[Divunal-list] Security Considerations

Raffi Krikorian raffi@MIT.EDU
Mon, 21 Jun 1999 22:06:20 EDT 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>     A total security implementation cannot be attained but the security
> of the password mechanism can be improved. The password is currently
> sent in plain text across the connection and stored with
> twisted.util.UnixCrypt. Following the Linux security model with PAM, it
> should be stored in a hash such as MD5 or SHA-1. Both are more secure
> and require no additional software then JDK 1.1+ (For the GTK+ version,
> I can get an MD5 version for any license). Also, the password should be
> sent over the connection in a hashed form. Following a model such as OTP
> (rfc2289), a small challenge string should be sent with the LOGIN
> message and then the password hash commputed by a command such as HASH(
> challenge & HASH( password )) should be sent across from the client. The
> server would take the stored password hash and challenge and execute
> HASH( challenge & stored-password-hash )). The server would compare the
> client generated with the server generated and if they match then allow
> the client to login. This would be an improvement over the current model
> as it prevents a plain text password from crossing the network and keeps
> it stored in a secure form on the server.

pardon the interjection-

1) use SHA-1 ... according to rivest it is more secure and you'll have
less collisions.  its a pain to code by yourself, but oh well...  this
is legal, right?  i don't remember the laws for SHA-1...

2) why stop at only encrypting the password?  you may have a good
reason, but i couldn't pick it out from the e-mail.  

if you want to encrypt everything (if memory servers -- usual
disclaimers apply -- i'm not a cryptographer)....

 1. client sends the server the user name
 2. server sends back a nonce encrypted with the client's hashed password
 3. client hashes the password so he can decrypt the nonce
 4. use the nonce to encrypt all communications back and forth

my only complaint is that we are using an uniform key for the
communications.  make sure the nonce is generated by a good random
function that is time stamped.

oh well -- this is just a paranoia freak talking...

rk

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQA/AwUBN27vmwfhhcUIXXW3EQLtvwCfZS6EzIBPt85XLkkDQg35drOUfXoAn27f
HX6cEhWpgcbf4W+6kWALHBe4
=sQ9K
-----END PGP SIGNATURE-----