Impact of MD5 Security On Digest Authentication
The MD5 calculations used in HTTP digest authentication is intended to be "one way", meaning that it should be difficult to determine the original input when only the output is known. If the password itself is too simple, however, then it may be possible to test all possible inputs and find a matching output (a brute-force attack) – perhaps aided by a dictionary or suitable look-up list.
The HTTP scheme was designed by Phillip Hallam-Baker at CERN in 1993 and does not incorporate subsequent improvements in authentication systems, such as the development of keyed-hash message authentication code (HMAC). Although the cryptographic construction that is used is based on the MD5 hash function, collision attacks were in 2004 generally believed to not affect applications where the plaintext (i.e. password) is not known. However, claims in 2006 (Kim, Biryukov2, Preneel, Hong, "On the Security of HMAC and NMAC Based on HAVAL MD4 MD5 SHA-0 and SHA-1") cause some doubt over other MD5 applications as well. So far, however, MD5 collision attacks have not been shown to pose a threat to digest authentication, and the RFC 2617 allows servers to implement mechanisms to detect some collision and replay attacks.
Read more about this topic: Digest Access Authentication
Famous quotes containing the words impact of, impact, security and/or digest:
“The question confronting the Church today is not any longer whether the man in the street can grasp a religious message, but how to employ the communications media so as to let him have the full impact of the Gospel message.”
—Pope John Paul II (b. 1920)
“If the federal government had been around when the Creator was putting His hand to this state, Indiana wouldn’t be here. It’d still be waiting for an environmental impact statement.”
—Ronald Reagan (b. 1911)
“... most Southerners of my parents’ era were raised to feel that it wasn’t respectable to be rich. We felt that all patriotic Southerners had lost everything in defense of the South, and sufficient time hadn’t elapsed for respectable rebuilding of financial security in a war- impoverished region.”
—Sarah Patton Boyle, U.S. civil rights activist and author. The Desegregated Heart, part 1, ch. 1 (1962)
“The eating of a MacDonald’s meal is like the reading of Reader’s Digest—small, easily digested, carefully processed, carefully cut down, abridged. Reader’s Digest gives us knowledge that is easily compartmentalized, simplified, ideologically sound.”
—Clive Bloom, British educator. “MacDonald’s Man Meets Reader’s Digest,” Readings in Popular Culture: Trivial Pursuits?, St. Martin’s Press (1990)