[Standards] [Fwd: I-D Action:draft-melnikov-digest-to-historic-00.txt]

Jonathan Chayce Dickinson chayce.za at gmail.com
Wed Sep 12 06:46:28 UTC 2007


-----Original Message-----

*snip*
> Hmm, AFAIK such password protection is a designed feature of DIGEST-MD5. 
> To take advantage of the feature, when registering a new account a user 
> must provide their DIGEST-MD5 inner password hash instead of their
password.

Which brings you round to square one. Server sends salt, client sends
MD5(salt+password). I.e. server also needs password to do the exact same
operation to check for equality, which isn't the best. What we really need
is a static and dynamic salt, one that never changes and one that changes
for each login, thus: MD5(salt1+MD5(salt2+password)). This means that each
user in the database can have a different salt (protecting users in the case
of a compromised database), and the digest can be different each time for
the same password (protecting users from a replay attack).




More information about the Standards mailing list