W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: APOP - authentication..

From: Ned Freed <NED@innosoft.com>
Date: Tue, 20 Feb 1996 15:00:25 -0800 (PST)
To: Paul Leach <paulle@microsoft.com>
Cc: fielding@avron.ICS.UCI.EDU, pjc@trusted.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <01I1FVKWB35C9QV793@INNOSOFT.COM>
> Based on the comments about Digest when (I thnk it was Larry masinter)
> was asked that it be reviewed by the www-security list,  and from the brief
> description that Peter included in his message, it appears
> that APOP authentication does not suffer from the replay
> attack that was present in the then current Digest design.

The current digest document lets the server choose between allowing old "nonce"
values, in which case replay attacks are possible, or generating a new one
every time, in which case replay attacks are no longer possible against a
single server.

There is still some danger, however, in that the only material included under
the checksum is the username and password. Should someone elect to use the same
password with two different servers there is some possibility that should the
nonce value sequences from the two servers overlap there would be some
vulnerability to a replay attack of a client's interaction with one server on
the other server.

This could be easily defeated by using hash values for the nonce sequence
rather than a strict ascending sequence as implied by the specification. And
POP3's APOP is not necessarily immune from this attack, since there is no
mechanism that guarantees that two different servers will generate different
sequences of one-time values.

I would prefer it if the nonce values in the digest specifications were simply
strings and the specification recommended inclusion of server-unique
information in the string. But this is a nit and nothing more -- it isn't
enough of a deficiency in the digest specification to warrant the addition of
APOP as yet another securty scheme. And even if it were, I think the better
approach would be to fix the digest specification.

Received on Tuesday, 20 February 1996 15:17:41 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:16 UTC