Re: MD5 authentication needs help

On Wed, Mar 4, 2015 at 5:03 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:

> Magnus,
>
> * Magnus Hagander (magnus(at)hagander(dot)net) wrote:
> > On Wed, Mar 4, 2015 at 4:52 PM, Stephen Frost <sfrost(at)snowman(dot)net>
> wrote:
> > > A lot of discussion has been going on with SCRAM and SASL, which is all
> > > great, but that means we end up with a dependency on SASL or we have to
> > > reimplement SCRAM (which I've been thinking might not be a bad idea-
> > > it's actually not that hard), but another suggestion was made which may
> >
> > I'd really rather not add a dependency on SASL if we can avoid it. I
> > haven't read up on SCRAM, but if it's reasonable enough to reimplement -
> or
> > if there is a BSD licensed implementation that we can import into our own
> > sourcetree without adding a dependency on SASL, that sounds like a good
> way
> > to proceed.
>
> I actually like the idea of supporting SASL generally, but I agree that
> we don't really want to force it as a dependency. I've started looking
> around for BSD-licensed SCRAM implementations and will update with any I
> find that are worthwhile to review.
>
> > > be worthwhile to consider- OpenSSL and GnuTLS both support TLS-SRP, the
> > > RFC for which is here: http://www.ietf.org/rfc/rfc5054.txt. We
> already
> > > have OpenSSL and therefore this wouldn't create any new dependencies
> and
> > > might be slightly simpler to implement.
> >
> > OpenSSL is not a *requirement* today, it's an optional dependency. Given
> > it's license we really can't make it a mandatory requirement I think. So
> if
> > we go down that route, we still leave md5 in there as the one that works
> > everywhere.
> >
> > Also AFAICT TLS-SRP actually requires the connection to be over TLS - so
> > are you suggesting that TLS becomes mandatory?
> >
> > It sounds like something that could be interesting to have, but not as a
> > solution to the "md5 problem", imo.
>
> No, I'm not suggesting that OpenSSL or TLS become mandatory but was
> thinking it might be good alternative as a middle-ground between full
> client-and-server side certificates and straight password-based auth
> (which is clearly why it was invented in the first place) and so, yes,
> md5 would still have to be kept around, but we'd at least be able to
> deprecate it and tell people "Use TLS-SRP if you really want to use
> passwords and care about network security".
>
> SCRAM doesn't actually fix the issue with network connection hijacking
> or eavesdropping, except to the extent that it protects the password
> itself, and so we might want to recommend, for people who are worried
> about network-based attacks, using TLS-SRP.
>

Assuming we do implement SCRAM, what does TLS-SRP give us that we wouldn't
get by just using SCRAM over a TLS connection?

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/