, and have no immediate feedback until they get owned.