Re: potential security holes in digest authorization
Dave Kristol (dmk@allegra.att.com)
Mon, 17 Jul 95 10:17:23 EDT
John Franks <john@math.nwu.edu> said:
> According to Alex Hopmann:
> > >That helps, but I have a quibble. I would prefer not to tie the username
> > >and password so strongly to a particular realm, because:
> > > 1) I might like to change the name of the realm (if only slightly).
> > I have to agree with this first quibble quite a bit. In an actual product
> > implementation of message digest we have had some issues arrise because if
> > the server operator wants to change their realm, their entire user/password
> > database suddently becomes inoperative.
> >
>
> The reason that the realm is encoded with the user and password in the
> server password file is that people tend to reuse the same password.
> If only the username and password are encoded and put in the password
> file then the maintainer of server A, knowing H( username:password)
> for his server can use this to gain access to those documents on
> server B to which username has access. This is assuming that the user
> has the same password on both servers.
[...]
Fair enough. How about using the server-name in place of realm, then?
(After all, it's possible two webmasters might choose the same realm
name on different servers, isn't it!) That would render the same
username/password combination unique on different machines. So the
stored hash would be:
H(<username> : <server-domain-name> : <password>)
Dave Kristol