On Jan 2, 2008, at 10:40, Kevin Van Vechten wrote:
On Dec 31, 2007, at 3:26 PM, Landon Fuller wrote:
But HTTP digest doesn't solve any of the problems that SSL solves: - It is still vulnerable to a MITM attack. Your password is hashed, but the hash is password-equivalent -- an attacker can simply forward it on.
Not really... the server sends a random nonce-value, and the client must include that in the hashed-response. Replay is not an issue.
response = MD5(MD5(username : realm : password), nonce, MD5 (method : uri))
Replay isn't an issue, but that doesn't stop a MITM attack -- the password-equivalent value is usable once. Attack scenario: Client requests a page that requires authentication. MITM returns 301 redirect to the client. The redirect points to a URL the MITM wishes to access. Client automatically follows redirect. MITM passes the 401 Unauthorized response through, client authenticates using HTTP digest. MITM has now successfully directed the client to a resource of its choice, and acquired a single-use token. Can even be used to form POST, via a crafted HTML page. Nil chance of this happening at your home or internet cafe, but what about a targeted attack at a technical conference? Given the wide use and distribution of MacPorts, there is significant value in acquiring project access.
- Digest authentication is indistinguishable from Basic authentication -- your browser will display the same dialog regardless of the authentication type.
Safari distinguishes them; Basic authentication dialogs say the password will be sent in the clear.
Currently, trying to access http://www.macosforge.org/wp-login.php in Safari says the following: "Your password will be sent in the clear." I don't have digest auth set up anywhere, so I can't test digest vs. non-digest in Safari. Firefox doesn't show any difference in the auth dialog -- I'd easily login using the basic auth. Also, does Safari refuse to auto-login if the authentication type changes?
At best, it will prevent a passive attacker from acquiring your password. Anyone engaging in an active MITM attack will have no difficultly acquiring your password.
I agree SSL provides additional security benefits, but digest authentication isn't as transparent as you indicate.
I still hold that it is -- digest auth makes passive sniffing useless, but it doesn't prevent an active attack from acquiring your password, especially if you're using a browser that fails to differentiate between digest and basic auth. -landonf