Re: [ldapext] draft-stroeder-hashed-userpassword-values-01
Hallvard Breien Furuseth <h.b.furuseth@usit.uio.no> Sat, 16 March 2013 03:54 UTC
Return-Path: <hbf@ulrik.uio.no>
X-Original-To: ldapext@ietfa.amsl.com
Delivered-To: ldapext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E6041F0D0F for <ldapext@ietfa.amsl.com>; Fri, 15 Mar 2013 20:54:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M2JRAyRqexgO for <ldapext@ietfa.amsl.com>; Fri, 15 Mar 2013 20:54:26 -0700 (PDT)
Received: from mail-out1.uio.no (mail-out1.uio.no [IPv6:2001:700:100:10::57]) by ietfa.amsl.com (Postfix) with ESMTP id AFA0B21F8945 for <ldapext@ietf.org>; Fri, 15 Mar 2013 20:54:25 -0700 (PDT)
Received: from mail-mx3.uio.no ([129.240.10.44]) by mail-out1.uio.no with esmtp (Exim 4.75) (envelope-from <hbf@ulrik.uio.no>) id 1UGiCO-00067j-Gp; Sat, 16 Mar 2013 04:54:24 +0100
Received: from bombur.uio.no ([129.240.6.233]) by mail-mx3.uio.no with esmtp (Exim 4.80) (envelope-from <hbf@ulrik.uio.no>) id 1UGiCO-0005g5-2H; Sat, 16 Mar 2013 04:54:24 +0100
Received: by bombur.uio.no (Postfix, from userid 2112) id 4337B562; Sat, 16 Mar 2013 04:54:22 +0100 (CET)
From: Hallvard Breien Furuseth <h.b.furuseth@usit.uio.no>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <hbf.20130316lv63@bombur.uio.no>
Date: Sat, 16 Mar 2013 04:54:22 +0100
To: Michael Ströder <michael@stroeder.com>
In-Reply-To: <51439BCF.3080802@stroeder.com>
References: <5103F924.2070800@stroeder.com> <CABBgLkcnK7WfthFOBD5Esfz+g1izcKoGgtxzKKDntc0i=E7LOQ@mail.gmail.com> <510782A6.7050209@stroeder.com> <3ED81CD8-59DA-482E-8AFA-C68E53A62067@isode.com> <51410020.4020800@stroeder.com> <20130315125326.GA22595@slab.skills-1st.co.uk> <51439BCF.3080802@stroeder.com>
X-Mailer: VM 8.2.0a under 23.1.1 (x86_64-redhat-linux-gnu)
X-UiO-Ratelimit-Test: rcpts/h 6 msgs/h 2 sum rcpts/h 7 sum msgs/h 3 total rcpts 242 max rcpts/h 12 ratelimit 0
X-UiO-Spam-info: not spam, SpamAssassin (score=-5.6, required=5.0, autolearn=disabled, RP_MATCHES_RCVD=-0.552, UIO_MAIL_IS_INTERNAL=-5, uiobl=NO, uiouri=NO)
X-UiO-Scanned: CDA2D7FD9A47A98F0E4D9846820957A377BDB041
X-UiO-SPAM-Test: remote_host: 129.240.6.233 spam_score: -55 maxlevel 80 minaction 1 bait 0 mail/h: 2 total 373 max/h 10 blacklist 0 greylist 1 ratelimit 0
Cc: ldap@umich.edu, Andrew Findlay <andrew.findlay@skills-1st.co.uk>, ldapext@ietf.org
Subject: Re: [ldapext] draft-stroeder-hashed-userpassword-values-01
X-BeenThere: ldapext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: LDAP Extension Working Group <ldapext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ldapext>, <mailto:ldapext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ldapext>
List-Post: <mailto:ldapext@ietf.org>
List-Help: <mailto:ldapext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ldapext>, <mailto:ldapext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Mar 2013 03:54:27 -0000
I'm not convinced that this much detail is useful, but anyway: You can document existing practice and recommend what implementations' practice ought to be, but should say that the implementation's doc is authoritative. What implementations have you surveyed for that existing practice? If we generate 'userPassword's which this document says is OK but the implementation does not support, then Bind can break in interesting ways. So users MUST NOT trust this document if the implementation differs, which they must read the implementation doc to discover. E.g. some implementation might have a scheme {SSHA} with a different syntax like <hash "$" salt>. Or: > Implementations MUST be prepared of handling field salt of arbitrary > length. Who wants megabyte-sized salts? It seems reasonable for the implementation to set some arbitrary limit. Both for convenience and because you could do a DoS attack by setting a huge salt and repeatedly Bind, forcing the server to hash a large value often. ================ Unix crypt(3): This is a function, not a library. Drop the 3 since non-Unix people will wonder why we're passing 3 to the function. The definition should boil down to "whatever crypt() returns on this host", which is no more yucky than the notes above other schemes:-) Perhaps less so since there's no point in giving a syntax, crypt() should be used to both generate the hash and verify a password. Please and add a reference to the quite general definition in the Single Unix Specification at <http://www.unix.org/online.html> functions/crypt.html. It's free, but you must register to read it. ================ An EXAMPLES section with the same value and hash in different schemes would be useful - including Linux {crypt}$1$ (salted MD5) and {SMD5}. ================ >> Any value which do not adhere to this syntax MAY be treated as >> clear-text password (...) > > I know that this sounds kinda problematic but what is the actual risk? Umm... The reason we use hashes at all is that if someone knows the attribute value, he can't just type it in and Bind with it. Please add the {CLEARTEXT} scheme from OpenLDAP for this purpose. RECOMMEND that servers are configured to not recognize userPassword values without a scheme. And maybe that this config is the default. ================ >> There's no reason someone can't come along and use an unconstrained >> octet string after the scheme, if they really want to. > > Yes. But this would just be another scheme to be defined somewhere > else. This draft does not claim to cover everything you could ever > stuff into 'userPassword'. Yes it does. The sentence "userPassword values MUST be represented by following syntax:" claims to cover everything you could ever stuff into 'userPassword', and thus that anything using different userPassword syntax is invalid. That is wrong for schemes like {CRYPT} with different syntax, and for servers which treat "{scheme}foo" as a cleartext password. Instead you can say: - Generally, syntax "{" scheme "}" scheme-parameters / cleartext pw like someone said. Leave scheme-parameters unspecified. - [The following listed schemes] share [the following more specific scheme-parameters definition]. Note that scheme-parameters need not involve a hashing or a password. In OpenLDAP, {CLEARTEXT} does not hash. I think {SASL} need not encode the password either, just tell SASL where to find auth info. ================ The draft can RECOMMEND that clients avoid needing to know anything about password formats by using the Password Modify operation (RFC 3062) when feasible. Provided the server will then hash the password if it is stored in userPassword, anyway. Which it hopefully will. But RFC 3062 says nothing about hashing in that case. Should it be updated to do so? Use cases at our site for generating {scheme}hash: - Importing user info including userPassword from the SQL user database - which does not keep the cleartext passwords. - Multiple passwords in one entry, typically during the transition when changing the password for an LDAP service DN. MUST userPassword in an object class may be broken, but RFC 1274 defines simpleSecurityObject (AUXILIARY MUST userPassword) anyway. For use with classes like 'account' which lack userPassword. Might be about time to define simpleSecurityObject2 using 'MAY' instead. -- Hallvard
- [ldapext] Any implementations using userPassword;… Michael Ströder
- Re: [ldapext] Any implementations using userPassw… Luke Howard
- Re: [ldapext] Any implementations using userPassw… Andrew Sciberras
- Re: [ldapext] Any implementations using userPassw… Michael Ströder
- Re: [ldapext] Any implementations using userPassw… Kurt Zeilenga
- [ldapext] draft-stroeder-hashed-userpassword-valu… Michael Ströder
- Re: [ldapext] draft-stroeder-hashed-userpassword-… Kurt Zeilenga
- Re: [ldapext] draft-stroeder-hashed-userpassword-… Michael Ströder
- [ldapext] draft-stroeder-hashed-userpassword-valu… Michael Ströder
- Re: [ldapext] draft-stroeder-hashed-userpassword-… Andrew Findlay
- Re: [ldapext] draft-stroeder-hashed-userpassword-… Michael Ströder
- Re: [ldapext] draft-stroeder-hashed-userpassword-… Ludovic Poitou
- Re: [ldapext] draft-stroeder-hashed-userpassword-… Michael Ströder
- Re: [ldapext] draft-stroeder-hashed-userpassword-… Howard Chu
- Re: [ldapext] draft-stroeder-hashed-userpassword-… Kurt Zeilenga
- Re: [ldapext] [ldap] Re: draft-stroeder-hashed-us… Michael Ströder
- Re: [ldapext] [ldap] Re: draft-stroeder-hashed-us… Howard Chu
- Re: [ldapext] [ldap] Re: draft-stroeder-hashed-us… Michael Ströder
- Re: [ldapext] [ldap] Re: draft-stroeder-hashed-us… Howard Chu
- Re: [ldapext] [ldap] Re: draft-stroeder-hashed-us… Michael Ströder
- Re: [ldapext] [ldap] Re: draft-stroeder-hashed-us… Andrew Findlay
- Re: [ldapext] [ldap] Re: draft-stroeder-hashed-us… Kurt Zeilenga
- Re: [ldapext] [ldap] Re: draft-stroeder-hashed-us… Andrew Findlay
- Re: [ldapext] draft-stroeder-hashed-userpassword-… Andrew Findlay
- Re: [ldapext] [ldap] Re: draft-stroeder-hashed-us… Howard Chu
- Re: [ldapext] [ldap] Re: draft-stroeder-hashed-us… Michael Ströder
- Re: [ldapext] draft-stroeder-hashed-userpassword-… Michael Ströder
- Re: [ldapext] draft-stroeder-hashed-userpassword-… Hallvard Breien Furuseth