- From: John Franks <john@math.nwu.edu>
- Date: Tue, 9 Dec 1997 18:16:47 -0600 (CST)
- To: Maurizio Codogno <mau@beatles.cselt.it>
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, paulle@microsoft.com
On Wed, 10 Dec 1997, Maurizio Codogno wrote: > > I was wondering why Digest does not use a salt, so that the server needn't > keep the password in clear. > Well, it does and it doesn't keep the password in the clear. The server keeps a one-way hash of "username:realm:password". This means that the user can use the same username and password for multiple sites/realms and someone with access to the password file at one site cannot use that information to impersonate the user at another site. But you are right in the sense that gaining access to the password file for one site/realm does allow an attacker to impersonate a user at that site/realm. I think that adding a salt doesn't really help in any way. If by salt you mean something known to the client as well as the server then it is either secret, and effectively part of the password, or public, and effectively part of the realm name. If by salt you mean something known only to the server and you don't allow the password sent in the clear then you would need to encrypt *and decrypt* the password on the server. Because of patent restrictions and government export restrictions nothing involving encryption/decryption is acceptable in this authentication method. Digest authentication uses only one-way hash functions which are unrestricted by patent and freely exportable. John Franks john@math.nwu.edu
Received on Tuesday, 9 December 1997 16:00:20 UTC