On Sep 23, 2009, at 2:22 PM, David Wilson wrote:
On Wed, 2009-09-23 at 16:44 -0400, Kemp, David P. wrote:Implementation details aside, protecting clear passwords from DSA administrators is a legitimate goal, even if TLS is used. And so is preventing adversaries from collecting clear or unsalted-hashed passwords for use against other systems, when TLS is not used.The problem is that the devil is in the detail. The basis of authentication is that the client knows some secret. The problem is verifying that they know that secret in a way that does not require the verifier to know what the secret is, and require that thedata which the verifier does hold or the data passed between client andserver cannot be used to subvert the verification process. Actually, this is a solved problem.
Yes. For instance, the SASL SCRAM supports the following features [draft-ietf-sasl-scram]:
o The authentication information stored in the authentication
database is not sufficient by itself to impersonate the client.
The information is salted to prevent a pre-stored dictionary
attack if the database is stolen.
o The server does not gain the ability to impersonate the client to
other servers (with an exception for server-authorized proxies).
o The mechanism permits the use of a server-authorized proxy
without
requiring that proxy to have super-user rights with the back-end
server.
-- Kurt
-----
www.x500standard.com: The central source for information on the X.500 Directory
Standard.
