[Standards] [Fwd: XEP78; Non-SASL Authentication]

Peter Saint-Andre stpeter at stpeter.im
Wed Jan 23 15:54:09 CST 2008 

An anonymous forward from someone who pinged me about some of the text 
in XEP-0078...

---------- Begin Forwarded Message ----------

I have a small question on the mentioned XEP. In the "Security
Considerations" there is the sentence "Authentication using the
'jabber:iq:auth' method is known to be less secure than SASL
authentication, which is one reason why the 'jabber:iq:auth' method has
been deprecated.", but I can't find references why this is the case.

I mean, in the XMPP Core RFC SASL is specified as authentication
mechanism, using at least DIGEST-MD5 authentication. Digest-md5 is
basically a md5 hash over a server-side generated nonce concatenated
with the user password.
XEP78 authentication is a sha1 hash over a server-side nonce (stream id)
concatenated with the user password.

(Premise: Server-side nonce is truly random.)

So, the only difference is md5 vs. sha1. And md5 has fewer bits, and
thus is less secure (I don't think those recent Chinese attacks on md5
have any impact on the authentication mechanism...).

If you have references to any papers, discussion threads, etc., I would
be glad to get a link to them. Also, if I missed something, please
enlighten me.

---------- End Forwarded Message ----------

The reasoning behind the switch from jabber:iq:auth to SASL was:

1. SASL is more flexible (lots of different mechanisms).

2. SASL can be more secure (depending on the mechanism used).

3. We were thinking about switching to SASL as early as XEP-0034.

4. IETF security review recommended use of SASL.

It seems wrong to compare iq:auth to SASL or to say that iq:auth is less 
secure. SASL PLAIN over an unencrypted connection is less secure than 
iq:auth with digest password, whereas SASL EXTERNAL is probably more 
secure than iq:auth. It all depends on the mechanism used. Therefore I 
think it would be more accurate to describe the reasons for changing to 
SASL and remove the misleading text about iq:auth being less secure.

Any objections?

Peter

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/standards/attachments/20080123/4052d654/attachment-0001.bin

More information about the Standards mailing list