W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1995

Re: potential security holes in digest authorization

From: Dave Kristol <dmk@allegra.att.com>
Date: Mon, 17 Jul 95 10:17:23 EDT
Message-Id: <199507171420.AA284960838@hplb.hpl.hp.com>
To: john@math.nwu.edu
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
John Franks <john@math.nwu.edu> said:
  > According to Alex Hopmann:
  > > >That helps, but I have a quibble.  I would prefer not to tie the username
  > > >and password so strongly to a particular realm, because:
  > > >    1) I might like to change the name of the realm (if only slightly).
  > > I have to agree with this first quibble quite a bit. In an actual product
  > > implementation of message digest we have had some issues arrise because if
  > > the server operator wants to change their realm, their entire user/password
  > > database suddently becomes inoperative.
  > > 
  > 
  > The reason that the realm is encoded with the user and password in the
  > server password file is that people tend to reuse the same password.
  > If only the username and password are encoded and put in the password
  > file then the maintainer of server A, knowing H( username:password)
  > for his server can use this to gain access to those documents on
  > server B to which username has access.  This is assuming that the user
  > has the same password on both servers.
  [...]

Fair enough.  How about using the server-name in place of realm, then?
(After all, it's possible two webmasters might choose the same realm
name on different servers, isn't it!) That would render the same
username/password combination unique on different machines.  So the
stored hash would be:
	H(<username> : <server-domain-name> : <password>)

Dave Kristol
Received on Monday, 17 July 1995 07:24:15 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:23 EDT