On Mon, Nov 10, 2003 at 10:36:07PM +0200, Timo Sirainen wrote:
Thanks. I thought CRAM-MD5 required plaintext password in server side, but looks like you store them in some MD5 hash. That's good :)
Well - sort of good. Unfortunately, the HMAC-MD5 encoding used doesn't salt the passwords as they're hashed.
Theft of the hash allows an attacker to authenticate as that user, and also permits a dictionary attack. These weaknessess partially motivate DIGEST-MD5, of course, but it's still better than pure cleartext.
The format is the same as that used by Courier IMAP. Properly, it should be called {HMAC-MD5}, so the attached patch makes that change before this settles.
[snip]
And I rather try to avoid using 64bit integers which you used there, so I changed them to just print 16 random digits.
:) I was trying to minimise the amount of entropy pulled from the PRNG. (For the same amount of entropy, using ints produced a challenge space of 2^128 integers vs roughly 2^53).
It'd be nice to add CRAM-MD5 support to password_verify() too so that plaintext authentication could work with such passwords. But not that important.
done. tested with passwd-file. see attached.
Would you consider including this in the next release?
Committed to CVS, see if it still works after my changes? ;)
I had problems with RFC noncompliance of the challenge (missing "<",">" and comedy challenge characters with %10 of signed chars). fixed, see patch.
It Works For Me(tm).
I've also added a doco update, and claimed copyright of the HMAC routine :)
Joshua.
-- Joshua Goodall joshua@roughtrade.net "Your object hit ratio is weak, old man" "If you cache me now, I will dump more core than you can possibly imagine"