5.7. Digest Authentication
A halfway house between
complete encryption and none at all is digest
authentication. The idea is that a one-way hash, or
digest, is calculated from a password and various other bits of
information. Rather than sending the password, as is done in basic
authentication, the digest is sent. At the other end, the same
function is calculated: if the numbers are not identical, something
is wrong -- and in this case, since all other factors should be
the same, the "something" must be the password.
Digest authentication is applied in Apache to improve the security of
passwords. MD5
is a cryptographic hash function written by Ronald Rivest and
distributed free by RSA Data Security; with its help, the client and
server use the hash of the password and other stuff. The point of
this is that although many passwords lead to the same hash value,
there is a very small chance that a wrong password will give the
right hash value, if the hash function is intelligently chosen; it is
also very difficult to construct a password leading to the same hash
value (which is why these are sometimes referred to as
one-way hashes
). The advantage of using the hash value
is that the password itself is not sent to the server, so it
isn't visible to the Bad Guys. Just to make things more
tiresome for them, MD5 adds a few other things into the mix: the URI,
the method, and a nonce. A
nonce
is simply a number chosen by the server and told to the client,
usually different each time. It ensures that the digest is different
each time and protects against replay attacks.[47] The digest
function looks like this:
[47]This
is a method in which the Bad Guy simply monitors the Good Guy's
session and reuses the headers for his own access. If there were no
nonce, this would work every time!
MD5(MD5(<password>)+":"+<nonce>+":"+MD5(<method>+":"+<uri>))
MD5
digest authentication can be invoked with the following line:
AuthType Digest
This plugs a nasty hole in the Internet's security. Almost
unbelievably, the authentication procedures discussed up to now send
the user's password in clear text across the Web. A Bad Guy who
intercepts the Internet traffic then knows the user's password.
This is a Bad Thing. So, digest authentication works this way:
The client requests a URL. Because that URL is protected, the server replies with error 401,
"Authentication required," and among the headers, it
sends a nonce. The client combines the user's password, the nonce, the method,
and the URL, as described previously, then sends the result back to
the server. The server does the same thing with the hash of the
user's password[48] retrieved from the password file and checks
that its result matches.
[48]Which is why MD5 is applied to
the password, as well as to the whole thing: the server then
doesn't have to store the actual password, just a digest of
it.
A different nonce is sent the next time, so that the Bad Guy
can't use the captured digest to gain access.
MD5 digest authentication is implemented in Apache for two reasons.
First, it provides one of the two fully compliant reference HTTP/1.1
implementations required for the standard to advance down the
standards track; second, it provides a test bed for browser
implementations. It should only be used for experimental purposes,
particularly since it makes no effort to check that the returned
nonce[49] is the same as the one it chose in the first place. This
makes it susceptible to a replay attack.
[49]It is unfortunate that the nonce must be
returned as part of the client's digest authentication header,
but since HTTP is a stateless protocol, there is little alternative.
It is even more unfortunate that Apache simply believes it! An
obvious way to protect against this is to include the time somewhere
in the nonce and to refuse nonces older than some threshold.
The httpd.conf file is as
follows:
User webuser
Group webgroup
ServerName www.butterthlies.com
ServerAdmin sales@butterthlies.com
DocumentRoot /usr/www/site.digest/htdocs/customers
ErrorLog /usr/www/site.digest/logs/customers/error_log
TransferLog /usr/www/site.digest/logs/customers/access_log
ScriptAlias /cgi-bin /usr/www/cgi-bin
<VirtualHost sales.butterthlies.com>
ServerAdmin sales_mgr@butterthlies.com
DocumentRoot /usr/www/site.digest/htdocs/salesmen
ServerName sales.butterthlies.com
ErrorLog /usr/www/site.digest/logs/salesmen/error_log
TransferLog /usr/www/site.digest/logs/salesmen/access_log
ScriptAlias /cgi-bin /usr/www/cgi-bin
<Directory /usr/www/site.digest/htdocs/salesmen>
AuthType Digest
AuthName darkness
AuthDigestFile /usr/www/ok_digest/sales
require valid-user
#require group cleaners
</Directory>
</VirtualHost>
 Go to the Configuration file (see Chapter 1, "Getting Started" ). If the line:
Module digest_module mod_digest.o
is commented out, uncomment it and remake Apache as described
previously. Go to the Apache support directory and type:
% make htdigest
% cp htdigest /usr/local/bin
The command-line syntax for
htdigest
is:
% htdigest [-c]passwordfile realm user
Go to /usr/www (or some other appropriate spot)
and make the ok_digest directory and contents:
% mkdir ok_digest
% cd ok_digest
% htdigest -c sales darkness bill
Adding password for user bill in realm darkness.
New password: password
Re-type new password: password
% htdigest sales darkness ben
...
% htdigest sales darkness sonia
...
% htdigest sales darkness daphne
...
Digest authentication can, in principle, also use
group
authentication. However, none of it worked when we tested it with
Netscape Navigator v4.05. Provided that the line:
LogLevel debug
appeared in the Config file, the error log contained the following
entry:
client used wrong authentication scheme
Whether a webmaster used this facility or not might depend on whether
he or she could control which browsers the clients used.
 |  |  | | 5.6. Order, Allow, and Deny |  | 5.8. Anonymous Access |
Copyright © 2001 O'Reilly & Associates. All rights reserved.
|
