[x500standard] Re: New draft on password policy
- From: David Wilson <David.Wilson@xxxxxxxxx>
- To: x500standard@xxxxxxxxxxxxx
- Date: Wed, 23 Sep 2009 22:04:52 +0100
On Wed, 2009-09-23 at 16:44 -0400, Kemp, David P. wrote:
> David's table indicates that "encrypting" (salted hashing) requires
> some knowledge in the DUA for option 2, and I don't claim that
> standardizing a method and implementing the standard is trivial. But
> in principle the salt would have to be based on either invariant data
> about the DSA (e.g. DNS name/port) entered/configured by the user and
> needed to connect, or remembered/typed by the user after being
> randomly generated by the DUA. Storing it in a DUA-maintained
> registry/address book would inhibit user mobility, and storing
> user-specific salt on the DSA would require an extra message. If the
> connection protocol includes a DSA-to-DUA message before the
> DUA-initiated BIND, that message could include a DSA ID from
> which salt could be derived.
The core problem with this kind of thing is that the salt (or nonce) is
fixed. Which means that the same 'encrypted' password is passed in
protocol each time, since the value passed in protocol is compared
directly with the stored value. So, transport confidentiality needs to
be used to protect the value passed, otherwise the same value can be
used by an attacker for this server. (If the attacker is the
administrator, then they don't even need to capture the protocol, they
have access to the credentials required).
Also, any salt really should be randomly generated for each password. If
you have a fixed value for a server, then two users with the same
password would have the same hashed value.
regards
David
-----
www.x500standard.com: The central source for information on the X.500 Directory
Standard.
Other related posts:
