Full Disclosure mailing list archives
Re: HTTP AUTH BASIC monowall.
From: Jason <security () brvenik com>
Date: Fri, 17 Mar 2006 14:17:29 -0500
I do not think that digest over basic is really going to help in the MITM case either since the attacker that can successfully pull off the SSL MITM he controls the connection. Digest avoids disclosing the actual password but it does not necessarily prevent the attacker from changing it. The attacker can now not only access the system impersonating you but hijack it from you just as if he had the actual password. Digest also does not prevent the attacker in this case from presenting the client with data that produces a reversible or discoverable text thereby recovering an _effective_ password. " Like Basic Access Authentication, the Digest scheme is based on a simple challenge-response paradigm. The Digest scheme challenges using a nonce value. A valid response contains a checksum (by default, the MD5 checksum) of the username, the password, the given nonce value, the HTTP method, and the requested URI. In this way, the password is never sent in the clear. Just as with the Basic scheme, the username and password must be prearranged in some fashion not addressed by this document. " The attacker now needs to provide a nonce and wait for the reply. The ability to control data that will be used in the hash is key to making it potentially successful. The nonce, username, HTTP method, and URI will all be known at this point. Now the attacker only needs to find a hash collision with _any_ password that satisfies the checksum and the game is again over. http://www.stachliu.com/collisions.html New average run time on P4 1.6ghz PC - 45 minutes I don't think that the attacker needs to actually launch a collision attack because they have all but one component used in the hash. Now the attacker only need to launch a dictionary attack against the provided hash and they likely will find the result. Given that the attacker controls the connection they can learn the requisite details by observing normal interaction and producing a precomputed hash table with the nonce they plan on providing. This could result in a near real-time compromise of the password when an actual attack is launched. A solution that requires another successful MITM is required to add any real complexity to the equation. The solution must introduce a computational complexity that removes the precomputed and known text attack vectors. Any solution that does not is ultimately no better when considered in the context of a successful MITM. Digest raises the bar a little more but I do not think it will solve the problem. Simon Smith wrote:
Thanks felix! Felix Lindner wrote:Hi, On Thu, 16 Mar 2006 09:48:07 -0500 Simon Smith <simon () snosoft com> wrote:My first thought was on how to harden the authentication because the basic auth didn't cut it for me. Thats what I am looking for ideas for.you may be looking for Digest Authentication: http://www.ietf.org/rfc/rfc2617.txt: "Like Basic, Digest access authentication verifies that both parties to a communication know a shared secret (a password); unlike Basic, this verification can be done without sending the password in the clear, which is Basic's biggest weakness. As with most other authentication protocols, the greatest sources of risks are usually found not in the core protocol itself but in policies and procedures surrounding its use." cheers FX
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: HTTP AUTH BASIC monowall., (continued)
- Re: HTTP AUTH BASIC monowall. Mike Owen (Mar 16)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 17)
- Re: HTTP AUTH BASIC monowall. Gary E. Miller (Mar 16)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
- Re: HTTP AUTH BASIC monowall. Jeremy Bishop (Mar 16)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
- Re: HTTP AUTH BASIC monowall. Nick FitzGerald (Mar 16)
- Re: HTTP AUTH BASIC monowall. Felix Lindner (Mar 17)
- Re: HTTP AUTH BASIC monowall. Brian Eaton (Mar 17)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 17)
- Re: HTTP AUTH BASIC monowall. Jason (Mar 17)
- Re: HTTP AUTH BASIC monowall. Mark Coleman (Mar 16)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
- Re: HTTP AUTH BASIC monowall. Michael Holstein (Mar 15)
- Re: HTTP AUTH BASIC monowall. Tim (Mar 15)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
- Re: HTTP AUTH BASIC monowall. Michael Holstein (Mar 15)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
- Re: HTTP AUTH BASIC monowall. Nick FitzGerald (Mar 15)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
- Re: HTTP AUTH BASIC monowall. bkfsec (Mar 15)