[jdev] SASL (again)

Dave Cridland dave at cridland.net
Wed Apr 15 09:57:53 CDT 2009 

On Wed Apr 15 13:52:13 2009, Jonathan Dickinson wrote:
> Hi All,
> 
> RFC 4616 implies that it is possible to store a digest for CRAM-MD5  
> in the database (just above 3. Pseudo-Code). From what I can tell  
> you need to store a plain-text password (at best the XORed  
> passwords, which is pointless).
> 
> 
In all practical senses, yes, but it's possible to store a  
digest-like entity.

> A CRAM digest is created as follows:
> 
> MD5(
>    (K XOR opad),
>    MD5(
>       (K XOR ipad),
>       timestamp
>       )
>    )

Where, in turn, K is derived from, in C-like pseudocode:

K = (strlen(password) > L) ? MD5(password) : password + ('\0' * (L -  
strlen(password)))
Where L is the block length of the hash algorithm, or 128 bits in the  
case of MD5.

So K might be reasonable stuff, or it might be the password.

But that's not what CRAM-MD5 suggests storing - they suggest storing  
the intemediate hash states - effectively an MD5 internal array pair  
pre-primed with (K ^ opad) and (K ^ ipad). This is considerably more  
secure than "just a XOR", as K is at least one block-size, and  
therefore it's roughly the same, I think, as an MD5 to extract the  
password, which is to say it requires a brute-force attack, made  
harder because the combination of the two hashes means that you need  
to find a solution to both.

Still, in general, you just call an HMAC-MD5 function in some  
library, and, in rare cases, you write the HMAC wrapper over a stock  
MD5 - either way, the best you have is the XOR products, which aren't  
nearly as good unless your users really like long passwords.

Moreover, by doing this, you're forced into storing a seperate secret  
for DIGEST-MD5, so in most cases, server implementors have two modes  
- storing plaintext passwords, for flexiblility in mechanisms, and  
storing hashed passwords, which essentially restricts to PLAIN and -  
hopefully soon - SCRAM.

Dave.
-- 
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade

More information about the JDev mailing list