分享
 
 
 

RFC2195 - IMAP/POP AUTHorize Extension for Simple Challenge/Response

王朝other·作者佚名  2008-05-31
窄屏简体版  字體: |||超大  

Network Working Group J. Klensin

Request for Comments: 2195 R. Catoe

Category: Standards Track P. Krumviede

Obsoletes: 2095 MCI

September 1997

IMAP/POP AUTHorize Extension for Simple Challenge/Response

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Abstract

While IMAP4 supports a number of strong authentication mechanisms as

described in RFC1731, it lacks any mechanism that neither passes

cleartext, reusable passWords across the network nor requires either

a significant security infrastrUCture or that the mail server update

a mail-system-wide user authentication file on each mail Access.

This specification provides a simple challenge-response

authentication protocol that is suitable for use with IMAP4. Since

it utilizes Keyed-MD5 digests and does not require that the secret be

stored in the clear on the server, it may also constitute an

improvement on APOP for POP3 use as specified in RFC1734.

1. Introduction

Existing Proposed Standards specify an AUTHENTICATE mechanism for the

IMAP4 protocol [IMAP, IMAP-AUTH] and a parallel AUTH mechanism for

the POP3 protocol [POP3-AUTH]. The AUTHENTICATE mechanism is

intended to be extensible; the four methods specified in [IMAP-AUTH]

are all fairly powerful and require some security infrastructure to

support. The base POP3 specification [POP3] also contains a

lightweight challenge-response mechanism called APOP. APOP is

associated with most of the risks associated with such protocols: in

particular, it requires that both the client and server machines have

access to the shared secret in cleartext form. CRAM offers a method

for avoiding such cleartext storage while retaining the algorithmic

simplicity of APOP in using only MD5, though in a "keyed" method.

At present, IMAP [IMAP] lacks any facility corresponding to APOP.

The only alternative to the strong mechanisms identified in [IMAP-

AUTH] is a presumably cleartext username and password, supported

through the LOGIN command in [IMAP]. This document describes a

simple challenge-response mechanism, similar to APOP and PPP CHAP

[PPP], that can be used with IMAP (and, in principle, with POP3).

This mechanism also has the advantage over some possible alternatives

of not requiring that the server maintain information about email

"logins" on a per-login basis. While mechanisms that do require such

per-login history records may offer enhanced security, protocols such

as IMAP, which may have several connections between a given client

and server open more or less simultaneous, may make their

implementation particularly challenging.

2. Challenge-Response Authentication Mechanism (CRAM)

The authentication type associated with CRAM is "CRAM-MD5".

The data encoded in the first ready response contains an

presumptively arbitrary string of random digits, a timestamp, and the

fully-qualified primary host name of the server. The syntax of the

unencoded form must correspond to that of an RFC822 'msg-id'

[RFC822] as described in [POP3].

The client makes note of the data and then responds with a string

consisting of the user name, a space, and a 'digest'. The latter is

computed by applying the keyed MD5 algorithm from [KEYED-MD5] where

the key is a shared secret and the digested text is the timestamp

(including angle-brackets).

This shared secret is a string known only to the client and server.

The `digest' parameter itself is a 16-octet value which is sent in

hexadecimal format, using lower-case ASCII characters.

When the server receives this client response, it verifies the digest

provided. If the digest is correct, the server should consider the

client authenticated and respond appropriately.

Keyed MD5 is chosen for this application because of the greater

security imparted to authentication of short messages. In addition,

the use of the techniques described in [KEYED-MD5] for precomputation

of intermediate results make it possible to avoid eXPlicit cleartext

storage of the shared secret on the server system by instead storing

the intermediate results which are known as "contexts".

CRAM does not support a protection mechanism.

Example:

The examples in this document show the use of the CRAM mechanism with

the IMAP4 AUTHENTICATE command [IMAP-AUTH]. The base64 encoding of

the challenges and responses is part of the IMAP4 AUTHENTICATE

command, not part of the CRAM specification itself.

S: * OK IMAP4 Server

C: A0001 AUTHENTICATE CRAM-MD5

S: + PDE4OTYuNjk3MTcwOTUyQHBvc3RvZmZpY2UucmVzdG9uLm1jaS5uZXQ+

C: dGltIGI5MTNhNjAyYzdlZGE3YTQ5NWI0ZTZlNzMzNGQzODkw

S: A0001 OK CRAM authentication successful

In this example, the shared secret is the string

'tanstaaftanstaaf'. Hence, the Keyed MD5 digest is produced by

calculating

MD5((tanstaaftanstaaf XOR opad),

MD5((tanstaaftanstaaf XOR ipad),

<1896.697170952@postOffice.reston.mci.net>))

where ipad and opad are as defined in the keyed-MD5 Work in

Progress [KEYED-MD5] and the string shown in the challenge is the

base64 encoding of <1896.697170952@postoffice.reston.mci.net>. The

shared secret is null-padded to a length of 64 bytes. If the

shared secret is longer than 64 bytes, the MD5 digest of the

shared secret is used as a 16 byte input to the keyed MD5

calculation.

This produces a digest value (in hexadecimal) of

b913a602c7eda7a495b4e6e7334d3890

The user name is then prepended to it, forming

tim b913a602c7eda7a495b4e6e7334d3890

Which is then base64 encoded to meet the requirements of the IMAP4

AUTHENTICATE command (or the similar POP3 AUTH command), yielding

dGltIGI5MTNhNjAyYzdlZGE3YTQ5NWI0ZTZlNzMzNGQzODkw

3. References

[CHAP] Lloyd, B., and W. Simpson, "PPP Authentication Protocols",

RFC1334, October 1992.

[IMAP] Crispin, M., "Internet Message Access Protocol - Version

4rev1", RFC2060, University of Washington, December 1996.

[IMAP-AUTH] Myers, J., "IMAP4 Authentication Mechanisms",

RFC1731, Carnegie Mellon, December 1994.

[KEYED-MD5] Krawczyk, Bellare, Canetti, "HMAC: Keyed-Hashing for

Message Authentication", RFC2104, February 1997.

[MD5] Rivest, R., "The MD5 Message Digest Algorithm",

RFC1321, MIT Laboratory for Computer Science, April 1992.

[POP3] Myers, J., and M. Rose, "Post Office Protocol - Version 3",

STD 53, RFC1939, Carnegie Mellon, May 1996.

[POP3-AUTH] Myers, J., "POP3 AUTHentication command", RFC1734,

Carnegie Mellon, December, 1994.

4. Security Considerations

It is conjectured that use of the CRAM authentication mechanism

provides origin identification and replay protection for a session.

Accordingly, a server that implements both a cleartext password

command and this authentication type should not allow both methods of

access for a given user.

While the saving, on the server, of "contexts" (see section 2) is

marginally better than saving the shared secrets in cleartext as is

required by CHAP [CHAP] and APOP [POP3], it is not sufficient to

protect the secrets if the server itself is compromised.

Consequently, servers that store the secrets or contexts must both be

protected to a level appropriate to the potential information value

in user mailboxes and identities.

As the length of the shared secret increases, so does the difficulty

of deriving it.

While there are now suggestions in the literature that the use of MD5

and keyed MD5 in authentication procedures probably has a limited

effective lifetime, the technique is now widely deployed and widely

understood. It is believed that this general understanding may

assist with the rapid replacement, by CRAM-MD5, of the current uses

of permanent cleartext passwords in IMAP. This document has been

deliberately written to permit easy upgrading to use SHA (or whatever

alternatives emerge) when they are considered to be widely available

and adequately safe.

Even with the use of CRAM, users are still vulnerable to active

attacks. An example of an increasingly common active attack is 'TCP

Session Hijacking' as described in CERT Advisory CA-95:01 [CERT95].

See section 1 above for additional discussion.

5. Acknowledgements

This memo borrows ideas and some text liberally from [POP3] and

[RFC-1731] and thanks are due the authors of those documents. Ran

Atkinson made a number of valuable technical and editorial

contributions to the document.

6. Authors' Addresses

John C. Klensin

MCI Telecommunications

800 Boylston St, 7th floor

Boston, MA 02199

USA

EMail: klensin@mci.net

Phone: +1 617 960 1011

Randy Catoe

MCI Telecommunications

2100 Reston Parkway

Reston, VA 22091

USA

EMail: randy@mci.net

Phone: +1 703 715 7366

Paul Krumviede

MCI Telecommunications

2100 Reston Parkway

Reston, VA 22091

USA

EMail: paul@mci.net

Phone: +1 703 715 7251

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有