W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: more on Digest Auth

From: Ned Freed <NED@innosoft.com>
Date: Wed, 21 Feb 1996 12:05:41 -0800 (PST)
To: dmk@allegra.att.com
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <01I1H3JP9GOQ9QVBMH@INNOSOFT.COM>
> There has been a lot of nonce-sense spewed here recently about Digest
> Authentication.  There is a current I-D:
>   http://www.internic.net/internet-drafts/draft-ietf-http-digest-aa-02.txt

> Unfortunately, the I-D doesn't talk much about how to generate the
> opaque string, and opaque is an important part of preventing replays of
> the sort recently discussed here.  Unfortunately, I can't figure out
> the originator of the algorithm I use to generate opaque, but I think
> it was John Franks.  In any case, my opaque is an MD5 of

> 	- a server-dependent (compile-time) random number
> 	- a timestamp
> 	- the request IP address
> 	- the (time-dependent) nonce
> 	- the security realm

> Opaque in the Authenticate header must match the server's
> request-time-calculated value for processing to proceed.

I think your choice of material is fine, but putting it in the opaque string is
a waste of time in the cryptographic sense since the opaque string isn't
included in the digest operation.  There is nothing to prevent an attacker from
learning the opaque string the server wants to see and simply coupling it with
any digest value because the two are completely independent things. This does
not guard against replays in any way.

Furthermore, the draft makes it clear that the opaque string is intended to
provide the server with state information for use in redirection operations.

For the material you've selected to work it should be used as the nonce
value. This is included in the digest and will have the effect you're trying
to achieve.

				Ned
Received on Wednesday, 21 February 1996 12:15:08 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:45 EDT