- From: Ned Freed <NED@innosoft.com>
- Date: Wed, 21 Feb 1996 12:05:41 -0800 (PST)
- To: dmk@allegra.att.com
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
> There has been a lot of nonce-sense spewed here recently about Digest > Authentication. There is a current I-D: > http://www.internic.net/internet-drafts/draft-ietf-http-digest-aa-02.txt > Unfortunately, the I-D doesn't talk much about how to generate the > opaque string, and opaque is an important part of preventing replays of > the sort recently discussed here. Unfortunately, I can't figure out > the originator of the algorithm I use to generate opaque, but I think > it was John Franks. In any case, my opaque is an MD5 of > - a server-dependent (compile-time) random number > - a timestamp > - the request IP address > - the (time-dependent) nonce > - the security realm > Opaque in the Authenticate header must match the server's > request-time-calculated value for processing to proceed. I think your choice of material is fine, but putting it in the opaque string is a waste of time in the cryptographic sense since the opaque string isn't included in the digest operation. There is nothing to prevent an attacker from learning the opaque string the server wants to see and simply coupling it with any digest value because the two are completely independent things. This does not guard against replays in any way. Furthermore, the draft makes it clear that the opaque string is intended to provide the server with state information for use in redirection operations. For the material you've selected to work it should be used as the nonce value. This is included in the digest and will have the effect you're trying to achieve. Ned
Received on Wednesday, 21 February 1996 12:15:08 UTC