W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1995

Re: potential security holes in digest authorization

From: Brad Barber <bradb@geom.umn.edu>
Date: Fri, 14 Jul 1995 15:42:52 +0500
Message-Id: <v0151010bac2bf7490ef4@[199.3.133.216]>
To: Dave Kristol <dmk@allegra.att.com>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
>I would like to propose that <password> be replace by H(<password>).
>The client would pass to the server
>        H(<username> : <realm> : H(<password>))
>The server could store in its user/password file
>        user-name:H(<password>)
>That way the password would neither be passed in the clear nor stored
>in the clear.
>
>Dave Kristol

Re: the server's digest database is the same as storing passwords
in the clear.

There's been some confusion about this.  Using the language of the draft specification,

        If I have <username> and H(A1), it is easy to generate 

        H( H(A1) + ':' + ...) and pretend to be <username>. 

        This is not true with Unix's passwd file since it stores f(passwd) 
        where f() is a one-way function. 

Storing H(<password>) as Dave suggests does not
solve the problem.  An attacker can discover <username>,
<realm> and H(<password>).

I believe the problem is intrinsic to digest authentication.  The
options that I see are:

        1) Encrypt the database.

        2) Physically secure the authentication server and use a
        minimal communications channel.  Encryption is not needed.
        This should always be done if security is a concern.

        3) Use end-to-end encryption and authentication as in SSL.

                                                --Brad



Brad Barber, 116 Fayerweather St., Cambridge MA 02138 
617-497-8876, barber@tiac.net, bradb@geom.umn.edu
Received on Friday, 14 July 1995 12:43:00 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:23 EDT