W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

RE: Proposal for new HTTP 1.1 authentication scheme

From: John Franks <john@math.nwu.edu>
Date: Tue, 9 Dec 1997 18:16:47 -0600 (CST)
To: Maurizio Codogno <mau@beatles.cselt.it>
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, paulle@microsoft.com
Message-Id: <Pine.LNX.3.95.971209175235.3157A-100000@hopf.math.nwu.edu>
On Wed, 10 Dec 1997, Maurizio Codogno wrote:

> 
> I was wondering why Digest does not use a salt, so that the server needn't
> keep the password in clear.
> 

Well, it does and it doesn't keep the password in the clear. 
The server keeps a one-way hash of "username:realm:password".
This means that the user can use the same username and password 
for multiple sites/realms and someone with access to the password
file at one site cannot use that information to impersonate the
user at another site.

But you are right in the sense that gaining access to the password
file for one site/realm does allow an attacker to impersonate a
user at that site/realm.

I think that adding a salt doesn't really help in any way. If by salt
you mean something known to the client as well as the server then it
is either secret, and effectively part of the password, or public, and
effectively part of the realm name.  If by salt you mean something
known only to the server and you don't allow the password sent in
the clear then you would need to encrypt *and decrypt* the password
on the server.  Because of patent restrictions and government export
restrictions nothing involving encryption/decryption is acceptable
in this authentication method.  Digest authentication uses only
one-way hash functions which are unrestricted by patent and freely
exportable.

John Franks
john@math.nwu.edu
Received on Tuesday, 9 December 1997 16:00:20 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:04 EDT