[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [wss-comment] WS-Security password digest feature - question
Section 6.1.1 of the Web Services Security Core Specification (Working Draft 04) details the process of using a nonce and creation timestamp to prevent password replay attacks. The digest is calculated as: SHA1 [nonce + created + password] > It would seem that the above hash input requires the WS-Security > implementation to deal with plaintext passwords. To constrast, sections > 3.2.2.2 and 4.13 of RFC 2617 ("HTTP Authentication: Basic and Digest > Access Authentication") require a password hash that can be pre-computed; > the one-time artifacts (nonce, nonce count, etc) are not concatenated with > the plaintext password. Instead, section 3.2.2.2 of RFC2617 states that > the following hash is used as input to HTTP digest authentication: H[ (username) ":" (realm) ":" password] Section 4.13 of the RFC specifies that the above quantity is usually kept in its own file. That (hashed) quantity is then re-hashed during digest authentication with the one-time artifacts (nonce, nonce count, etc). > However, the password digest with nonce feature of the WS-Security core > document seems to require concatenating the one-time inputs (nonce and > created time) to the SHA1 hash function with the plaintext password. This > introduces a significant vulnerability and will be an issue for security > providers who typically do not have access to the plaintext password > (e.g.. only password hashes are persistently stored), and so cannot > compute the hash as specified in 6.1.1. A more secure construction could > be: password_digest= SHA1[nonce + created + SHA1[password]] Regards, John G. de Freitas Netegrity
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC