Re: RFC 2617 errata / MD5-sess


On Friday 11 August 2006 01:03, Paul Leach wrote:
> The statements about strength in 2617 refer to the strength of any
> password based mechanism compared to public key mechanisms. The strength
> of Digest should be only limited by the strength of the password -- if
> we continue to use weak hash schemes, that won't be true.
> (Not to mention that in some cases, strong random passwords can be used,
> and these will be as strong as the hash. We shouldn't rule these cases
> out needlessly.)
I completely agree with this -- that's why I proposed that the
rfc should only demand the way how (and when!) the hashes are
to be calculated, not which hash functions have to be used.
Of course it would be silly to demand that implementations should
use weak hashes -- I thought to have pointed out, that the rfc in
fact does not demand this, but just uses md5 as a sample implementation
(and provides for different algorithms).

However, the problem with plain headers without integrity check,
opening up digest auth for simple mitm-attacks (section 4.8), 
still remains.

imho there is no much point using the strongest hashes available
as long as implementations are vulnerable to such a simple thing
like tricking the client to use basic auth (i.e. plaintext passwords)
and thus to reap the credentials much easier than to crack the hash.

Kind regards

Ingo Struck

Received on Friday, 11 August 2006 07:43:04 UTC