RE: Summary of Responses to Passwords in the Clear from Web SCWorking Group

A probably naive question:  I believe I'm correct that in the case of 
digest, both the client code and the server code have, at the time the 
password is established, access to the plain text of the password (I'm not 
sure whether this is true in the case that the server stores hashed 
passwords, but that's the reason for this question.)  If it's easy for an 
attacker to match on a huge range of simple passwords, e.g. by Google 
searching, why can't a server do the same checks at the time a password is 
first established, since presumably it has access to the same checking 
tools as the hackers? 

I'm sure this is a hopelessly naive question from someone who doesn't do 
security as a day job, but I'd be curious for the answer.  Most of the 
concerns expressed about digest seem to boil down to: users will 
inevitably pick simple passwords that are vulnerable to dictionary attack. 
 Can't the same dictionaries be used to disallow just those passwords?


Noah Mendelsohn 
IBM Corporation
One Rogers Street
Cambridge, MA 02142

Dan Connolly <>
Sent by:
04/10/2008 11:11 AM
        To:     Marc de Graauw <>
        cc:     "'David Orchard'" <>,, 
(bcc: Noah Mendelsohn/Cambridge/IBM)
        Subject:        RE: Summary of Responses to Passwords in the Clear 
from Web        SCWorking Group

On Thu, 2008-04-10 at 15:54 +0200, Marc de Graauw wrote:
> Dan Connolly:
> | > The bulk of Chris Drake's message:
> | [... seems to be about dictionary attacks ...]
> | 
> | OK, but how is SSL not vulnerable to the same dictionary attacks?
> SSL uses large random numbers to establish a session, Chris's argument 
> against using hashes of non-random (even trivial) passwords.

Digest uses a nonce similarly, no?

Dan Connolly, W3C
gpg D3C2 887B 0F92 6005 C541  0875 0F91 96DE 6E52 C29E

Received on Thursday, 10 April 2008 15:44:28 UTC