Re: potential security holes in digest authorization

>John Franks <john@math.nwu.edu> says:
>  [...]
>  > Under the current proposal what is stored in the server user/password
>  > file is 
>  > 	user:H(<username> : <realm> : <password>)
>  > 
>  > So gaining illicit access to the server password file does not
>  > compromise the password.  Of course, it *does* grant illicit access to
>  > the documents on that server in that realm.  I believe this is what
>  > Brad Barber was referring to when he said the password file needed to
>  > receive highest security.
>  [...]
>
>That helps, but I have a quibble.  I would prefer not to tie the username
>and password so strongly to a particular realm, because:
>    1) I might like to change the name of the realm (if only slightly).
I have to agree with this first quibble quite a bit. In an actual product
implementation of message digest we have had some issues arrise because if
the server operator wants to change their realm, their entire user/password
database suddently becomes inoperative.

Any chance that we could (if there is some move to change the digest draft,
for example to move the location of the nonce), change the inclusion of the
realm in there with the username and password (The A1 substring)?

Alex Hopmann
ResNova Software, Inc.
hopmann@holonet.net

Received on Friday, 14 July 1995 17:38:00 UTC