W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

Re: Digest mess

From: David Jablon <dpj@world.std.com>
Date: Wed, 17 Dec 1997 11:37:42 -0500
Message-Id: <3.0.1.16.19971217113742.08776fc0@world.std.com>
To: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>, rlgray@us.ibm.com, HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
At 10:14 PM 12/16/97 -0500, Phillip M. Hallam-Baker wrote:
> 2) The purpose was to prevent the need to EVER send passwords 
> over the net in the clear, not to provide cast iron security. 

Regardless of the original purpose, cast-iron protection for
authentication secrets seems quite important, especially in
light of ...

> The problem with BASIC is that pinheads chose the same password 
> for their Financial times subscription as their office computer account.
> If I can snoop a companies external traffic for BASIC passwords I can
> probably use this for an attack.

Absolutely.  Password reuse between weak and strong methods
must be discouraged, as long as weak methods continue to be used.
But memorized secrets remain important.

> 3) It is astonishing how people will tolerate the incredibly broken (BASIC)
> and simultaneously spend their time inventing new hoops for attempts to
> provide a fix. I stopped adding whistles and bells when people told me
> they were concerned about the difficulty of implementing it.
>
> 4) The idea of password based authentication is inherently flawed. If
> one is going to use public key, certificates are the means to establish
> identity. ...

I disagree with the conclusion, which goes too far.
Some password-based certificate-free methods work quite well.

> ... Sending passwords to an untrustworthy server does not solve
> the 'pinhead' problem.

Sure, but you can verify a small password without exposing it
to an untrustworthy party, even in digested form, using a
stronger method.

Clear-text and digest-style authentication are flawed, and
it sure is discouraging that they are so widely deployed and
used.  This should motivate the deployment of stronger methods.

The "pinhead" problem is that a PIN code is all that seems
to fit in an average human head, and this code is small
enough for brute force attack.  Methods like SPEKE and EKE
solve this problem w.r.t. the network.  For example, these
don't leak PIN-sized secrets to eavesdroppers.

Memorized factors remain important for personal
authentication, and a total dependence on stored keys
and certificates unnecessarily weakens a system.
The goal of replacing broken password methods with
stronger password methods seems quite important.

------------------------------------
David Jablon
Integrity Sciences, Inc.
dpj@world.std.com
<http://world.std.com/~dpj/>
Received on Wednesday, 17 December 1997 08:39:39 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:05 EDT