[standards-jig] 0k-authentication issues
m at tthias.net
Sat Apr 12 18:00:36 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
I see two problems with the 0k authentication protocol of Jabber and
would like to get some comments on these two issues.
With each login a counter is decremented by the server. This counter is
sent to the client before it authenticates with the server. (To tell the
client which hash it has to send to the server.)
This counter can be queried by everybody as it is send to the client
before it is authenticated. With this information everybody can
determine how often a user (that uses 0k) has logged in to its account.
By checking the counter regularly one can check at which times a user
(that uses 0k) logs in to the Jabber server.
If an attacker manages to redirect a login attempt to its own server
(e.g. by a DNS attack) he can query a hash value with a low sequence
number from the client. With this hash value he can calculate all the
following hash values and use them to login to the (real) Jabber server.
Especially he can use this hashes not only at the moment he gets them.
As he knows all hash values with a higher sequence number he can use
them later - after he has removed everything that could be used to
identify the attacker.
I think these two problems make 0k-authentication less secure than
digenst authentication. I propose that Jabber server administrators
should disable 0k as most clients will use digest authentication then.
One small note: Jabber's 0k authentication protocol is not a "zero
knowledge authentication" protocol as this term is defined in cryptology.
Fon: +49-(0)70 0770 07770 http://matthias.wimmer.name/
Fax: +49-(0)89-312 88 654 jabber://firstname.lastname@example.org
HAM: DB1MW OpenPGP: http://matthias.wimmer.name/encrypt/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Standards