Content deleted Content added
Adding short description: "Method of negotiating credentials between web server and browser" |
Citation bot (talk | contribs) Alter: template type. Add: s2cid, doi, date, newspaper, authors 1-7. Removed parameters. Some additions/deletions were parameter name changes. | Use this bot. Report bugs. | Suggested by Anderjef | #UCB_toolbar |
||
Line 57:
The above shows that when qop is not specified, the simpler RFC 2069 standard is followed.
In September 2015, RFC 7616 replaced RFC 2617 by adding 4 new algorithms: "SHA-256", "SHA-256-sess", "SHA-512-256" and "SHA-512-256-sess". The encoding is equivalent to "MD5" and "MD5-sess" algorithms, with [[MD5|MD5 hashing function]] replaced with [[SHA-256]] and [[SHA-256|SHA-512-256]]. However, as of July 2021, none of popular browsers, including Firefox<ref>{{cite web |title=Bug 472823: SHA 256 Digest Authentication |url=https://bugzilla.mozilla.org/show_bug.cgi?id=472823 |website=Mozilla Bugzilla}}</ref> and Chrome,<ref>{{cite web |title= Issue 1160478: SHA-256 for HTTP Digest Access Authentication in accordance with rfc7616 |url=https://bugs.chromium.org/p/chromium/issues/detail?id=1160478 |website=Chromium bugs}}</ref> support SHA-256 as the hash function. As of October 2021, Firefox 93<ref>{{cite web |title=Bug 472823: SHA 256 Digest Authentication |url=https://bugzilla.mozilla.org/show_bug.cgi?id=472823 |website=Mozilla Bugzilla}}</ref> officially supports "SHA-256" and "SHA-256-sess" algorithms for digest authentication. However, support for "SHA-512-256", "SHA-512-256-sess" algorithms and username hashing<ref>{{cite
== Impact of MD5 security on digest authentication ==
Line 103:
* Many of the security options in RFC 2617 are optional. If quality-of-protection (qop) is not specified by the server, the client will operate in a security-reduced legacy RFC 2069 mode
* Digest access authentication is vulnerable to a [[Man-in-the-middle attack|man-in-the-middle (MITM) attack]]. For example, a MITM attacker could tell clients to use basic access authentication or legacy RFC2069 digest access authentication mode. To extend this further, digest access authentication provides no mechanism for clients to verify the server's identity
* A server can store HA1 = MD5(username:realm:password) instead of the password itself. However, if the stored HA1 is leaked, an attacker can generate valid responses and access documents in the realm just as easily as if they had access to the password itself. The table of HA1 values must therefore be protected as securely as a file containing plaintext passwords. <ref>{{cite
| url = https://tools.ietf.org/html/rfc2617#section-4.13
| title = HTTP Authentication: Basic and Digest Access Authentication: Storing passwords
| date = June 1999
| publisher = [[IETF]]
| doi = 10.17487/RFC2617
}}</ref>▼
| last1 = Franks
| first1 = J.
| last2 = Hallam-Baker
| first2 = P.
| last3 = Hostetler
| first3 = J.
| last4 = Lawrence
| first4 = S.
| last5 = Leach
| first5 = P.
| last6 = Luotonen
| first6 = A.
| last7 = Stewart
| first7 = L.
| s2cid = 27137261
▲ }}</ref>
* Digest access authentication prevents the use of a strong password hash (such as [[bcrypt]]) when storing passwords (since either the password, or the digested username, realm and password must be recoverable)
| |||