A. Basic Certification
After the client connects the user name and password with ":", the ciphertext is sent to the server by BASE64 encryption via the authorization request header, and each request needs to be sent repeatedly. The Basic authentication process is simple and the security is low, and there are many other security issues that reveal personal account information . The following is a schematic demonstration only and does not represent the actual situation:
The client requests data from the server:
get/http/1.1
Host:www.myrealm.com
The server sends a validation request to the client 401:
http/1.1 401 Unauthorised
server:bfe/1.0.8.18
Www-authenticate:basic realm= "Myrealm.com"
content-type:text/html; Charset=utf-8
After the client receives a 401 return value, a login window will automatically pop up waiting for the user to enter the user name and password
The "User name: Password" is BASE64 encrypted and sent to the service side for verification:
get/http/1.1
Host:www.myrealm.com
Authorization:basic xxxxxxxxxxxxxxxxxxxxxxxxxxxx
The service side takes out the authorization request header information to decrypt, and compares with the user database to judge whether is legitimate, the legal will return the OK. The RFC 2617 specification in Basic authentication does not send Authentication-info head, Authentication-info Head is added in digest certification
650) this.width= 650, "src="/img/fz.gif "alt=" Copy Code "style=" Margin:0px;padding:0px;border:none; "/>
1 <?php 2 if (!isset ($_server[' Php_auth_user ')) { 3 header (' www-authenticate: basic realm= ' My realm "'); 4 header (' http/1.0 401 unauthorized '); 5 echo ' Text to send if user hits cancel button '; 6 exit; 7 } else { 8 echo "<p>Hello {$_server[' Php_auth_user ']}.</p> "; 9 echo " <p>You entered {$_server[' PHP_AUTH_PW ']} as your password.</p> "; 10 }
650) this.width=650; "src="/img/fz.gif "alt=" Copy Code "style=" Margin:0px;padding:0px;border:none; "/>
Two. Digest Certification
Digest certification is designed to address many of the flaws in basic certification, and user passwords are a key element throughout the certification process.
The Digest authentication response header instance sent by the server and the meanings of the instructions: thePHP Official document sent Www-authenticate header between the instructions with a space, under Chrome will not pop up the certification dialog box, should be replaced by "," or ","
Www-authenticate:digest realm= "Restricted area", qop= "Auth,auth-int", nonce= "58e8e52922398", opaque= " Cdce8a5c95a1427d74df7acbf41c9ce0 ", algorithm=" MD5 "
www-authenticate: Header of the authentication challenge sent by the server
authentication-info: Header of the authentication response sent by the server, including nextnonce, rspauth response summary, etc.
Realm: Authorization domain, should contain at least host name
domain: Grants access to the URIs list, separated by spaces between items and items
Qop: Quality protection, value auth or auth-int or [token],auth-int contains integrity check for entity body
nonce: The random number generated by the server, to increase the complexity of the digest generation, so as to increase the difficulty of cracking passwords, to prevent "man-in-the-middle" and "malicious server" and other types of attacks, which is relative to not using the directive, in addition, the nonce itself can be used to prevent replay attacks, Used to implement client-side authentication on the server. RFC 2617 recommends using this random number calculation formula: Nonce = BASE64 (Time-stamp MD5 (time-stamp ":" ETag ":" Private-key) "), the server can determine this nonce time validity,ETag (URL corresponding to the resource entity Tag, in CGI programming usually need to generate the ETag and authentication, can be used to identify the URL of the corresponding resource changes, distinguish between different languages, sessions, cookies, etc.) can prevent the updated resource version (not updated invalid, It is necessary to set the nonce validity) Replay request , Private-key to the server private key
Opaque: This is an opaque data string that is sent to the client during cross-examination and the client sends the data string back to the server. If you need to maintain some state between the server and the client, maintaining state data with a nonce is an easier and more secure way to implement it.
stale: nonce expiration flag with a value of true or False
algorithm: Digest algorithm, value is MD5 or md5-sess or [token], default is MD5
The Digest Authentication Header request instance and the instruction meaning of the client are sent under the following instructions:
Authorization : digest username= "Somename", realm= "Restricted area", nonce= "58e8e52922398", Uri= "/t.php", response= "9c839dde909d270bc5b901c7f80f77d5", opaque= "Cdce8a5c95a1427d74df7acbf41c9ce0" , qop= "auth", nc=00000001, cnonce= "9c30405c3a67a259"
-
cnonce : Random number generated by the client for authentication to the server by the client. The presence of attacks such as "man-in-the-middle" and "rogue server" has led to a deliberate selection of a nonce value rather than a random one that is likely to be passed on to the client for summarization, making the "selective plaintext attack" possible and the last user password compromised. Thus, like the nonce, cnonce can be used to increase the complexity of digest generation, thus increasing the difficulty of cracking passwords, and also guaranteeing the authentication to the server
&NBSP;
NC: The client needs to send NC (Nonce-count) when the Qop is turned on by the server. The server can detect request replay with current nonce tokens by maintaining NC. If the same NC appears in the two requests that are marked with the current nonce, then the two requests are repeated requests. therefore, in addition to the Nonce, NC is the last guarantee for preventing replay attacks. Therefore, in addition to maintaining user account information, the service side also needs to maintain the Nonce and NC Association state data
The summary calculation method is described below:
General representation of the algorithm
H (data) = MD5 (data) KD (secret, data) = h (concat (Secret, ":", data))
Data related to security information is represented by A1, then
A) using MD5 algorithm: a1= (user):(realm):(password) b) using md5-sess algorithm: A1=h ((user):(realm):(password): nonce:cnonce
Data unrelated to security information is represented by A2, then
A) Qop is auth or undefined: a2= (request-method):(uri-directive-value) b) Qop to auth-int:a2= (request-method):( Uri-directive-value): H ((Entity-body))
The digest value is expressed in response, then
650) this.width=650; "src="/img/fz.gif "alt=" Copy Code "style=" Margin:0px;padding:0px;border:none; "/>
A) If QOP is not defined: Response = KD (H (A1), <nonce>:h (A2)) = h (H (A1), <nonce>:h (A2)) b) If Qop is auth or auth-int:res Ponse = KD (H (A1), <nonce>:<nc>:<cnonce>:<qop>:h (A2)) = h (H (A1), <nonce>:<nc>: <cnonce>:<qop>:h (A2))
650) this.width=650; "src="/img/fz.gif "alt=" Copy Code "style=" Margin:0px;padding:0px;border:none; "/>
Three. Security Risks
On -line dictionary attack (online dictionary attacks) : An attacker could attempt to simulate a response with a dictionary containing a password and then compare it to any nonce/response pair that was tapped, and if the result is consistent, the attack succeeds. To deal with dictionary attacks against weak passwords, to reduce the likelihood of successful attacks, you can prevent users from using weak passwords
Man in the Middle: During a man-in-the-middle attack, a weak authentication scheme is added and provided to the client, so you should always choose the strongest one from multiple alternative authentication scenarios , even the middleman may replace the Digest authentication provided by the server with the Basic authentication, thus stealing the security credentials of the user, and then the middleman can use the credentials to respond to the Digest authentication Cross-examination on the service side, and the attacker may also be under the guise of free caching proxy service to solicit the credulous Steal their security credentials by implementing a man-in-the-middle attack; an intermediary agent may also induce the client to send a request to the server. To this end, the client may consider the security level of risk warning, or in the tracking service side of the certification configuration found its certification strength to issue a warning, or configured to use only strong authentication, or from the designated site to complete the certification
pre-computed dictionary attack (precomputed dictionary attacks) : The attacker constructs (response, password) the dictionary, and then uses the selective plaintext (nonce) attack method to obtain the corresponding cross-examination response, the search dictionary finds the matching response the attack succeeds
Batch Brute force attacks: The middleman performs a selective plaintext attack on multiple users to collect corresponding responses, by controlling the nonce/ The number of response pairs will shorten the time to find the first password, and the response to this attack is to require the client to use cnonce instructions
Fake Server spoofing (Spoofing by Counterfeit Servers): This attack is easier for basic authentication and more difficult for digest authentication, but only if the client must know that Digest authentication is going to be used. How the user discovers this potential attack pattern in the authentication mechanism used should be visible help
HTTP Authentication mode: Basic & Digest