Http authentication principle and https
Http defines two official certifications: basic certification and digest certification, which follow the same process:
1. The client initiates a GET request.
2. The server responds to 401 Unauthorized. WWW-Authenticate indicates the authentication algorithm and realm indicates the security domain.
3. The client re-initiates the request and Authorization specifies the username and password information.
4. If the server Authentication succeeds, the system returns the 200 message. Optional values: Authentication-Info.
Basic Authentication
Pack "username: Password" and use Base-64 Encoding
Disadvantage: the password is easy to snoop. You can hold the encoded username and password information and send it to the server for authentication;
It can work with SSL to hide the user name and password;
Digest Authentication
If the password is not sent in plain text, the server returns a random string nonce in response to the above 2nd steps.
The client sends the response digest = MD5 (HA1: nonce: HA2), where HA1 = MD5 (username: realm: password), HA2 = MD5 (method: digestURI)
In HTTP digest authentication, MD5 encryption is used to achieve "irreversible". That is to say, it is quite difficult to determine the original input when the output is known.
If the password itself is too simple, you may try all possible input to find the corresponding output (brute-force attack), or even use a dictionary or a proper search table to speed up the search.
The security enhancement of HTTP digest authentication is as follows:
1. The password is not used directly in the digest, but HA1 = MD5 (username: realm: password ). This allows some implementations (such as JBoss DIGESTAuth) to only store HA1 rather than plaintext passwords.
2. the random number nonce of the client is introduced in RFC 2617, which enables the client to prevent plaintext attack (otherwise, something like Rainbow table will become a threat to the digest Authentication Architecture ).
3. the random number nonce of the server allows the timestamp to be included. Therefore, the server can check the random number nonce submitted by the client to prevent replay attacks.
4. The server can also maintain a list of recently sent or used server random number nonce to prevent reuse.
In terms of security, digest access authentication has the following Disadvantages:
1. Many Security Options in RFC 2617 are optional. If the server does not specify the quality of protection (qop), the client operates in the early RFC 2069 mode to reduce security.
2. access authentication is vulnerable to man-in-the-middle attacks. For example, a man-in-the-middle attacker can tell the client to use basic access authentication or the early RFC 2069 digest access authentication mode.
Further, digest access authentication does not provide any mechanism to help clients verify the server's identity.
Some servers require that passwords be stored using reversible encryption algorithms. However, it is possible to store only the summary of the user name, realm, and password. [2]
It prevents the use of Strong Password Hashing functions (such as bcrypt) to save passwords (because both passwords, or summaries of user names, realm, and passwords must be recoverable ).
Before introducing https, you need to understand related terms.
Key: Digital parameter for changing password behavior;
Symmetric key encryption: the same key is used for encoding and decoding. Before communication, both parties must have a shared secret key. The attacker must traverse every possible key;
Public key encryption: two asymmetric keys are used for encoding and decoding. The former is public, and the latter is only saved on the local host. RSA is the public key encryption system invented by MIT;
Digital Signature
That is, the encrypted checksum to prevent packet tampering;
1 A extracts A variable-length packet into A fixed-length digest, applies the signature function (using the user's private key as A parameter) to it, and attaches the signature to the end of the packet;
2. B checks the signature when receiving the message and uses the public key for inverse function. If the digest does not match the plaintext digest after unpacking, the message is tampered or the private key of A is not used;
Digital Certificate
Including: Object Name; expiration time; Certificate publisher; Public Key; digital signature; most certificates use X.509 V3 format;
After a secure web transaction is established through https, the browser will take the initiative to obtain the server's digital certificate. If there is no certificate, the secure connection fails;
HTTPS
Combine the same http group of certificate-based encryption technologies. SSL is between http and tcp and is responsible for encryption and decryption of http packets;
If the URL is https, the client opens a connection to port 443 of the server, exchanges SSL security parameters with the server in a binary format, and attaches an encrypted http command;
The SSL protocol can be divided into two layers:
SSL Record Protocol (SSL Record Protocol): it is built on reliable transmission protocols (such as TCP) to provide support for basic functions such as data encapsulation, compression, and encryption for high-level protocols.
SSL Handshake Protocol: It is built on the SSL record Protocol and used before the actual data transmission starts, both parties perform identity authentication, negotiate encryption algorithms, and exchange encryption keys.
SSL protocol Workflow
Server authentication stage
1) the client sends a start message "Hello" to the server to start a new session connection;
2) The server determines whether to generate a new CMK based on the customer's information. If necessary, the server will include the information required to generate the CMK in response to the customer's "Hello" information;
3) The customer generates a master key based on the server response information and encrypts it with the public key of the server before sending it to the server;
4) The server restores the CMK and returns a message for the customer to authenticate the server with the CMK.
User authentication stage
The authenticated server sends a question to the customer, and the customer returns the question signed by (number) and the Public Key to provide the server with authentication.
Handshake process
SSL uses both public key encryption and symmetric encryption. Although symmetric encryption is faster than public key encryption, public key encryption provides better identity authentication.
① The client browser transmits the client SSL protocol version number, the type of the encryption algorithm, and the random number to the server.
② The server sends the version number, type of encryption algorithm, random number, and other related information of the SSL protocol to the client, and the server also sends its own certificate to the client.
③ The customer uses the information sent from the server to verify the server's validity, whether the certificate expires, and whether the CA that issues the server certificate is reliable, whether the public key of the issuer certificate can properly unbind the "issuer's digital signature" of the server certificate"
④ The client generates a random "symmetric password" for subsequent communication, and then encrypts it with the public key of the server and transmits it to the server.
7. The server and client use the same master password, that is, symmetric keys for encryption and decryption of secure data communication over SSL protocol.
Https Tunnel
When a connection is established, the client uses the public key pair of the server to send data encryption, and the proxy cannot read the http header, so it does not know where to direct the request;
The https ssl tunnel protocol allows the client to first inform the proxy of the server and port to be connected, that is, the client sends the endpoint information in plaintext through the connect method, and the proxy establishes a tcp connection with the server, the client directly uses this tunnel to communicate with the server;
Tunnel: send non-http traffic over http connections
This article permanently updates the link address: