Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Private key. In cryptography we distinguish keys which are symmetric (needed by both parties and unavailable to everyone else) as "Secret" keys, with the pair of keys used in public key cryptography identified as the Private key (typically known only to one person/ system/ whatever) and Public key (known to anybody who cares)

Thus, in most of today's systems today your password is a secret. You know your password and so does the system authenticating you. In contrast the crucial key for a web site's HTTPS is private. Visitors don't know this key, the people issuing the certificate don't know it, only the site itself has the key.

I remember this by the lyrics to "The Fly" by the band U2, "They say a secret is something you tell one other person. So I'm telling you, child".



Private keys are also “secrets” here in the security world.

“Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing”

Your distinction is not shared by the industry so it’s not something helpful to correct people on.


I don't think I can take seriously in this context a quote in which certificates (a type of public document) are also designated "secrets".

Like, sure, they're probably thinking of PKCS#12 files which actually have the private key inside them, not just the certificate, but when they are this sloppy of course they're going to use the wrong words.


I have often seen the secret component of an asymmetric key pair referred as secret key as well. See libsodium for example. Maybe it's because curve/ed 25519 secrets are 32 random bytes unlike RSA keys which have specific structure which makes them distinct from generic secrets.


It also allows "pk" and "sk" as overly short variable names, an argument developpers are sometimes tempted by!


Absolutely, it's very convenient when working on a whiteboard :)


> You know your password and so does the system authenticating you.

Nitpick, but no it shouldn’t.

The HASH of your password is recorded. You never submit your password, you submit that hash and they compare it.

The difference is that there is no two passwords that collide; but there are hashes that may.

And that two equal passwords from two equal users are not necessarily accessible to someone with the hash list because they are modified at rest with salts.


To really nitpick the server does have the password during authentication. The alternate would be a PAKE which is currently quite rare. (But probably should become the standard)


I was going more for shouldn’t. You’re right, but for zero knowledge things like password managers where they specifically do not want your password.


I am aware of PAKEs, and I decided not to waste my time mentioning them because as usual the situation is:

Using a PAKE correctly would be safe, but that sounds like work

Just saying "Use a good password" is no work and you can pretend it's just as safe.

Real world systems using a PAKE are very rare. The most notable is WPA3 (and there are numerous scenarios where it's for nothing until WPA2 is long obsolete). Lots of systems which would use a PAKE if designed by a cryptographer were instead designed by engineers or managers for whom "Ooh, a hash with salt" sounds like a sophisticated modern technical solution rather than a long obsolete one.


> You never submit your password, you submit that hash and they compare it.

That's not true. If that were the case, the hash is now the password and the server stores it in clear text. It defeats the entire purpose of hashing passwords.

Side note: that is (almost) how NTLM authentication works and why pass-the-hash is a thing in Windows networks.


> Nitpick, but no it shouldn’t. The HASH of your password is recorded. You never submit your password, you submit that hash and they compare it.

Nitpick, but the password is submitted as-is by most client applications, and the server hashes the submitted password and compares it with the hash it has (of course, with salting).


> Nitpick, but the password is submitted as-is by most client applications, and the server hashes the submitted password and compares it with the hash it has (of course, with salting).

I never understood why clients are coded this way. It's trivially easy to send the salt to the client and have it do the hashing. Though I guess it doesn't really improve security in a lot of cases, because if you successfully MITM a web app you can just serve a compromised client.


> I never understood why clients are coded this way.

Because it makes things less secure. If it was sufficient to send the hash to the server to authenticate, and the server simply compares the hash sent by the user with the hash in its database, then the hash as actually the password. An attacker doesn't need to know the password anymore, as the hash is sufficient.

Hashing was introduced precisely because some vulnerabilities allow read access to the database. With hashed passwords, the attacker in such a situation has to perform a password guessing attack first to proceed. If it was sufficient to send the hash for authentication, the attacker would not need to guess anything.


More an implementation detail than a conceptual distinction, though.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: