W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2001

RE: Digest Authentication

From: Dylan Barrell <dbarrell@opentext.com>
Date: Tue, 16 Oct 2001 17:44:00 -0400
To: "Lisa Dusseault" <lisa@xythos.com>
Cc: "WebDAV" <w3c-dist-auth@w3.org>
Message-ID: <NEBBIBDBCLDPAGPIKGMCAECCEEAA.dbarrell@opentext.com>
Lisa,

But the passwd is a portion of A1. So how is storing this different from
storing the password?

I am saying that neither basic nor digest is good enough - and so there is
no added benefit of implementing digest when the real solution is transport
layer security or some other authentication mechanism like kerberos.

--Dylan

> -----Original Message-----
> From: Lisa Dusseault [mailto:lisa@xythos.com]
> Sent: Tuesday, October 16, 2001 4:38 PM
> To: Dylan Barrell
> Cc: WebDAV
> Subject: RE: Digest Authentication
>
>
> Dylan,
>
> I'm not sure I understand your nonce issue. You do not need to store
> the password on disk in the clear. In order to compute (or verify) the
> the client's authenticator you need to have the value H(A1). For the
> MD5 authentication scheme A1 is:
>
> A1       = unq(username-value) ":" unq(realm-value) ":" passwd
>
> (see RFC 2617 S 3.2.2.2).
>
> This is a fixed value for any user so it can be stored on disk
> directly.
>
> There's no need to use a fixed nonce in order to use a fixed H(A1)
> since the nonce is not an input to A1.
>
> Perhaps what you're referring to here is that compromise of H(A1)
> on a given server allows the attacker to impersonate the user to
> that server. However, this is not the same as compromise of the
> password since it does not permit the attacker to impersonate the
> user to any other server, even if the user has used the same password
> on that user.
>
> Admittedly, this problem does not exist with basic auth. However,
> most people consider sniffing a more serious threat than password
> file theft, which is why DAV so strongly "encourages" digest.
>
> What threat model are you concerned with here?  Would you be
> implementing BASIC if you don't implement DIGEST, or is neither
> good enough?  What would be good enough?
>
> Lisa
>
> > -----Original Message-----
> > From: w3c-dist-auth-request@w3.org
> > [mailto:w3c-dist-auth-request@w3.org]On Behalf Of Dylan Barrell
> > Sent: Tuesday, October 16, 2001 11:37 AM
> > To: Dirk-Willem van Gulik
> > Cc: WebDAV
> > Subject: RE: Digest Authentication
> >
> >
> > We did think of this solution, but that means that we always have
> > to use the
> > same nonce value and we end up getting no security improvement
> over basic
> > authentication - so the argument that it is more secure than
> > basic is bogus
> > if you do this.
> >
> > --Dylan
> >
> > > -----Original Message-----
> > > From: Dirk-Willem van Gulik [mailto:dirkx@webweaving.org]
> > > Sent: Tuesday, October 16, 2001 2:02 PM
> > > To: Dylan Barrell
> > > Cc: WebDAV
> > > Subject: Re: Digest Authentication
> > >
> > >
> > >
> > >
> > > On Tue, 16 Oct 2001, Dylan Barrell wrote:
> > >
> > > > Digest Authentication requires that a server store its
> > > passwords in such a
> > > > way that they be available in clear text format.
> > >
> > > Actually though your implementation -could- store the password
> > on disk as
> > > plain text - most do not; and it is technically not required. Some bad
> > > implementations do store it plain - but (for example) the apache web
> > > server stores the password as a hash (md5 or crypt) on the
> server side.
> > >
> > > See http://cvs.apache.org -> apache-1.3 -> src/support/htpasswd.c and
> > > src/support/htdigest.c to get an idea of the code).
> > >
> > > So it is not a requirement - just an implementation choise.
> > >
> > > It is true that with normal basic auth the password goes over
> > the wire in
> > > the clear; but with digest auth this is not the case.
> > >
> > > Dw
Received on Tuesday, 16 October 2001 17:45:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:58 GMT