httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brandon Long <bl...@uiuc.edu>
Subject Re: Digest authentication q...
Date Tue, 06 Jun 1995 03:20:26 GMT
Last time, Robert S. Thau uttered the following other thing:
> 
>    Date: Mon, 5 Jun 1995 13:59:19 -0500 (CDT)
>    From: Brandon Long <blong@uiuc.edu>
>    X-Citement: Pontiac
> 
> X-Cessive customization: ... surely.

Check!

> However, I was very much under the impression that you can't, and that
> the server has to have the cleartext of the password available to
> duplicate the one-way MD5 "digestion" of password and nonce done by
> the client and verify the result.  (In fact, this is to a great extent
> the whole point of digest authentication --- the information which
> travels over the wire either way is insufficient to allow a third
> party with a packet sniffer to spoof access).

Ok, after more extensive looking into this, I was wrong.  It doesn't
need the passsword, though.  Other information is used to create an md5
digest to store in the file (the username, realm, and password).  This
digest is then used with the method,uri, and timestamp (with more md5
in the way) to come up with a string which is compared with the one
which is sent.  

The problem I see, is that the information which needs to be supplied,
and which is not sent, is the password.  It is used to get part of
the md5 string to be sent, to be sure, but if you know what the stored
string is (from the file), you can use it directly instead.

The final algorithm looks something like this:
md5(md5(username:realm:passwd):time(NULL):md5(method:uri))

The 1st term, though, is what is stored in the password file, so
with it, you could form the final without knowing the password.
This makes using the intercepted (sniffed) header to authenticate
again nearly impossible, but if you have access to the .htpasswd file
(or whatever) then you are lost.

Which is exactly what you were saying all along, I believe.

> That doesn't mean that the password has to be stored in straight
> plaintext on the server, but it does have to be stored in a form (I
> think I called it ASCII armor) from which the actual plaintext can be
> recovered.  And while I can imagine all sorts of elaborate forms of
> such ASCII-armor, possibly including MD5, they don't fundamentally buy
> you much, because everyone and his cat has the server source code,
> from which they can conveniently extract the code needed to strip the
> armor off and get at the bits.

Which means, we're stuck with trying to make the password files non-world
readble.  *sigh*

Brandon
-- 
 Brandon Long   (N9WUC)     "I think, therefore, I am confused." -- RAW
 Computer Engineering   	Run Linux '95.	It's that Easy. 
 University of Illinois    blong@uiuc.edu   http://www.uiuc.edu/ph/www/blong
		Don't worry, these aren't even my views.

Mime
View raw message