W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2001

RE: Digest Authentication

From: Rajesh Rao <rajeshr@Exchange.Microsoft.com>
Date: Tue, 16 Oct 2001 16:15:47 -0700
Message-ID: <4731EDAF5DD42946B4F12AFFBEEE31575EF540@DF-MAX.platinum.corp.microsoft.com>
To: "Lisa Dusseault" <lisa@xythos.com>, "Dylan Barrell" <dbarrell@opentext.com>
Cc: "WebDAV" <w3c-dist-auth@w3.org>
Actually, we can store H(A1), rather than A1.
This is better than storing a password as pointed previously in this
mail thread as follows:
> Perhaps what you're referring to here is that compromise 
> of H(A1) on 
> > > a given server allows the attacker to impersonate the 
> user to that 
> > > server. However, this is not the same as compromise of 
> the password 
> > > since it does not permit the attacker to impersonate the 
> user to any 
> > > other server, even if the user has used the same password on that 
> > > user.


An no, we don't need to reuse the same nonce.
Rajesh


> -----Original Message-----
> From: Lisa Dusseault [mailto:lisa@xythos.com] 
> Sent: Tuesday, October 16, 2001 4:09 PM
> To: Dylan Barrell
> Cc: WebDAV
> Subject: RE: Digest Authentication
> 
> 
> I agree that storing A1 is little better than storing the 
> password.  I just disagree with your nonce issue and conclusion.
> 
> If you plan to support transport layer security, how do you 
> intend to get the password from the client?  Using Basic auth 
> within a TLS-secured communication can be very secure indeed.
> 
> lisa
> 
> > -----Original Message-----
> > From: Dylan Barrell [mailto:dbarrell@opentext.com]
> > Sent: Tuesday, October 16, 2001 2:44 PM
> > To: Lisa Dusseault
> > Cc: WebDAV
> > Subject: RE: Digest Authentication
> >
> >
> > Lisa,
> >
> > But the passwd is a portion of A1. So how is storing this different 
> > from storing the password?
> >
> > I am saying that neither basic nor digest is good enough - and so 
> > there is no added benefit of implementing digest when the real 
> > solution is transport layer security or some other authentication 
> > mechanism like kerberos.
> >
> > --Dylan
> >
> > > -----Original Message-----
> > > From: Lisa Dusseault [mailto:lisa@xythos.com]
> > > Sent: Tuesday, October 16, 2001 4:38 PM
> > > To: Dylan Barrell
> > > Cc: WebDAV
> > > Subject: RE: Digest Authentication
> > >
> > >
> > > Dylan,
> > >
> > > I'm not sure I understand your nonce issue. You do not 
> need to store 
> > > the password on disk in the clear. In order to compute 
> (or verify) 
> > > the the client's authenticator you need to have the value 
> H(A1). For 
> > > the MD5 authentication scheme A1 is:
> > >
> > > A1       = unq(username-value) ":" unq(realm-value) ":" passwd
> > >
> > > (see RFC 2617 S 3.2.2.2).
> > >
> > > This is a fixed value for any user so it can be stored on disk 
> > > directly.
> > >
> > > There's no need to use a fixed nonce in order to use a 
> fixed H(A1) 
> > > since the nonce is not an input to A1.
> > >
> > > Perhaps what you're referring to here is that compromise 
> of H(A1) on 
> > > a given server allows the attacker to impersonate the 
> user to that 
> > > server. However, this is not the same as compromise of 
> the password 
> > > since it does not permit the attacker to impersonate the 
> user to any 
> > > other server, even if the user has used the same password on that 
> > > user.
> > >
> > > Admittedly, this problem does not exist with basic auth. However, 
> > > most people consider sniffing a more serious threat than password 
> > > file theft, which is why DAV so strongly "encourages" digest.
> > >
> > > What threat model are you concerned with here?  Would you be 
> > > implementing BASIC if you don't implement DIGEST, or is 
> neither good 
> > > enough?  What would be good enough?
> > >
> > > Lisa
> > >
> > > > -----Original Message-----
> > > > From: w3c-dist-auth-request@w3.org 
> > > > [mailto:w3c-dist-auth-request@w3.org]On Behalf Of Dylan Barrell
> > > > Sent: Tuesday, October 16, 2001 11:37 AM
> > > > To: Dirk-Willem van Gulik
> > > > Cc: WebDAV
> > > > Subject: RE: Digest Authentication
> > > >
> > > >
> > > > We did think of this solution, but that means that we 
> always have 
> > > > to use the same nonce value and we end up getting no security 
> > > > improvement
> > > over basic
> > > > authentication - so the argument that it is more secure 
> than basic 
> > > > is bogus if you do this.
> > > >
> > > > --Dylan
> > > >
> > > > > -----Original Message-----
> > > > > From: Dirk-Willem van Gulik [mailto:dirkx@webweaving.org]
> > > > > Sent: Tuesday, October 16, 2001 2:02 PM
> > > > > To: Dylan Barrell
> > > > > Cc: WebDAV
> > > > > Subject: Re: Digest Authentication
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On Tue, 16 Oct 2001, Dylan Barrell wrote:
> > > > >
> > > > > > Digest Authentication requires that a server store its
> > > > > passwords in such a
> > > > > > way that they be available in clear text format.
> > > > >
> > > > > Actually though your implementation -could- store the password
> > > > on disk as
> > > > > plain text - most do not; and it is technically not
> > required. Some bad
> > > > > implementations do store it plain - but (for example) 
> the apache 
> > > > > web server stores the password as a hash (md5 or crypt) on the
> > > server side.
> > > > >
> > > > > See http://cvs.apache.org -> apache-1.3 ->
> > src/support/htpasswd.c and
> > > > > src/support/htdigest.c to get an idea of the code).
> > > > >
> > > > > So it is not a requirement - just an implementation choise.
> > > > >
> > > > > It is true that with normal basic auth the password goes over
> > > > the wire in
> > > > > the clear; but with digest auth this is not the case.
> > > > >
> > > > > Dw
> 
> 
Received on Tuesday, 16 October 2001 19:15:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:58 GMT