[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [wss-comment] WS-Security password digest feature - question
Section 6.1.1 of the Web Services Security Core Specification (Working Draft
04) details the process of using a nonce and creation timestamp to prevent
password replay attacks. The digest is calculated as:
SHA1 [nonce + created + password]
> It would seem that the above hash input requires the WS-Security
> implementation to deal with plaintext passwords. To constrast, sections
> 3.2.2.2 and 4.13 of RFC 2617 ("HTTP Authentication: Basic and Digest
> Access Authentication") require a password hash that can be pre-computed;
> the one-time artifacts (nonce, nonce count, etc) are not concatenated with
> the plaintext password. Instead, section 3.2.2.2 of RFC2617 states that
> the following hash is used as input to HTTP digest authentication:
H[ (username) ":" (realm) ":" password]
Section 4.13 of the RFC specifies that the above quantity is usually kept in
its own file. That (hashed) quantity is then re-hashed during digest
authentication with the one-time artifacts (nonce, nonce count, etc).
> However, the password digest with nonce feature of the WS-Security core
> document seems to require concatenating the one-time inputs (nonce and
> created time) to the SHA1 hash function with the plaintext password. This
> introduces a significant vulnerability and will be an issue for security
> providers who typically do not have access to the plaintext password
> (e.g.. only password hashes are persistently stored), and so cannot
> compute the hash as specified in 6.1.1. A more secure construction could
> be:
password_digest= SHA1[nonce + created + SHA1[password]]
Regards,
John G. de Freitas
Netegrity
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC