On Sep 24, 2009, at 6:18 AM, Kemp, David P. wrote:
So many Davids! But the premise in Chadwick's original message was:the attached document contains an analysis of the alternative ways ofhandlingpasswords, both storing them in the DSA and transferring them betweenDUA andDSA in the bind and compare operations. Our analysis reveals that an optimal choice is the one proposed backin 1990 ... This entire discussion seems like it should have taken place in 1990.It's 2009 now; just use PKI-based client-authenticated TLS for both user authentication and session protection and be done with it. The problemwith "unless SSL is used" is that regardless of how strong the authentication method is (challenge-response PKI, time-based OTP, SASL SCRAM, ...), if there is no session protection, then the adversary canjust hijack the connection after authentication and do whatever he wantsto the DSA. As with http://riosec.com/files/gate-bypass.jpg, there'slittle point in putting strong authentication on an unprotected channel.But given that we're pretending to live in 1990, users don't haveasymmetric private keys and thus are stuck with passwords, and SSL isn't used, so let's try to make weak bypassable authentication a smidge lessweak. Salted hashing is one way to prevent the DSA administrator from becoming an adversary against other weak systems, such as the user's gmail account.
I fear that users will use the encrypted password mechanism assuming that it, by itself (no TLS), won't disclose a password equivalent to eavesdroppers.
One could protect the encrypted password through by using an approach similar to how simple-protected protects a password. Then at least we'd have a early-1990 quality mechanism.
It would be nice to have a more modern mechanism that supports channel bindings, key strengthening, and other more modern features. These could fairly easily be added. But if we're going to be modern about security, we wouldn't be designing our own authentication mechanism. We'd just be making sure that TLS and SASL worked in our protocols and implementations.
-- Kurt ----- www.x500standard.com: The central source for information on the X.500 Directory Standard.