W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2001

RE: Digest Authentication

From: Phillip Hallam-Baker <hallam@ai.mit.edu>
Date: Fri, 19 Oct 2001 21:47:12 -0400
To: "'Dylan Barrell'" <dbarrell@opentext.com>, "'WebDAV'" <w3c-dist-auth@w3.org>, "'Lisa Dusseault'" <lisa@xythos.com>
Message-ID: <00b801c15909$23ed0c40$4100a8c0@ne.mediaone.net>
IETF security policy is the reason why Digest is mandatory.

W3C policy is not going to accept sending passwords in the clear
either.

		Phill

> -----Original Message-----
> From: w3c-dist-auth-request@w3.org
> [mailto:w3c-dist-auth-request@w3.org]On Behalf Of Dylan Barrell
> Sent: Wednesday, October 17, 2001 9:22 AM
> To: WebDAV; Lisa Dusseault
> Subject: RE: Digest Authentication
> 
> 
> Ah, right.  It does get a bit complicated:
> 
> Yes, the concern is the storage of H(A1), because this is a
> plaintext-password equivalent.  The only advantage to storing 
> H(A1) over the
> plaintext password itself is that leaking the "password file" wouldn't
> compromise other systems on which the user uses the same 
> password.  Apart
> from that, it's the same as a plaintext-password, because you 
> can use it to
> log in as the user in question.
> 
> Livelink stores its "password file" in the database, and it does _not_
> assume that anyone who can access the password info has the right to
> impersonate any user.  The way Livelink stores this 
> information ensures that
> you cannot impersonate a user with it.  This is a feature of _many_
> authentication mechanisms, including the old /etc/passwd.
> 
> Right now, we can have a very secure Livelink install by 
> using SSL with
> Basic authentication.  If we must support Digest 
> authentication, however,
> then it would seem that we need to store H(A1), and so we would be
> introducing a hole that does not exist Today -- bad.
> 
> You see, the problem is not so much that the spec forbids us 
> from offering
> Basic over insecure channels (though I would argue that it is overly
> presumptuous).  The significant problem is that the spec 
> _insists_ that we
> support Digest -- even if we only use secure connections.
> 
> The only way I can see implementing Digest without 
> introducing this new
> security hole is to use a constant server nonce and no qop, 
> so that for any
> username/password/realm, the request-digest is constant.  
> Then I can store
> salt+H(salt,request-digest) in the database.  While this 
> _would_ produce a
> compatible implementation, it would violate several 
> directives in rfc2617,
> and would render the protocol vulnerable to sniffing again -- 
> just like
> Basic.
> 
> Hence my request to demote digest authentication to the same 
> level as basic
> i.e. optional.
> 
> 
Received on Friday, 19 October 2001 21:50:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:58 GMT