[Ietf-http-auth] HMAC Digest draft and implementation news

Hallam-Baker, Phillip pbaker at verisign.com
Fri Apr 7 10:36:54 PDT 2006 

At the W3C workshop on mutual authentication the Google people showed some
statistics on password use that show that 80% of people choose passwords
within a list of 1 million.

Since walking the namespace is a much more practical attack than attacking
the MD5 MAC construction I don't see much value in that approach.

If people want to continue using lightweight passwords securely without also
using SSL I think we need to introduce a public key exchange in addition.

For example:

Challenge = nonce + public_key

Response = E (HMAC (nonce + cnonce [+ content], password), public_key),
cnonce, nonce


I do not see much value in simply replacing PHBMAC-MD5 with HMAC-SHA1. If
you look at the data sizes you will find that there is no real significant
difference between the PHBMAC and HMAC construction here. 
 

> -----Original Message-----
> From: ietf-http-auth-bounces at osafoundation.org 
> [mailto:ietf-http-auth-bounces at osafoundation.org] On Behalf 
> Of Scott Lawrence
> Sent: Friday, April 07, 2006 10:25 AM
> To: Leif Johansson
> Cc: HTTP authentication list
> Subject: Re: [Ietf-http-auth] HMAC Digest draft and 
> implementation news
> 
> On Fri, 2006-04-07 at 16:01 +0200, Leif Johansson wrote:
> 
> > > Suggestion: Drop MD5 support, and preferably also SHA-1, and go 
> > > direct for SHA-256.
> 
> For practical purposes, we'll be supporting MD5 for a long 
> time.  Even if there are attacks on it found that do 
> compromise it, it is widely deployed in embedded systems that 
> can't easily be updated, so browsers will likely continue to 
> support it for a long time (just as they still support SSLv2 
> despite its problems).
> 
> > The issue is one of algorithm agility which must be 
> supported. It must 
> > be easy to introduce new hashes wo publishing and implementing new 
> > versions of the standard. This probably means negotiation 
> in some form.
> 
> The current spec is pretty agile in this respect.  There is 
> an explicit token for the supported hash method in the 
> WWW-Authenticate challenge.
> Multiple algorithms can already be supported by including 
> multiple challenges in the 40[17] response.  All that would 
> be needed is the definition of new tokens specifying a new 
> hash algorithm.
> 
> --
> Scott Lawrence  tel:+1-781-938-5306;ext=162 or 
> sip:slawrence at pingtel.com
>   sipXpbx project coordinator - SIPfoundry    
> http://www.sipfoundry.org/sipX
>   Chief Architect             - Pingtel Corp. http://www.pingtel.com/
> 
> 
> _______________________________________________
> Ietf-http-auth mailing list
> Ietf-http-auth at osafoundation.org
> http://lists.osafoundation.org/cgi-bin/mailman/listinfo/ietf-http-auth
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5986 bytes
Desc: not available
Url : http://lists.osafoundation.org/pipermail/ietf-http-auth/attachments/20060407/cb12c887/smime-0001.bin

More information about the Ietf-http-auth mailing list