W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: Digest Auth defending against replay

From: John Franks <john@math.nwu.edu>
Date: Mon, 26 Feb 1996 17:05:41 -0600 (CST)
To: hallam@w3.org
Cc: Paul Leach <paulle@microsoft.com>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <Pine.SUN.3.91.960226165815.21602A-100000@hopf.math.nwu.edu>
On Mon, 26 Feb 1996 hallam@w3.org wrote:

> A trick I introduced into SEA was to always apply a random mask to 
> each shared secret on each transaction. This is equivalent to the
> nonce "increment" idea but its essentially a replacement for challenge
> response.
> 
> The client sends to the server KD(key | mask, Date, URI) where mask 
> is a random value chosen by the client. The server must then check to 
> ensure that the value of mask is not re-used within a time-frame
> defined about date by the server. 
> 

This is a very good idea, but I agree with what you say below that
we should perhaps wait for WRAPPED transactions to "achieve perfection."
One advantage it has over incrementing nonces is that I worry a little about
generating a whole sequences of digests on data which has a byte
incremented each time.  Does anyone know if MD5 is vulnerable given
this kind of data?

> 
> I think that we should not try to achieve perfection on digest auth
> since we will be able to do much much more with WRAPPED transactions.
> I see digest as a drop in replacement for BASIC. This is why I was
> prepared to see the compromises involved in its design. My original
> suggestion _did_ wrap the message and Jeff objected (rightly) that
> it was no longer a direct BASIC replacement.
> 

I agree completely!

John Franks 	Dept of Math. Northwestern University
		john@math.nwu.edu
Received on Monday, 26 February 1996 15:10:53 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:46 EDT