Luc Gommans/ blog

On client-side hashing

Written on 2016-07-14

A quick post so that I can link people here in the future, instead of making the same argument over and over again.

People are generally against client-side hashing of passwords in browsers because:

• if you use http, a man in the middle attack would just remove the hashing script (or backdoor it); or

• if you use https, a man in the middle attack cannot be performed anyway.

Fair points. However:

1. Client side hashing defeats passive listening, e.g. someone with their WiFi card in monitor mode, government dragnet network taps, or an attacker that does not want to get caught by sending active attacks (because non-passive attacks are visible to the target).

2. It makes it transparent to your users that you hash passwords and which hashing scheme is used.

3. It really defeats passive listening. Yeah I'm saying this twice because as a pen tester (and, admittedly, script kiddie when I was 15 or so) I've noticed the difference this makes in practice. Performing man in the middle attacks is so much less fun when people use sites like SMF forums, which uses client-side hashing.

Conclusion: use client side hashing. It has substantial upsides and no downsides. But do not rely on it. Https, server-side hashing and all other security measures are still a must.