Digest Authentication - PowerPoint PPT Presentation

1 / 30
About This Presentation
Title:

Digest Authentication

Description:

Basic authentication is convenient and flexible but completely insecure. ... services, such as CRAM-MD5, which has been proposed for use with LDAP, POP, and IMAP. ... – PowerPoint PPT presentation

Number of Views:144
Avg rating:3.0/5.0
Slides: 31
Provided by: Mali6
Category:

less

Transcript and Presenter's Notes

Title: Digest Authentication


1
Digest Authentication
  • Herng-Yow Chen

2
Outline
  • Theory and practice of digest authentication.
  • The improvement of Digest Authentication

3
Problem of Basic Authentication
  • Basic authentication is convenient and flexible
    but completely insecure.
  • Usernames and passwords are sent in a clear way
    (using a base-64 encoding, which can be decoded
    easily).
  • Base-64 encoding protects against unintentional
    accidental viewing but offers no confidentiality
    protection against malicious parties.
  • The only way to use basic authentication securely
    is to use it conjunction with SSL (talk later).

4
Introduction
  • Digest authentication was developed as a
    compatible, more secure alternative to basic
    authentication.
  • Even though digest authentication is not yet in
    wide use, the concepts still are important for
    anyone implementing secure transaction.

5
The improvements of Digest Authentication
  • Digest authentication is an alternate HTTP
    authentication protocol that tries to fix the
    most serious flaws of basic authentication.
  • Never send secret passwords across the network in
    the clear
  • Prevent unscrupulous individuals from capturing
    and replaying handshakes
  • Optionally can guard against tampering with
    message content
  • Guards against several other common forms of
    attacks.

6
The improvements of Digest Authentication Cont.
  • Digest authentication is not the most secure
    protocol possible. Many needs for secure HTTP
    transaction cannot be met by digest
    authentication.
  • For those needs, Transport Layer Security (TLS)
    and Secure HTTP (HTTPS) are more appropriate
    protocols.
  • However, digest authentication is significantly
    stronger than basic authentication, which it was
    designed to replace.
  • Digest authentication also is stronger than many
    popular schemes proposed for other Internet
    services, such as CRAM-MD5, which has been
    proposed for use with LDAP, POP, and IMAP.

7
The improvements of Digest Authentication Cont.
  • To date, digest authentication has not been
    deployed. However, because of the security risks
    inherent to basic authentication, the HTTP
    architects counsel in RFC 2617 that any service
    in present use that uses Basic should be switched
    to Digest as soon as practical.

8
Using Digests to Keep Passwords Secret
  • The motto of digest authentication is never send
    the password across the network.
  • Instead of sending the password, the client sends
    a fingerprint or digest of the password,
    which is an irreversible scrambling of the
    password.
  • The client and the server both know the secret
    password, so the server can verify that the
    digest provided is a correct match for the
    password.

9
Using Digests to Keep Passwords Secret Cont.
  • Given only the digest, a bad guy has no easy way
    to find what password it came from, other than
    going through every password in the universe,
    trying each one.
  • However, there are techniques, such as dictionary
    attacks, where passwords are tried first. These
    cryptanalysis techniques can dramatically ease
    the process of cracking passwords.

10
Using Digests for password-obscured
authentication
Please give me the internal sales forecast.
Internet
(a)Request
client
server
You requested a secret financial
document.Please tell me your username and
password digests.
Internet
(b)Challenge
client
server
Ask user for username and password
digest(0w!)A3F5
Please give me the internal sales forecast. My
username is bri My digested password is A3F5
Internet
(c)Authorization
server
client
digest(0w!)A3F5 ? This is a match!
OK.The digest you sent me matches the digest of
my internal password, so here is the document.
Internet
(d)Success
client
server
11
One-Way Digests
  • A digest is a condensation of a body of
    information. Merriam-Webster dictionary, 1998.
  • Digests act as one-way functions, typically
    converting an infinite number of possible input
    value into a finite range of condensations.
  • In theory, it is possible to have two distinct
    inputs map to the same digest, called a
    collision. In practice, the number of potential
    outputs is so large that the chance of a
    collision in real life is vanishingly small and,
    for the purpose of password matching,
    unimportant.

12
Message Digest 5 (MD5)
  • One popular digest function, MD5, converts any
    arbitrary sequence of bytes, of any length, into
    a 128-bit digest.
  • 128 bits 2 128, or about
  • 1,000,000,000,000,000,000,000,000,000,000,000,000,
    000 10 39 possible distinct condensations.

13
MD5 Cont.
  • If you dont know the secret password, youll
    have an awfully hard time guessing the correct
    digest to send to the server.
  • And likewise, if you have the digest, you will
    have an awfully hard time figuring out which of
    the effectively infinite number of input values
    generated it.

14
MD5 Cont.
  • The 128 bits of MD5 output often are written as
    32 hexadecimal characters, each character
    representing 4 bits.
  • Digest functions sometimes are called
    cryptographic checksums, one-way hash functions,
    or fingerprint functions.

15
MD5 digest examples
16
Using Nonces to Prevent Replays
  • One-way digests save us from having to send
    passwords in the clear. We can just send a digest
    of the password instead, and rest assured that no
    malicious party can easily decode the original
    password from the digest.
  • Unfortunately, obscured password alone do not
    save us danger, because a bad guy can capture the
    digest and replay it over and over again to the
    server, even though the bad guy doesnt know the
    password. The digest is just as good as the
    password.

17
Using Nonces to Prevent Replays Cont.
  • To prevent such replay attacks, the server can
    pass along to the client a special token called a
    nonce, which changes frequently (perhaps every
    millisecond, or for every authentication).
  • The client appends this nonce token to the
    password before computing the digest.
  • Mixing the nonce in with the password causes the
    digest to change each time the nonce change. This
    prevent replay attacks.

18
Using Nonces to Prevent Replays Cont.
  • Digest authentication requires the use of nonces,
    because a trivial replay weakness would make
    un-nonced digest authentication effectively as
    weak as basic authentication.
  • Nonces are passed from server to client in the
    WWW-Authenticate challenge.

19
The Digest Authentication Handshake
Client
www.ncnu.edu.tw
(1)Server generates nonce
WWW-Authenticate (challenge)
(2)Server sends realm, nonce, algorithms
(3)Choose algorithm from set generate
response digest generate client-nonce
Authorization (response)
(4)Client sends response digest send
algorithm send client-nonce
(5)Server verifies digest generate rspauth
digest generate next nonce
Authentication-Info (info)
(7)Client verifies rspauth digest
(6)Server sends next nonce send client rspauth
digest
20
Basic versus digest authentication syntax
  • Basic authentication

(a)Query
GET /cgi-bin/checkout?cart17854 HTTP/1.1
client
server
(b)Challenge
client
HTTP/1.1 401 Unauthorized WWW-Authenticate Basic
realmShopping Cart
server
Shopping Cart Username Password
(c)Response
GET /cgi-bin/checkout?cart17854
HTTP/1.1 Authorization Basic YnJpYW4tdG90dHk6T3ch
server
client
(d)Success
HTTP/1.1 200 OK
client
server
21
Basic versus digest authentication syntax (cont.)
22
The Security-Related Data (A1)
23
The Message-Related Data(A2)
24
Overall Digest Algorithm
25
Overall Digest Algorithm (cont.)
26
Preemptive Authorization
27
Symmetric Authentication
28
Symmetric Authentication (cont.)
29
Digest Authentication Headers
30
Reference
  • http//www.ietf.org/rfc/rfc2617.txt
  • RFC 2617,HTTP Authentication Basic and
    Digest Access Authentication
Write a Comment
User Comments (0)
About PowerShow.com