[Ietf-http-auth] HMAC Digest draft and implementation news
pbaker at verisign.com
Fri Apr 7 10:36:54 PDT 2006
At the W3C workshop on mutual authentication the Google people showed some
statistics on password use that show that 80% of people choose passwords
within a list of 1 million.
Since walking the namespace is a much more practical attack than attacking
the MD5 MAC construction I don't see much value in that approach.
If people want to continue using lightweight passwords securely without also
using SSL I think we need to introduce a public key exchange in addition.
Challenge = nonce + public_key
Response = E (HMAC (nonce + cnonce [+ content], password), public_key),
I do not see much value in simply replacing PHBMAC-MD5 with HMAC-SHA1. If
you look at the data sizes you will find that there is no real significant
difference between the PHBMAC and HMAC construction here.
> -----Original Message-----
> From: ietf-http-auth-bounces at osafoundation.org
> [mailto:ietf-http-auth-bounces at osafoundation.org] On Behalf
> Of Scott Lawrence
> Sent: Friday, April 07, 2006 10:25 AM
> To: Leif Johansson
> Cc: HTTP authentication list
> Subject: Re: [Ietf-http-auth] HMAC Digest draft and
> implementation news
> On Fri, 2006-04-07 at 16:01 +0200, Leif Johansson wrote:
> > > Suggestion: Drop MD5 support, and preferably also SHA-1, and go
> > > direct for SHA-256.
> For practical purposes, we'll be supporting MD5 for a long
> time. Even if there are attacks on it found that do
> compromise it, it is widely deployed in embedded systems that
> can't easily be updated, so browsers will likely continue to
> support it for a long time (just as they still support SSLv2
> despite its problems).
> > The issue is one of algorithm agility which must be
> supported. It must
> > be easy to introduce new hashes wo publishing and implementing new
> > versions of the standard. This probably means negotiation
> in some form.
> The current spec is pretty agile in this respect. There is
> an explicit token for the supported hash method in the
> WWW-Authenticate challenge.
> Multiple algorithms can already be supported by including
> multiple challenges in the 40 response. All that would
> be needed is the definition of new tokens specifying a new
> hash algorithm.
> Scott Lawrence tel:+1-781-938-5306;ext=162 or
> sip:slawrence at pingtel.com
> sipXpbx project coordinator - SIPfoundry
> Chief Architect - Pingtel Corp. http://www.pingtel.com/
> Ietf-http-auth mailing list
> Ietf-http-auth at osafoundation.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5986 bytes
Desc: not available
Url : http://lists.osafoundation.org/pipermail/ietf-http-auth/attachments/20060407/cb12c887/smime-0001.bin
More information about the Ietf-http-auth