password
Click on the red underlined text to get to the source
... client must authenticate itself with a user-ID and a password for
each realm. The realm value should be considered an opaque string
...
... service the request only if it can validate
the user-ID and password for the protection space of the Request-URI.
There are no optional authentication ...
... To receive authorization, the client sends the userid and password,
separated by a single colon (":") character, within a base64 [7 ...
... password ...
...
If the user agent wishes to send the userid "Aladdin" and password
"open sesame", it would use the following header field:
...
... client sends a request to a proxy, it may reuse a
userid and password in the Proxy-Authorization header field ...
... method of user authentication, as the user
name and password are passed over the network in an unencrypted form.
This section provides the specification for a scheme that does not
...
... network in an unencrypted form.
This section provides the specification for a scheme that does not
send the password in cleartext, referred to as "Digest Access
Authentication".
...
... method, and the requested URI. In this way, the
password is never sent in the clear. Just as with the Basic scheme,
the username and password ...
... password is never sent in the clear. Just as with the Basic scheme,
the username and password must be prearranged in some fashion not
addressed by this document.
...
... from many known limitations. It is intended as a replacement for
Basic authentication and nothing more. It is a password-based system
and (on the server side) suffers from all the same problems of any
...
... and (on the server side) suffers from all the same problems of any
password system. In particular, no provision is made in this protocol
for the initial secure arrangement between user and server to
establish the user's password ...
... password system. In particular, no provision is made in this protocol
for the initial secure arrangement between user and server to
establish the user's password.
...
... A string to be displayed to users so they know which username and
password to use. This string should contain at least the name of
the host performing the authentication ...
... encrypted response, without reprompting the user for a
new username and password. The server should only set stale to TRUE
if it receives a request for which the nonce is invalid but with a
...
... client knows the
correct username/password). If stale is FALSE, or anything other
than TRUE, or the stale directive is not present, the username
...
... than TRUE, or the stale directive is not present, the username
and/or password are invalid, and new values must be obtained.
algorithm ...
... response
A string of 32 hex digits computed as defined below, which proves
that the user knows a password
username ...
...
passwd = < user's password >
...
... authentication service so
that the web server would not need the actual password value. The
specification of such a protocol is beyond the scope of this
specification.
...
...
and the user Mufasa has password "Circle Of Life" then H(A1) would be
H(Mufasa:myhost@testrealm.com:Circle Of Life) with no quotation marks
in the digested string.
...
...
with no white space on either side of the colons, but with the white
space between the words used in the password value. Likewise, the
other strings digested by H() must not have white space on either
side of the colons which delimit their fields unless that white space
...
... header, the server may check its
validity by looking up the password that corresponds to the submitted
username. Then, the server must perform the same digest operation
...
... Note that the HTTP server does not actually need to know the user's
cleartext password. As long as H(A1) is available to the server, the
validity of an Authorization ...
... client and
server know that the username for this document is "Mufasa", and the
password is "Circle Of Life" (with one space between each of the
three words).
...
... The client may prompt the user for the username and password, after
which it will respond with a new request, including the following
Authorization ...
... encryption mechanisms from being employed to increase security or the
addition of enhancements (such as schemes to use one-time passwords)
to Basic authentication.
...
... The most serious flaw in Basic authentication is that it results in
the essentially cleartext transmission of the user's password over
the physical network ...
... Because Basic authentication involves the cleartext transmission of
passwords it SHOULD NOT be used (without enhancements) to protect
sensitive or valuable information.
...
... Basic authentication is for identification purposes
-- requiring the user to provide a user name and password as a means
of identification, for example, for purposes of gathering accurate
usage statistics on a server. When used in this way it is tempting to
...
... protected documents is not a major concern. This is only correct if
the server issues both user name and password to the users and in
particular does not allow the user to choose his or her own password.
...
... user name and password to the users and in
particular does not allow the user to choose his or her own password.
The danger arises because naive users frequently reuse a single
password ...
... password.
The danger arises because naive users frequently reuse a single
password to avoid the task of maintaining multiple passwords.
...
... The danger arises because naive users frequently reuse a single
password to avoid the task of maintaining multiple passwords.
...
...
If a server permits users to select their own passwords, then the
threat is not only unauthorized access to documents on the server but
...
... also unauthorized access to any other resources on other systems that
the user protects with the same password. Furthermore, in the
server's password database ...
... the user protects with the same password. Furthermore, in the
server's password database, many of the passwords may also be users'
...
... server's password database, many of the passwords may also be users'
passwords for other sites. The owner or administrator ...
... database, many of the passwords may also be users'
passwords for other sites. The owner or administrator of such a
system could therefore expose all users of the system to the risk of
...
... gateway, then the
attacker can request a password, store it for later use, and feign an
error. This type of attack is not possible with Digest
Authentication ...
... Digest Authentication offers no confidentiality protection beyond
protecting the actual password. All of the rest of the request and
response are available to an eavesdropper.
...
... subscribers. With Basic authentication an
eavesdropper can obtain the password of the user. This not only
permits him to access anything in the database, but, often worse,
...
... database, but, often worse,
will permit access to anything else the user protects with the same
password.
...
... Digest Authentication the eavesdropper only gets
access to the transaction in question and not to the user's password.
The information gained by the eavesdropper would permit a replay
attack, but only with a request for the same document, and even that
...
... contrast under Basic Authentication once the eavesdropper has the
user's password, any document protected by that password is open to
him.
...
... Basic Authentication once the eavesdropper has the
user's password, any document protected by that password is open to
him.
...
... nonce/response pairs against a list of common words. Such a list is
usually much smaller than the total number of possible passwords. The
cost of computing the response for each password on the list is paid
...
... usually much smaller than the total number of possible passwords. The
cost of computing the response for each password on the list is paid
once for each challenge.
...
... The server can mitigate this attack by not allowing users to select
passwords that are in a dictionary.
...
... client
will use one that exposes the user's credentials (e.g. password). For
this reason, the client should always use the strongest scheme that
...
... common words to a nonce of its choice, and store a dictionary of
(response, password) pairs. Such precomputation can often be done in
parallel on many machines. It can then use the chosen plaintext
...
... attack to acquire a response corresponding to that challenge, and
just look up the password in the dictionary. Even if most passwords
are not in the dictionary, some might be. Since the attacker ...
... attack to acquire a response corresponding to that challenge, and
just look up the password in the dictionary. Even if most passwords
are not in the dictionary, some might be. Since the attacker gets to
...
... attacker gets to
pick the challenge, the cost of computing the response for each
password on the list can be amortized over finding many passwords. A
dictionary with 100 million password ...
... pick the challenge, the cost of computing the response for each
password on the list can be amortized over finding many passwords. A
dictionary with 100 million password/response pairs would take about
...
... password on the list can be amortized over finding many passwords. A
dictionary with 100 million password/response pairs would take about
3.2 gigabytes of disk storage.
...
... attack, and can gather responses from many users to the same nonce.
It can then find all the passwords within any subset of password
space that would generate one of the nonce ...
... nonce.
It can then find all the passwords within any subset of password
space that would generate one of the nonce/response pairs in a single
...
... nonce/response pairs in a single
pass over that space. It also reduces the time to find the first
password by a factor equal to the number of nonce/response pairs
gathered. This search ...
... nonce/response pairs
gathered. This search of the password space can often be done in
parallel on many machines, and even a single machine can search large
...
... parallel on many machines, and even a single machine can search large
subsets of the password space very quickly -- reports exist of
searching all passwords with six or fewer letters in a few hours.
...
... subsets of the password space very quickly -- reports exist of
searching all passwords with six or fewer letters in a few hours.
...
... servers. If a user can be led to believe that she is connecting to a
host containing information protected by a password she knows, when
in fact she is connecting to a hostile server, then the hostile
server can request a password ...
... password she knows, when
in fact she is connecting to a hostile server, then the hostile
server can request a password, store it away for later use, and feign
an error. This type of attack is more difficult with Digest
Authentication ...
... Storing passwords ...
... Digest authentication requires that the authenticating agent (usually
the server) store some data derived from the user's name and password
in a "password file" associated with a given realm. Normally this
...
... the server) store some data derived from the user's name and password
in a "password file" associated with a given realm. Normally this
might contain pairs consisting of username and H(A1), where H(A1) is
...
... username and H(A1), where H(A1) is
the digested value of the username, realm, and password as described
above.
...
...
The security implications of this are that if this password file is
compromised, then an attacker gains immediate access to documents on
...
... attacker gains immediate access to documents on
the server using this realm. Unlike, say a standard UNIX password
file, this information need not be decrypted in order to access
documents in the server realm associated with this file. On the other
...
... decryption, or more likely a brute force attack, would be
necessary to obtain the user's password. This is the reason that the
realm is part of the digested data stored in the password file. It
...
... necessary to obtain the user's password. This is the reason that the
realm is part of the digested data stored in the password file. It
means that if one Digest authentication password ...
... password file. It
means that if one Digest authentication password file is compromised,
it does not automatically compromise others with the same username
...
... it does not automatically compromise others with the same username
and password (though it does expose them to brute force attack).
...
... There are two important security consequences of this. First the
password file must be protected as if it contained unencrypted
passwords, because for the purpose of accessing documents in its
...
... password file must be protected as if it contained unencrypted
passwords, because for the purpose of accessing documents in its
realm, it effectively does.
...