Friday, February 24, 2006, 4:19:01 AM, James Holderness wrote:
> Are you sure? I would have thought you could precompute the > user/realm/password hash and just store that. For the MD5 algorithm that > essentially gives you H(A1). For MD5-sess you combine it with the server and > client nonce values to get A1. > Actually, looking at RFC2617 it basically says as much: "Because the server > need only use the hash of the user credentials in order to create the A1 > value, this construction could be used in conjunction with a third party > authentication service so that the web server would not need the actual > password value." I'm no expert on digest auth, but the argument that I've overheard before is that although you don't need to store plaintext passwords on the server, you do need to at least store H(A1) hashes on the server, and if an attacker gets hold of the hash file, these hashes are as good as passwords for logging into the system via Digest. Ideally the password hashes would be strongly protected, and anyone with access to them would already have access to the data that they protect anyway; but it still widens the area for attack somewhat. Have I got that right? -- Dave
