On Friday 11 July 2003 05.18, Adam Aube wrote: > Furthermore, since knowledge of the clear text password is needed > to verify the digest sent, the password would need to be stored > either in clear text or reversible encryption - unless I completely > misunderstand how digest auth works (which is also quite possible).
Digest requires no more knowledge of the password than NTLM does. Both require direct or indirect access to the secret of the user. Neither require access to the clear text password but both require access to something which for each protocol is equivalent to the clear text password. > Digest could be improved upon by using a hash of the password > instead of the password itself. Of course, there's something of a > chicken- and-egg problem here: proxy and web servers won't support > it until browsers support it, and browsers won't support it until > proxy and web servers support it. Additionally, since digest auth > is an RFC, someone would have to draft another RFC. So even if it > is a great idea, it can't be implemented quickly (if at all). There is no problem with the Digest RFC in this respect. All the needed parts of the Digest protocol is there to build a reasonably secure system with good performance. What is missing is specification of integration with passoword directories. The RFC does not define how such integration is to be done, only what the Digest algorithm requires from such integration: a limited one-time hash of the users password (MD5-sess) which can not be decrypted or reused in a replay attack. The NTLM authentication method is on the level of Digest MD5 authentication (not MD5-sess), either requiring access to the secret key of the user or offloading all the processing to the domain controller. Digest MD5-sess improves on this by allowing the verification to run locally without requiring direct access to the users secret key (only a limited one-time hash of the same), greatly increasing the scaleability of the design. If you are worried about storing the passwords in plain-text then see the digest helper in Squid-HEAD. This helper supports storing passwords in a hashed form only usable on that server using the same format as Apache htdigest. However, note that the password file must still be kept secure or else it is possible for a hacker who gain accesss to the digest password file to fake digest logins to that server even if he does not known the actual clear text password, much the same as it is possible for a hacker who have read access to the NT SAM database or otherwise able to reconstruct the NT# to fake logins to the NT domain without knowing the acutal clear text passwords of the users. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]