Transmit user password for a rest api

Question

I'm designing a REST API and I have some problems in terms of security for authenticating the user. For authentication I don't want the password to be send across the network in plain text.

To bypass this problem I could send a SHA-256 hash of the password (with the username as salt), so the password is never sent in plain text. In my database I will be storing the following hashes: SHA256(password + salt) and I'll compare if both of the hashes match.

The problem with this option is that I'll have a hash computed with a fast hash algorithm and the salt is not random.

In security the best practice is to use a slow signature algorithm, with a random salt (like bcrypt).

The slow algorithm is not a problem, i could use bcrypt on the client side, but for the salt i don't know what to do:

• Bcrypt need a salt with a defined size so i can't put the username
• If i'm using a random salt, how the client will know the value of this salt before computing the password's hash?

So i can see 3 options, but none are sastisfying:

• I send the password in plain text (I'm using SSL) and i store bcrypt in the db => still vulnerable to man in the middle
• I use SHA256 and send the hash where the salt is the username (still using SSL) => the hash in the db are less secure
• I use bcrypt and I have a two step process: i ask for the saltfor a given user and then send the hash of this user (still using ssl) => by trying to log in with an other username i can obtain his salt, not awesome

Is anybody has a better solution or some advices?

Answer 1

I think you might be conflating/confusing a few issues here:

• If you're storing the hash(password + username) on the server, and authentication involves sending hash(password + username), you haven't really achieved anything better than just storing the password on the server. The goal of only storing hashes long-term is that if you have a data breach (i.e., an attacker gains access to the database) they still can't produce the correct value to authenticate. But if you're doing a simple comparison, this is still an issue.
• The correct use of hashing+salting is: (1) Server stores tuples of (Salt, hash(Password + Salt); (2) User sends (claimed Password); (3) Server computes hash(claimed Password + Salt); (4) if hash(claimed Password + Salt) == hash(Password + Salt), then they're authentic. In this way, even if an attacker gets access to the database, they can't produce a claimed password that such that hash(claimed Password + Salt) is valid.
• Sending a plaintext password via SSL is not "in the clear". Per @NullUserException's comment, unless the attacker has broken SSL. Only the server will be able to obtain the value of the password (assuming the server's public key is valid, which is a whole 'nother story).

Hope this helps!