- From: Ingo Struck <ingo@ingostruck.de>
- Date: Fri, 11 Aug 2006 07:22:07 +0000
- To: Paul Leach <paulle@windows.microsoft.com>
- Cc: "William A. Rowe, Jr." <wrowe@rowe-clan.net>, ietf-http-wg@w3.org
Paul, On Friday 11 August 2006 01:03, Paul Leach wrote: > The statements about strength in 2617 refer to the strength of any > password based mechanism compared to public key mechanisms. The strength > of Digest should be only limited by the strength of the password -- if > we continue to use weak hash schemes, that won't be true. > > (Not to mention that in some cases, strong random passwords can be used, > and these will be as strong as the hash. We shouldn't rule these cases > out needlessly.) I completely agree with this -- that's why I proposed that the rfc should only demand the way how (and when!) the hashes are to be calculated, not which hash functions have to be used. Of course it would be silly to demand that implementations should use weak hashes -- I thought to have pointed out, that the rfc in fact does not demand this, but just uses md5 as a sample implementation (and provides for different algorithms). However, the problem with plain headers without integrity check, opening up digest auth for simple mitm-attacks (section 4.8), still remains. imho there is no much point using the strongest hashes available as long as implementations are vulnerable to such a simple thing like tricking the client to use basic auth (i.e. plaintext passwords) and thus to reap the credentials much easier than to crack the hash. Kind regards Ingo Struck
Received on Friday, 11 August 2006 07:43:04 UTC