[standards-jig] 0k-authentication issues
stpeter at jabber.org
Mon May 5 22:33:32 UTC 2003
There is a good reason why we stopped documenting or recommending "0k"
auth. Soon for high security we will have SASL/TLS anyway, but it's
probably best to note the fact that 0k is actively deprecated. Maybe I
should add this to the admin guide?
On Sat, Apr 12, 2003 at 06:00:36PM +0000, Matthias Wimmer wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> I see two problems with the 0k authentication protocol of Jabber and
> would like to get some comments on these two issues.
> With each login a counter is decremented by the server. This counter is
> sent to the client before it authenticates with the server. (To tell the
> client which hash it has to send to the server.)
> This counter can be queried by everybody as it is send to the client
> before it is authenticated. With this information everybody can
> determine how often a user (that uses 0k) has logged in to its account.
> By checking the counter regularly one can check at which times a user
> (that uses 0k) logs in to the Jabber server.
> If an attacker manages to redirect a login attempt to its own server
> (e.g. by a DNS attack) he can query a hash value with a low sequence
> number from the client. With this hash value he can calculate all the
> following hash values and use them to login to the (real) Jabber server.
> Especially he can use this hashes not only at the moment he gets them.
> As he knows all hash values with a higher sequence number he can use
> them later - after he has removed everything that could be used to
> identify the attacker.
> I think these two problems make 0k-authentication less secure than
> digenst authentication. I propose that Jabber server administrators
> should disable 0k as most clients will use digest authentication then.
> One small note: Jabber's 0k authentication protocol is not a "zero
> knowledge authentication" protocol as this term is defined in cryptology.
> Tot kijk
> ~ Matthias
> - --
> Fon: +49-(0)70 0770 07770 http://matthias.wimmer.name/
> Fax: +49-(0)89-312 88 654 jabber://email@example.com
> HAM: DB1MW OpenPGP: http://matthias.wimmer.name/encrypt/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> -----END PGP SIGNATURE-----
> Standards-JIG mailing list
> Standards-JIG at jabber.org
Jabber Software Foundation
More information about the Standards