W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1998

authentication-02: threat of snooped password

From: Dave Kristol <dmk@research.bell-labs.com>
Date: Thu, 20 Aug 1998 15:25:33 -0400 (EDT)
Message-Id: <199808201925.PAA26367@aleatory.research.bell-labs.com>
To: http-wg@hplb.hpl.hp.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/347
    If a server permits users to select their own passwords, then the threat
    is not only illicit access to documents on the server but also illicit
    access to the accounts of all users who have chosen to use their account
    password. If users are allowed to choose their own password that also
    means the server must maintain files containing the (presumably
    encrypted) passwords. Many of these may be the account passwords of
    users perhaps at distant sites. The owner or administrator of such a
    system could conceivably incur liability if this information is not
    maintained in a secure fashion.

This paragraph surprises me a little.  It seems to me that if I choose
as a password some kind of account password, then the threat is only to
me and all the accounts that share the password.  I don't see how this
allows "illicit access to the accounts of all users who have chosen to
use their account password."  If an adversary grabs my password, how
does that open a risk to other users?

I think what was meant here is said better and more succinctly in
Section 4.4:

    The greatest threat to the type of transactions for which these
    protocols are used is network snooping. This kind of transaction
    might involve, for example, online access to a database whose use
    is restricted to paying subscribers. With Basic authentication an
    eavesdropper can obtain the password of the user. This not only
    permits him to access anything in the database, but, often worse,
    will permit access to anything else the user protects with the
    same password.

Dave Kristol
Received on Thursday, 20 August 1998 12:27:58 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:23 UTC