Next: The SCRAM mechanisms, Previous: The CRAM-MD5 mechanism, Up: Mechanisms [Contents][Index]
The DIGEST-MD5 mechanism is based on repeated hashing using MD5. After the MD5 break may be argued to be weaker than HMAC-MD5 that CRAM-MD5 builds on, but DIGEST-MD5 supports other features. For example, authorization identities and data integrity and privacy protection are supported. Like CRAM-MD5, only a hashed password is transferred. Consequently, DIGEST-MD5 needs access to the correct password to verify the client response – however the server can store the password in hashed form, another improvement compared to CRAM-MD5 . Alas, this makes it impossible to use, e.g., PAM on the server side.
In the client, this mechanism is always enabled, and it requires the
GSASL_AUTHID
, GSASL_PASSWORD
, GSASL_SERVICE
, and
GSASL_HOSTNAME
properties. If set, GSASL_AUTHZID
and
GSASL_REALM
will also be used.
In the server, the mechanism will first request the
GSASL_DIGEST_MD5_HASHED_PASSWORD
callback property to get the
user’s hashed password. If the callback doesn’t supply a hashed
password (i.e., it returns ‘GSASL_NO_CALLBACK’), the
GSASL_PASSWORD
callback property will be requested. Both
callbacks may use the GSASL_AUTHID
, GSASL_AUTHZID
and
GSASL_REALM
properties to determine which users’ password should
be used. The server will then compare the client response with a
computed correct response, and accept the user accordingly.
The server uses the GSASL_QOPS
callback to get the set of
quality of protection values to use. By default, it advertises
support for authentication (qop-auth
) only. You can use the
callback, for example, to make the server advertise support for
authentication with integrity layers.
The client uses the GSASL_QOP
callback to get the quality of
protection value to request. The client must choose one of the QOP
values offered by the server (which may be inspected through the
GSASL_QOPS
property). If the client does not return a value,
qop-auth
is used by default.
The security layers of DIGEST-MD5 are rarely used in practice due to interoperability and security reasons. You are recommended to use TLS instead.
The DIGEST-MD5 mechanism is specified in RFC 2831. RFC 6331 labels DIGEST-MD5 as historic and it contains a good exposition of the disadvantages with DIGEST-MD5.
Next: The SCRAM mechanisms, Previous: The CRAM-MD5 mechanism, Up: Mechanisms [Contents][Index]