[Date Prev][Date Next] [Chronological] [Thread] [Top]

authmeth: password issues

To: ietf-ldapbis@OpenLDAP.org
Subject: authmeth: password issues
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Sun, 14 Mar 2004 22:32:47 +0100

I'd like to see a section like the following in Authmeth, to help people
decide which authentication methods to support and what password
security to expect.  Note that some of my terminology may be bad.

   12. Password issues

   Simple authentication (Simple Bind with DN and password) reveals the
   user's password to the server.  The SASL DIGEST-MD5 mechanism does
   not.

   Neither Simple authentication nor DIGEST-MD5 require the server to
   know the users' passwords; both allow the server (or a password
   management entity which the server makes use of) to only store
   one-way hashes of the passwords.  Whether to actually do so is an
   implementation and deployment decision.

   However, an attacker (or the server administrator) who possesses a
   server's DIGEST-MD5 password hashes can authenticate to that server
   even though he does not know the plaintext passwords.

   The SASL EXTERNAL mechanism does not involve passwords, though the
   external method it uses to establish credentials may do so.  If it
   uses TLS certificates, these neither reveal the user's secret to the
   server nor require the server to know the user's secret.

   Anonymous and unauthenticated Simple Binds do not involve passwords
   or other secrets.

The part about compromised DIGEST-MD5 password hashes is from message
<http://www.openldap.org/lists/ietf-ldapbis/200309/msg00077.html>.
In that message, Alexey also said:

   I believe it is possible to store a salted version of the hash,
   assuming the server always generates nonce-value that uses the salt
   as the prefix. But of course this salted hash will be different from
   traditional UNIX salted hashes.

However, looking at the [DIGEST-MD5] hash function, I do not see how
that is possible, since it includes the MD5 hash [RFC1321] of, roughly,
"username:realm:password".  If it is not possible, then the paragraph
above about compromised DIGEST-MD5 password hashes should end with:

   The server administrator will need the plaintext of all the server's
   DIGEST-MD5 passwords in order to generate a new set of secret
   DIGEST-MD5 password hashes, or all users with passwords unknown to
   the administrator will need new passwords so one can generate new
   hashes.

-- 
Hallvard

Follow-Ups:
- Re: authmeth: password issues
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: authmeth-10 comments
Next by Date: models-10 comments
Index(es):
- Chronological
- Thread