[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)

To: Nicolas Williams <Nicolas.Williams@xxxxxxx>
Subject: Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
From: Steven Simon <simon.s@xxxxxxxxx>
Date: Mon, 17 Mar 2008 20:01:34 -0700
Cc: Chris Newman <Chris.Newman@xxxxxxx>, Simon Josefsson <simon@xxxxxxxxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <20080318023527.GS16998@xxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
References: <877ig12v5g.fsf@xxxxxxxxxxxxxxxxxxx> <20080317171317.GB16998@xxxxxxx> <> <20080318023527.GS16998@xxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx

If I understand this deployment issue correctly, there is a singleprovisioning server thatconverts the cleartext to realm-bound hashes that can be distributedto each server

providing a service?

If that's the case, manipulating the salt value should prevent thehash on one server

from being used to gain access to another.

I cringe at the idea of hashing a realm or username into the passwordhash.The classic problem with DIGEST-MD5 is that sites must force massivepasswordchanges to rename a realm or bring new realms online. Updating ausername is

a hassle too (people get married from time to time).

As a result, most sites end up storing reversible passwords whichdefeats the whole

idea of a verifier.

My other concern is that if the server that receives the verifiercan't be trusted, there is alreadya problem. Any verifier can be attacked offline and cracking thepassword is ultimately only

a matter of the utility bill.

For this type of distribution style for authentication, I tend tothink a password server

or PKI is in order.

- Steven


On Mar 17, 2008, at 7:35 PM, Nicolas Williams wrote:


On Mon, Mar 17, 2008 at 05:56:44PM -0700, Chris Newman wrote:

I am opposed to this suggestion, leaning in the direction of strongly
opposed.
This is one of the sources of interoperability problems for DIGEST-MD5
(client implementers didn't understand what the domain/realm meant).

It makes the client UI more complex and thus creates a significant
complexity barrier (far more significant than any of the cryptoalgorithm
issues).
If the domain matters, users can just use an email-style loginidentifier
(e.g., chris.newman@xxxxxxx as my login identifier).


This is not about a domain in the username!

This is about enrolling in a realm so that many servers in that realm
can authenticate the same users but without being able to impersonate
those users to any other servers in that realm.

Without this feature the only way to do the above is by having the

servers authenticate to a realm server, pass through SCRAM messagesand

then get the results from the realm server.

Not being able to enroll once but authenticate to many servers seems
obnoxious.

Nico
--

References:
- Crypto agility in SCRAM + draft-josefsson-password-auth?
  - From: Simon Josefsson
- Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
  - From: Nicolas Williams
- Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
  - From: Chris Newman
- Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
  - From: Nicolas Williams

Prev by Date: Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
Previous by thread: Re: Optional domain/realm for SCRAM? (Re: Crypto agility in SCRAM + draft-josefsson-password-auth?)
Next by thread: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Index(es):
- Date
- Thread