Impact of MD5 Security On Digest Authentication
The MD5 calculations used in HTTP digest authentication is intended to be "one way", meaning that it should be difficult to determine the original input when only the output is known. If the password itself is too simple, however, then it may be possible to test all possible inputs and find a matching output (a brute-force attack) – perhaps aided by a dictionary or suitable look-up list.
The HTTP scheme was designed by Phillip Hallam-Baker at CERN in 1993 and does not incorporate subsequent improvements in authentication systems, such as the development of keyed-hash message authentication code (HMAC). Although the cryptographic construction that is used is based on the MD5 hash function, collision attacks were in 2004 generally believed to not affect applications where the plaintext (i.e. password) is not known. However, claims in 2006 (Kim, Biryukov2, Preneel, Hong, "On the Security of HMAC and NMAC Based on HAVAL MD4 MD5 SHA-0 and SHA-1") cause some doubt over other MD5 applications as well. So far, however, MD5 collision attacks have not been shown to pose a threat to digest authentication, and the RFC 2617 allows servers to implement mechanisms to detect some collision and replay attacks.
Read more about this topic: Digest Access Authentication
Famous quotes containing the words impact of, impact, security and/or digest:
“As in political revolutions, so in paradigm choice—there is no standard higher than the assent of the relevant community. To discover how scientific revolutions are effected, we shall therefore have to examine not only the impact of nature and of logic, but also the techniques of persuasive argumentation effective within the quite special groups that constitute the community of scientists.”
—Thomas S. Kuhn (b. 1922)
“Too many existing classrooms for young children have this overriding goal: To get the children ready for first grade. This goal is unworthy. It is hurtful. This goal has had the most distorting impact on five-year-olds. It causes kindergartens to be merely the handmaidens of first grade.... Kindergarten teachers cannot look at their own children and plan for their present needs as five-year-olds.”
—James L. Hymes, Jr. (20th century)
“...I lost myself in my work and never felt that marriage would give me the security I wanted. I thought that through the trade union movement we working women could get better conditions and security of mind.”
—Mary Anderson (1872–1964)
“The whole visible universe is but a storehouse of images and signs to which the imagination will give a relative place and value; it is a sort of pasture which the imagination must digest and transform.”
—Charles Baudelaire (1821–1867)