Re: [sasl] draft-ietf-sasl-scram-11: why don't include the authentication identity in the stored key?
Alexey Melnikov <alexey.melnikov@isode.com> Tue, 22 June 2010 09:06 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: sasl@core3.amsl.com
Delivered-To: sasl@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7530F3A6925 for <sasl@core3.amsl.com>; Tue, 22 Jun 2010 02:06:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.74
X-Spam-Level:
X-Spam-Status: No, score=-0.74 tagged_above=-999 required=5 tests=[AWL=-1.041, BAYES_50=0.001, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id njtzcQmzrJ5H for <sasl@core3.amsl.com>; Tue, 22 Jun 2010 02:06:56 -0700 (PDT)
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by core3.amsl.com (Postfix) with ESMTP id 51AAC3A6875 for <sasl@ietf.org>; Tue, 22 Jun 2010 02:06:56 -0700 (PDT)
Received: from [172.16.2.159] (shiny.isode.com [62.3.217.250]) by rufus.isode.com (submission channel) via TCP with ESMTPA id <TCB9NQAJf6RV@rufus.isode.com>; Tue, 22 Jun 2010 10:07:02 +0100
Message-ID: <4C207D29.4030600@isode.com>
Date: Tue, 22 Jun 2010 10:06:49 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915
X-Accept-Language: en-us, en
To: Jehan Pagès <jehan.marmottard@gmail.com>
References: <AANLkTinl6-npKB1MjYmQIVehy4yqwgnWzipvPr7AaeYd@mail.gmail.com>
In-Reply-To: <AANLkTinl6-npKB1MjYmQIVehy4yqwgnWzipvPr7AaeYd@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-transfer-encoding: quoted-printable
Cc: sasl@ietf.org
Subject: Re: [sasl] draft-ietf-sasl-scram-11: why don't include the authentication identity in the stored key?
X-BeenThere: sasl@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SASL Working Group <sasl.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sasl>, <mailto:sasl-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sasl>
List-Post: <mailto:sasl@ietf.org>
List-Help: <mailto:sasl-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sasl>, <mailto:sasl-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Jun 2010 09:06:57 -0000
Jehan Pagès wrote: >Hello, > > Hi Jehan, >I am reading the SCRAM draft for an implementation and had a remark. >The SCRAM's design motivations states this: > >« >The server does not gain the ability to impersonate the client to > other servers (with an exception for server-authorized proxies), > unless such other servers allow SCRAM authentication and use the > same salt and iteration count for the user. >» > >But if the username was included in the StoredKey algorithm (for >instance instead of salting the password only, you could salt >[authentication identity + UTF8NUL + password]), noone having the >stored key (whether the server itself or someone having gained access >to it on the user's computer for instance) could use it to access any >service other than the one it was stored for, EVEN IF this other >service has the same salt and iteration count by some extraordinary >chance, unless the same authentication identity is also used on both >service (which might be improbable, though not impossible, as such >identity often include a service domain). > >Isn't it better for security (though I agree that the chances of >having same salt and iteration count are weak, here they would be even >weaker)? Moreover in my opinion, associating the >username/authentication identity and the password seems a nicer design >(by including them both into the Stored key). > > I think you are right about security aspect of this. What you suggest was done for DIGEST-MD5. The problem with that is that any change to the authentication identity invalidates the hash containing it, so sysadmins can't rename the user without also resetting the corresponding password. Authentication identity changes is a sufficiently important problem for big enterprise and university deployments, so it was decided that it was more important to make sysadmin job easier than the security aspect.
- [sasl] draft-ietf-sasl-scram-11: why don't includ… Jehan Pagès
- Re: [sasl] draft-ietf-sasl-scram-11: why don't in… Alexey Melnikov
- Re: [sasl] draft-ietf-sasl-scram-11: why don't in… Jehan Pagès
- Re: [sasl] draft-ietf-sasl-scram-11: why don't in… Simon Josefsson