RE: Digest Authentication from Lisa Dusseault on 2001-10-16 (w3c-dist-auth@w3.org from October to December 2001)

From: Lisa Dusseault <lisa@xythos.com>
Date: Tue, 16 Oct 2001 13:38:18 -0700
To: "Dylan Barrell" <dbarrell@opentext.com>
Cc: "WebDAV" <w3c-dist-auth@w3.org>
Message-ID: <HPELJFCBPHIPBEJDHKGKEEPFCOAA.lisa@xythos.com>

Dylan,

I'm not sure I understand your nonce issue. You do not need to store
the password on disk in the clear. In order to compute (or verify) the 
the client's authenticator you need to have the value H(A1). For the
MD5 authentication scheme A1 is:

A1       = unq(username-value) ":" unq(realm-value) ":" passwd

(see RFC 2617 S 3.2.2.2).

This is a fixed value for any user so it can be stored on disk
directly. 

There's no need to use a fixed nonce in order to use a fixed H(A1)
since the nonce is not an input to A1.

Perhaps what you're referring to here is that compromise of H(A1)
on a given server allows the attacker to impersonate the user to
that server. However, this is not the same as compromise of the
password since it does not permit the attacker to impersonate the
user to any other server, even if the user has used the same password
on that user.

Admittedly, this problem does not exist with basic auth. However,
most people consider sniffing a more serious threat than password
file theft, which is why DAV so strongly "encourages" digest.

What threat model are you concerned with here?  Would you be 
implementing BASIC if you don't implement DIGEST, or is neither
good enough?  What would be good enough?

Lisa

> -----Original Message-----
> From: w3c-dist-auth-request@w3.org
> [mailto:w3c-dist-auth-request@w3.org]On Behalf Of Dylan Barrell
> Sent: Tuesday, October 16, 2001 11:37 AM
> To: Dirk-Willem van Gulik
> Cc: WebDAV
> Subject: RE: Digest Authentication
> 
> 
> We did think of this solution, but that means that we always have 
> to use the
> same nonce value and we end up getting no security improvement over basic
> authentication - so the argument that it is more secure than 
> basic is bogus
> if you do this.
> 
> --Dylan
> 
> > -----Original Message-----
> > From: Dirk-Willem van Gulik [mailto:dirkx@webweaving.org]
> > Sent: Tuesday, October 16, 2001 2:02 PM
> > To: Dylan Barrell
> > Cc: WebDAV
> > Subject: Re: Digest Authentication
> >
> >
> >
> >
> > On Tue, 16 Oct 2001, Dylan Barrell wrote:
> >
> > > Digest Authentication requires that a server store its
> > passwords in such a
> > > way that they be available in clear text format.
> >
> > Actually though your implementation -could- store the password 
> on disk as
> > plain text - most do not; and it is technically not required. Some bad
> > implementations do store it plain - but (for example) the apache web
> > server stores the password as a hash (md5 or crypt) on the server side.
> >
> > See http://cvs.apache.org -> apache-1.3 -> src/support/htpasswd.c and
> > src/support/htdigest.c to get an idea of the code).
> >
> > So it is not a requirement - just an implementation choise.
> >
> > It is true that with normal basic auth the password goes over 
> the wire in
> > the clear; but with digest auth this is not the case.
> >
> > Dw

Received on Tuesday, 16 October 2001 16:39:30 UTC