Digest Auth defending against replay

I think I may have a solution to the "nonce incrementing" issue. This is
really the issue of how to defend against replay attacks efficiently.

My suggestion is to forget one-time nonces and use one-time 
response digests.  In other words, instead of keeping hashes of 
previously used nonces the server may keep hashes of previously
used response digests (or response digest + message digest if message
digest is present).  If the server detects a previously used digest
it will request re-authentication with a new nonce using the stale
nonce field.

Here are some virtues of this scheme:

1. At least as strong as one-time nonces or incremented nonces in defending
against replay attacks.

2. Compatible with all current implementations of browsers and servers.
No change is required in client implementations and server implementations
are at least as easy to do as nonce incrementing.

2. Efficient.  The extra round trip re-authentication request occurs
*only* when the client, in a single session, makes a second GET for
the same document or does a second POST or PUT with identical data.
Most clients by default use a cached version when a document is
requested for a second time in one session.  I believe that
"duplicate" GETs, POSTs, and PUTs would be very rare.  Compare this
with nonce incrementing which would require an extra round trip for
every new-client <--> old-server or old-client <--> new-server

What do you think?  

John Franks 	Dept of Math. Northwestern University

Received on Saturday, 24 February 1996 06:21:54 UTC