Главная Обзор Помощь
Вход
FirebirdDB
/
firebird
зеркало из https://github.com/FirebirdSQL/firebird.git
2
0
Ответвить 0
Файлы Задачи 0 Вики
Ветка: work/gh-7428
Ветки Метки
firebird
/
doc
/
README.SecureRemotePassword.html

README.SecureRemotePassword.html 11 KB
Постоянная ссылка История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197 
  1. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
    2. 

  2. <html>
    3. 

  3. <head>
    4. 

  4. 	<meta http-equiv="content-type" content="text/html; charset=utf-8"/>
    5. 

  5. 	<title>Make firebird's SRP implementation current NIST guidance compliant</title>
    6. 

  6. 	<meta name="generator" content="LibreOffice 5.1.6.2 (Linux)"/>
    7. 

  7. 	<meta name="created" content="00:00:00"/>
    8. 

  8. 	<meta name="changed" content="2018-06-20T19:32:59.045535257"/>
    9. 

  9. 	<meta name="DCTERMS.issued" content="2018-04-09T10:14:20.507318741"/>
    10. 

  10. 	<meta name="DCTERMS.language" content="en-US"/>
    11. 

  11. 	<meta name="DCTERMS.modified" content="2018-04-09T10:14:29.569131327"/>
    12. 

  12. 	<meta name="DCTERMS.provenance" content=""/>
    13. 

  13. 	<meta name="DCTERMS.source" content="http://xml.openoffice.org/odf2xhtml"/>
    14. 

  14. 	<meta name="DCTERMS.subject" content=","/>
    15. 

  15. 	<meta name="DCTERMS.title" content=""/>
    16. 

  16. 	<style type="text/css">
    17. 

  17. 		p { margin-left: 0.79in; margin-right: 0.79in; color: #000000 }
    18. 

  18. 		td p { margin-left: 0.79in; margin-right: 0.79in; color: #000000; font-size: 12pt }
    19. 

  19. 		h1 { margin-left: 0.79in; margin-right: 0.79in; color: #000000 }
    20. 

  20. 		h2 { margin-left: 0.79in; margin-right: 0.79in; color: #000000 }
    21. 

  21. 		h2.cjk { font-family: "Noto Sans CJK SC Regular" }
    22. 

  22. 		h2.ctl { font-family: "FreeSans" }
    23. 

  23. 		p.p1 { margin-bottom: 0.1in; font-family: "Liberation Serif"; font-size: 12pt; line-height: 120% }
    24. 

  24. 		p.p4 { margin-bottom: 0.1in; font-family: "Liberation Serif"; font-size: 12pt; line-height: 120% }
    25. 

  25. 		td p.p6 { margin-bottom: 0.1in; font-family: "Liberation Serif"; font-size: 12pt; line-height: 120% }
    26. 

  26. 		p.p5 { margin-bottom: 0.1in; font-family: "Liberation Serif"; font-size: 12pt; line-height: 120% }
    27. 

  27. 		p.p7 { margin-bottom: 0.1in; font-family: "Liberation Serif"; font-size: 12pt; line-height: 120% }
    28. 

  28. 		p.p2 { margin-bottom: 0.1in; font-family: "Liberation Serif"; font-size: 12pt; line-height: 120% }
    29. 

  29. 		p.p9 { margin-bottom: 0.1in; font-family: "Liberation Serif"; font-size: 12pt; line-height: 120% }
    30. 

  30. 		p.p10 { margin-bottom: 0in; font-family: "Liberation Serif"; font-size: 12pt; line-height: 120% }
    31. 

  31. 	</style>
    32. 

  32. </head>
    33. 

  33. <body lang="en-US" text="#000000" dir="ltr">
    34. 

  34. </p>
    35. 

  35. <h1><a name="a__Replacement_of_use_of_SHA-1_in_the_SRP_Client_Proof_with_a_SHA-2_Message_Digest"></a>
    36. 

  36. Replacement of use of SHA-1 in the SRP Client Proof with a SHA-2
    37. 

  37. Message Digest</h1>
    38. 

  38. <p class="p1">The Firebird implementation of the Secure Remote
    39. 

  39. Protocol (SRP) for password based user authentication has been
    40. 

  40. updated following a security review of the original Firebird SRP-6a
    41. 

  41. implementation taking into account current NIST guidance on the use
    42. 

  42. of SHA-1 – see NIST Special Publication 800-131A, Revision 1,
    43. 

  43. Transitions: Recommendation for Transitioning the Use of
    44. 

  44. Cryptographic Algorithms and Key Lengths
    45. 

  45. (<a href="http://dx.doi.org/10.6028/NIST.SP.800-131Ar1">http://dx.doi.org/10.6028/NIST.SP.800-131Ar1</a>)
    46. 

  46. chapter 9. This guidance disallows the general use of SHA-1 for
    47. 

  47. “Digital Signature Generation” whilst permitting continued use
    48. 

  48. for “Digital Signature Verification”. The background to making
    49. 

  49. this change is given below.</p>
    50. 

  50. <p class="p4">The SHA-256 message digest may be used instead of SHA-1
    51. 

  51. for generating the Client Proof. Alternatively, SHA-1 (default for
    52. 

  52. FB3) may is used in FB3.0.4 due to compatibility issues. Default may
    53. 

  53. be changed in future point releases of FB3! Separate AuthServer and
    54. 

  54. AuthClient plugins are available for each supported message digest,
    55. 

  55. with the following names:</p>
    56. 

  56. <table cellpadding="1" cellspacing="4">
    57. 

  57. 	<tr>
    58. 

  58. 		<td>
    59. 

  59. 			<p align="left">Srp</p>
    60. 

  60. 		</td>
    61. 

  61. 		<td>
    62. 

  62. 			<p align="left">SHA-1 Client Proof</p>
    63. 

  63. 		</td>
    64. 

  64. 	</tr>
    65. 

  65. 	<tr>
    66. 

  66. 		<td>
    67. 

  67. 			<p align="left">Srp256</p>
    68. 

  68. 		</td>
    69. 

  69. 		<td>
    70. 

  70. 			<p align="left">SHA-256 Client Proof</p>
    71. 

  71. 		</td>
    72. 

  72. 	</tr>
    73. 

  73. </table>
    74. 

  74. <p class="p5">Both client and server must have an SRP authentication
    75. 

  75. plugin in common in order to enable successfully authentication of a
    76. 

  76. user's password. 
    77. 

  77. </p>
    78. 

  78. <p class="p5">There is no change to the SRP User Manager. This is
    79. 

  79. still called (“Srp”) and the User Manager and the security
    80. 

  80. database are not affected by the choice of message digest used to
    81. 

  81. compute the client proof.</p>
    82. 

  82. <p class="p4">The “firebird.conf” default configuration file
    83. 

  83. entries for AuthServer and AuthClient are now:</p>
    84. 

  84. <p class="p4">AuthServer = Srp<br/>
    85. 

  85. AuthClient = Srp, Srp256,
    86. 

  86. Legacy_Auth (Non -windows clients)<br/>
    87. 

  87. AuthClient = Srp, Srp256,
    88. 

  88. Win_Sspi, Legacy_Auth (windows clients)</p>
    89. 

  89. <p class="p4">With these settings, a Firebird client can use Srp to
    90. 

  90. authenticate using either SHA-256 or SHA-1 to compute the client
    91. 

  91. proof and is thus backwards compatible with  Firebird 3 servers. If
    92. 

  92. you need NIST compliance and/or higher security you can set</p>
    93. 

  93. <p class="p4">AuthServer = Srp256</p>
    94. 

  94. <p class="p4">in firebird.conf. This will break compatibility with
    95. 

  95. pre-3.0.4 clients.</p>
    96. 

  96. <p class="p7">A deployment where both client and servers support the
    97. 

  97. legacy Srp (using SHA-1) and the SHA-2 authentication plugin (e.g.
    98. 

  98. Srp256) should be avoided. This is because an attacker might be able
    99. 

  99. to disrupt the Srp256 authentication thereby forcing Firebird to use
    100. 

  100. the weaker Srp SHA-1 client proof without the user being aware.</p>
    101. 

  101. <h2 class="western"><a name="a__REASON_FOR_CHANGE"></a>REASON FOR
    102. 

  102. CHANGE</h2>
    103. 

  103. <p class="p1">Review of the Firebird SRP implementation appears to
    104. 

  104. indicate that most uses of SHA-1 continue to be permitted under NIST
    105. 

  105. guidance except for its use in generating the client proof. The SRP
    106. 

  106. client proof may be characterised as a “Poor Man's Digital
    107. 

  107. Signature” in that it provides a two party proof of identity rather
    108. 

  108. than the third party proof normally expected from a Digital Signature
    109. 

  109. i.e. it is not a non-repudiable proof. Nevertheless, it is believed
    110. 

  110. that generation of the client proof falls under the heading of
    111. 

  111. “Digital Signature Generation” when considering the NIST
    112. 

  112. Guidance.</p>
    113. 

  113. <p class="p2">Continued use of SHA-1 in order to generate the client
    114. 

  114. proof appears to risk leakage of the encryption key used to encrypt
    115. 

  115. “over-the-wire” encryption and which hence also provides peer
    116. 

  116. entity authentication during the lifetime of the connection. This may
    117. 

  117. result in an attacker being able to monitor confidential
    118. 

  118. communication either during the connection or at some later date and
    119. 

  119. this could include leakage of an encryption key used to encrypt the
    120. 

  120. user database, if this is passed from client to server during the
    121. 

  121. connection.</p>
    122. 

  122. <p class="p2">Such an attack is viable if weaknesses in SHA-1 can be
    123. 

  123. exploited to allow a brute force attack on the client proof to be
    124. 

  124. computationally feasible. All parts of the message on which the
    125. 

  125. client proof is based may be known to an attacker with the exception
    126. 

  126. of the shared session key and such an attack would concentrate on
    127. 

  127. revealing this key. If it were possible to reveal the shared session
    128. 

  128. key in real time then additionally a man-in-the-middle attack would
    129. 

  129. be feasible.</p>
    130. 

  130. <p class="p2">The severity of this issue is viewed as Important but
    131. 

  131. not Critical. Users that rely on SRP (using SHA-1)/over the wire
    132. 

  132. encryption to protect confidential communication have a long term
    133. 

  133. risk that the confidentiality of &nbsp;their data may be compromised.
    134. 

  134. The attack may also be mitigated through the use of other procedures
    135. 

  135. to protect communications (e.g. a secure VPN).</p>
    136. 

  136. <p class="p9">The update adds a new directory to the source code tree
    137. 

  137. (src/common/sha2) containing an implementation of the SHA-2 family of
    138. 

  138. message digests derived from the implementation published by Olivier
    139. 

  139. Gay &lt;<a href="mailto:[email protected]">[email protected]</a>&gt;
    140. 

  140. (see https://github.com/ouah/sha2). The following copyright notice is
    141. 

  141. included at the request of the original author and applies to the
    142. 

  142. files in src/common/sha2:</p>
    143. 

  143. <p class="p10" style="margin-bottom: 0.2in">FIPS 180-2
    144. 

  144. SHA-224/256/384/512 implementation</p>
    145. 

  145. <p class="p10" style="margin-bottom: 0.2in">Last update: 02/02/2007</p>
    146. 

  146. <p class="p10" style="margin-bottom: 0.2in">Issue date: &nbsp;04/30/2005</p>
    147. 

  147. <p class="p10" style="margin-bottom: 0.2in">https://github.com/ouah/sha2</p>
    148. 

  148. <p class="p10" style="margin-bottom: 0.2in">&nbsp;</p>
    149. 

  149. <p class="p10" style="margin-bottom: 0.2in">Copyright (C) 2005, 2007
    150. 

  150. Olivier Gay &lt;[email protected]&gt;</p>
    151. 

  151. <p class="p10" style="margin-bottom: 0.2in">All rights reserved.</p>
    152. 

  152. <p class="p10" style="margin-bottom: 0.2in">&nbsp;</p>
    153. 

  153. <p class="p10" style="margin-bottom: 0.2in">Redistribution and use in
    154. 

  154. source and binary forms, with or without</p>
    155. 

  155. <p class="p10" style="margin-bottom: 0.2in">modification, are
    156. 

  156. permitted provided that the following conditions</p>
    157. 

  157. <p class="p10" style="margin-bottom: 0.2in">are met:</p>
    158. 

  158. <p class="p10" style="margin-bottom: 0.2in">1. Redistributions of
    159. 

  159. source code must retain the above copyright</p>
    160. 

  160. <p class="p10" style="margin-bottom: 0.2in">&nbsp; &nbsp;notice, this
    161. 

  161. list of conditions and the following disclaimer.</p>
    162. 

  162. <p class="p10" style="margin-bottom: 0.2in">2. Redistributions in
    163. 

  163. binary form must reproduce the above copyright</p>
    164. 

  164. <p class="p10" style="margin-bottom: 0.2in">&nbsp; &nbsp;notice, this
    165. 

  165. list of conditions and the following disclaimer in the</p>
    166. 

  166. <p class="p10" style="margin-bottom: 0.2in">&nbsp; &nbsp;documentation
    167. 

  167. and/or other materials provided with the distribution.</p>
    168. 

  168. <p class="p10" style="margin-bottom: 0.2in">3. Neither the name of
    169. 

  169. the project nor the names of its contributors</p>
    170. 

  170. <p class="p10" style="margin-bottom: 0.2in">&nbsp; &nbsp;may be used
    171. 

  171. to endorse or promote products derived from this software</p>
    172. 

  172. <p class="p10" style="margin-bottom: 0.2in">&nbsp; &nbsp;without
    173. 

  173. specific prior written permission.</p>
    174. 

  174. <p class="p10" style="margin-bottom: 0.2in">&nbsp;</p>
    175. 

  175. <p class="p10" style="margin-bottom: 0.2in">THIS SOFTWARE IS PROVIDED
    176. 

  176. BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND</p>
    177. 

  177. <p class="p10" style="margin-bottom: 0.2in">ANY EXPRESS OR IMPLIED
    178. 

  178. WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE</p>
    179. 

  179. <p class="p10" style="margin-bottom: 0.2in">IMPLIED WARRANTIES OF
    180. 

  180. MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE</p>
    181. 

  181. <p class="p10" style="margin-bottom: 0.2in">ARE DISCLAIMED. &nbsp;IN
    182. 

  182. NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE</p>
    183. 

  183. <p class="p10" style="margin-bottom: 0.2in">FOR ANY DIRECT, INDIRECT,
    184. 

  184. INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL</p>
    185. 

  185. <p class="p10" style="margin-bottom: 0.2in">DAMAGES (INCLUDING, BUT
    186. 

  186. NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS</p>
    187. 

  187. <p class="p10" style="margin-bottom: 0.2in">OR SERVICES; LOSS OF USE,
    188. 

  188. DATA, OR PROFITS; OR BUSINESS INTERRUPTION)</p>
    189. 

  189. <p class="p10" style="margin-bottom: 0.2in">HOWEVER CAUSED AND ON ANY
    190. 

  190. THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT</p>
    191. 

  191. <p class="p10" style="margin-bottom: 0.2in">LIABILITY, OR TORT
    192. 

  192. (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY</p>
    193. 

  193. <p class="p10" style="margin-bottom: 0.2in">OUT OF THE USE OF THIS
    194. 

  194. SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF</p>
    195. 

  195. <p class="p10" style="margin-bottom: 0.2in">SUCH DAMAGE.</p>
    196. 

  196. </body>
    197. 

  197. </html>
    198.