- From: Brad Barber <bradb@geom.umn.edu>
- Date: Fri, 14 Jul 1995 15:42:52 +0500
- To: Dave Kristol <dmk@allegra.att.com>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
>I would like to propose that <password> be replace by H(<password>).
>The client would pass to the server
> H(<username> : <realm> : H(<password>))
>The server could store in its user/password file
> user-name:H(<password>)
>That way the password would neither be passed in the clear nor stored
>in the clear.
>
>Dave Kristol
Re: the server's digest database is the same as storing passwords
in the clear.
There's been some confusion about this. Using the language of the draft specification,
If I have <username> and H(A1), it is easy to generate
H( H(A1) + ':' + ...) and pretend to be <username>.
This is not true with Unix's passwd file since it stores f(passwd)
where f() is a one-way function.
Storing H(<password>) as Dave suggests does not
solve the problem. An attacker can discover <username>,
<realm> and H(<password>).
I believe the problem is intrinsic to digest authentication. The
options that I see are:
1) Encrypt the database.
2) Physically secure the authentication server and use a
minimal communications channel. Encryption is not needed.
This should always be done if security is a concern.
3) Use end-to-end encryption and authentication as in SSL.
--Brad
Brad Barber, 116 Fayerweather St., Cambridge MA 02138
617-497-8876, barber@tiac.net, bradb@geom.umn.edu
Received on Friday, 14 July 1995 12:43:00 UTC