Startseite Erkunden Hilfe
Anmelden
FirebirdDB
/
firebird
Mirror von https://github.com/FirebirdSQL/firebird.git
2
0
Fork 0
Dateien Issues 0 Wiki
Branch: work/gh-8120
Branches Tags
firebird
/
doc
/
README.SecureRemotePassword.html

README.SecureRemotePassword.html 11 KB
Permalink Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195 
  1. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
    2. 

  2. <html>
    3. 

  3. <head>
    4. 

  4. 	<meta http-equiv="content-type" content="text/html; charset=utf-8"/>
    5. 

  5. 	<title>Make firebird's SRP implementation current NIST guidance compliant</title>
    6. 

  6. 	<meta name="generator" content="LibreOffice 5.1.6.2 (Linux)"/>
    7. 

  7. 	<meta name="created" content="00:00:00"/>
    8. 

  8. 	<meta name="changed" content="2018-06-21T14:25:04.182337599"/>
    9. 

  9. 	<meta name="DCTERMS.issued" content="2018-04-09T10:14:20.507318741"/>
    10. 

  10. 	<meta name="DCTERMS.language" content="en-US"/>
    11. 

  11. 	<meta name="DCTERMS.modified" content="2018-04-09T10:14:29.569131327"/>
    12. 

  12. 	<meta name="DCTERMS.provenance" content=""/>
    13. 

  13. 	<meta name="DCTERMS.source" content="http://xml.openoffice.org/odf2xhtml"/>
    14. 

  14. 	<meta name="DCTERMS.subject" content=","/>
    15. 

  15. 	<meta name="DCTERMS.title" content=""/>
    16. 

  16. 	<style type="text/css">
    17. 

  17. 		p { margin-left: 0.79in; margin-right: 0.79in; color: #000000 }
    18. 

  18. 		td p { margin-left: 0.79in; margin-right: 0.79in; color: #000000; font-size: 12pt }
    19. 

  19. 		h1 { margin-left: 0.79in; margin-right: 0.79in; color: #000000 }
    20. 

  20. 		h2 { margin-left: 0.79in; margin-right: 0.79in; color: #000000 }
    21. 

  21. 		h2.cjk { font-family: "Noto Sans CJK SC Regular" }
    22. 

  22. 		h2.ctl { font-family: "FreeSans" }
    23. 

  23. 		p.p1 { margin-bottom: 0.1in; font-family: "Liberation Serif"; font-size: 12pt; line-height: 120% }
    24. 

  24. 		p.p4 { margin-bottom: 0.1in; font-family: "Liberation Serif"; font-size: 12pt; line-height: 120% }
    25. 

  25. 		td p.p6 { margin-bottom: 0.1in; font-family: "Liberation Serif"; font-size: 12pt; line-height: 120% }
    26. 

  26. 		p.p5 { margin-bottom: 0.1in; font-family: "Liberation Serif"; font-size: 12pt; line-height: 120% }
    27. 

  27. 		p.p7 { margin-bottom: 0.1in; font-family: "Liberation Serif"; font-size: 12pt; line-height: 120% }
    28. 

  28. 		p.p2 { margin-bottom: 0.1in; font-family: "Liberation Serif"; font-size: 12pt; line-height: 120% }
    29. 

  29. 		p.p9 { margin-bottom: 0.1in; font-family: "Liberation Serif"; font-size: 12pt; line-height: 120% }
    30. 

  30. 		p.p10 { margin-bottom: 0in; font-family: "Liberation Serif"; font-size: 12pt; line-height: 120% }
    31. 

  31. 	</style>
    32. 

  32. </head>
    33. 

  33. <body lang="en-US" text="#000000" dir="ltr">
    34. 

  34. </p>
    35. 

  35. <h1><a name="a__Replacement_of_use_of_SHA-1_in_the_SRP_Client_Proof_with_a_SHA-2_Message_Digest"></a>
    36. 

  36. Replacement of use of SHA-1 in the SRP Client Proof with a SHA-2
    37. 

  37. Message Digest</h1>
    38. 

  38. <p class="p1">The Firebird implementation of the Secure Remote
    39. 

  39. Protocol (SRP) for password based user authentication has been
    40. 

  40. updated following a security review of the original Firebird SRP-6a
    41. 

  41. implementation taking into account current NIST guidance on the use
    42. 

  42. of SHA-1 – see NIST Special Publication 800-131A, Revision 1,
    43. 

  43. Transitions: Recommendation for Transitioning the Use of
    44. 

  44. Cryptographic Algorithms and Key Lengths
    45. 

  45. (<a href="http://dx.doi.org/10.6028/NIST.SP.800-131Ar1">http://dx.doi.org/10.6028/NIST.SP.800-131Ar1</a>)
    46. 

  46. chapter 9. This guidance disallows the general use of SHA-1 for
    47. 

  47. “Digital Signature Generation” whilst permitting continued use
    48. 

  48. for “Digital Signature Verification”. The background to making
    49. 

  49. this change is given below.</p>
    50. 

  50. <p class="p4">By default, the SHA-256 message digest is now used
    51. 

  51. instead of SHA-1 for generating the Client Proof. Alternatively,
    52. 

  52. SHA-1 (deprecated and for legacy use only) may be used for the Client
    53. 

  53. Proof. Separate AuthServer and AuthClient plugins are available for
    54. 

  54. each supported message digest, with the following names:</p>
    55. 

  55. <table cellpadding="1" cellspacing="4">
    56. 

  56. 	<tr>
    57. 

  57. 		<td>
    58. 

  58. 			<p align="left">Srp</p>
    59. 

  59. 		</td>
    60. 

  60. 		<td>
    61. 

  61. 			<p align="left">SHA-1 Client Proof</p>
    62. 

  62. 		</td>
    63. 

  63. 	</tr>
    64. 

  64. 	<tr>
    65. 

  65. 		<td>
    66. 

  66. 			<p align="left">Srp256</p>
    67. 

  67. 		</td>
    68. 

  68. 		<td>
    69. 

  69. 			<p align="left">SHA-256 Client Proof</p>
    70. 

  70. 		</td>
    71. 

  71. 	</tr>
    72. 

  72. </table>
    73. 

  73. <p class="p5">Both client and server must have an SRP authentication
    74. 

  74. plugin in common in order to enable successfully authentication of a
    75. 

  75. user's password. 
    76. 

  76. </p>
    77. 

  77. <p class="p5">There is no change to the SRP User Manager. This is
    78. 

  78. still called (“Srp”) and the User Manager and the security
    79. 

  79. database are not affected by the choice of message digest used to
    80. 

  80. compute the client proof.</p>
    81. 

  81. <p class="p4">The “firebird.conf” default configuration file
    82. 

  82. entries for AuthServer and AuthClient are now:</p>
    83. 

  83. <p class="p4">AuthServer = Srp256<br/>
    84. 

  84. AuthClient = Srp256, Srp,
    85. 

  85. Legacy_Auth (Non -windows clients)<br/>
    86. 

  86. AuthClient = Srp256, Srp,
    87. 

  87. Win_Sspi, Legacy_Auth (windows clients)</p>
    88. 

  88. <p class="p4">With these settings, a Firebird Server is using Srp256
    89. 

  89. to authenticate a client using SHA-256 to compute the client proof
    90. 

  90. and is thus compatible with Firebird 3.0.4 or newer clients. On the
    91. 

  91. other hand, a Firebird client will authenticate the user with any
    92. 

  92. server version down to at least 2.5.</p>
    93. 

  93. <p class="p7">A deployment where both client and servers support the
    94. 

  94. legacy Srp (using SHA-1) and one or more of the SHA-2 authentication
    95. 

  95. plugins (e.g. Srp256) should be avoided. This is because an attacker
    96. 

  96. might be able to disrupt the Srp256 authentication thereby forcing
    97. 

  97. Firebird to use the weaker Srp SHA-1 client proof without the user
    98. 

  98. being aware.</p>
    99. 

  99. <h2 class="western"><a name="a__REASON_FOR_CHANGE"></a>REASON FOR
    100. 

  100. CHANGE</h2>
    101. 

  101. <p class="p1">Review of the Firebird SRP implementation appears to
    102. 

  102. indicate that most uses of SHA-1 continue to be permitted under NIST
    103. 

  103. guidance except for its use in generating the client proof. The SRP
    104. 

  104. client proof may be characterised as a “Poor Man's Digital
    105. 

  105. Signature” in that it provides a two party proof of identity rather
    106. 

  106. than the third party proof normally expected from a Digital Signature
    107. 

  107. i.e. it is not a non-repudiable proof. Nevertheless, it is believed
    108. 

  108. that generation of the client proof falls under the heading of
    109. 

  109. “Digital Signature Generation” when considering the NIST
    110. 

  110. Guidance.</p>
    111. 

  111. <p class="p2">Continued use of SHA-1 in order to generate the client
    112. 

  112. proof appears to risk leakage of the encryption key used to encrypt
    113. 

  113. “over-the-wire” encryption and which hence also provides peer
    114. 

  114. entity authentication during the lifetime of the connection. This may
    115. 

  115. result in an attacker being able to monitor confidential
    116. 

  116. communication either during the connection or at some later date and
    117. 

  117. this could include leakage of an encryption key used to encrypt the
    118. 

  118. user database, if this is passed from client to server during the
    119. 

  119. connection.</p>
    120. 

  120. <p class="p2">Such an attack is viable if weaknesses in SHA-1 can be
    121. 

  121. exploited to allow a brute force attack on the client proof to be
    122. 

  122. computationally feasible. All parts of the message on which the
    123. 

  123. client proof is based may be known to an attacker with the exception
    124. 

  124. of the shared session key and such an attack would concentrate on
    125. 

  125. revealing this key. If it were possible to reveal the shared session
    126. 

  126. key in real time then additionally a man-in-the-middle attack would
    127. 

  127. be feasible.</p>
    128. 

  128. <p class="p2">The severity of this issue is viewed as Important but
    129. 

  129. not Critical. Users that rely on SRP (using SHA-1)/over the wire
    130. 

  130. encryption to protect confidential communication have a long term
    131. 

  131. risk that the confidentiality of &nbsp;their data may be compromised.
    132. 

  132. The attack may also be mitigated through the use of other procedures
    133. 

  133. to protect communications (e.g. a secure VPN).</p>
    134. 

  134. <p class="p9">The update adds a new directory to the source code tree
    135. 

  135. (src/common/sha2) containing an implementation of the SHA-2 family of
    136. 

  136. message digests derived from the implementation published by Olivier
    137. 

  137. Gay &lt;<a href="mailto:[email protected]">[email protected]</a>&gt;
    138. 

  138. (see https://github.com/ouah/sha2). The following copyright notice is
    139. 

  139. included at the request of the original author and applies to the
    140. 

  140. files in src/common/sha2:</p>
    141. 

  141. <p class="p10" style="margin-bottom: 0.2in">FIPS 180-2
    142. 

  142. SHA-224/256/384/512 implementation</p>
    143. 

  143. <p class="p10" style="margin-bottom: 0.2in">Last update: 02/02/2007</p>
    144. 

  144. <p class="p10" style="margin-bottom: 0.2in">Issue date: &nbsp;04/30/2005</p>
    145. 

  145. <p class="p10" style="margin-bottom: 0.2in">https://github.com/ouah/sha2</p>
    146. 

  146. <p class="p10" style="margin-bottom: 0.2in">&nbsp;</p>
    147. 

  147. <p class="p10" style="margin-bottom: 0.2in">Copyright (C) 2005, 2007
    148. 

  148. Olivier Gay &lt;[email protected]&gt;</p>
    149. 

  149. <p class="p10" style="margin-bottom: 0.2in">All rights reserved.</p>
    150. 

  150. <p class="p10" style="margin-bottom: 0.2in">&nbsp;</p>
    151. 

  151. <p class="p10" style="margin-bottom: 0.2in">Redistribution and use in
    152. 

  152. source and binary forms, with or without</p>
    153. 

  153. <p class="p10" style="margin-bottom: 0.2in">modification, are
    154. 

  154. permitted provided that the following conditions</p>
    155. 

  155. <p class="p10" style="margin-bottom: 0.2in">are met:</p>
    156. 

  156. <p class="p10" style="margin-bottom: 0.2in">1. Redistributions of
    157. 

  157. source code must retain the above copyright</p>
    158. 

  158. <p class="p10" style="margin-bottom: 0.2in">&nbsp; &nbsp;notice, this
    159. 

  159. list of conditions and the following disclaimer.</p>
    160. 

  160. <p class="p10" style="margin-bottom: 0.2in">2. Redistributions in
    161. 

  161. binary form must reproduce the above copyright</p>
    162. 

  162. <p class="p10" style="margin-bottom: 0.2in">&nbsp; &nbsp;notice, this
    163. 

  163. list of conditions and the following disclaimer in the</p>
    164. 

  164. <p class="p10" style="margin-bottom: 0.2in">&nbsp; &nbsp;documentation
    165. 

  165. and/or other materials provided with the distribution.</p>
    166. 

  166. <p class="p10" style="margin-bottom: 0.2in">3. Neither the name of
    167. 

  167. the project nor the names of its contributors</p>
    168. 

  168. <p class="p10" style="margin-bottom: 0.2in">&nbsp; &nbsp;may be used
    169. 

  169. to endorse or promote products derived from this software</p>
    170. 

  170. <p class="p10" style="margin-bottom: 0.2in">&nbsp; &nbsp;without
    171. 

  171. specific prior written permission.</p>
    172. 

  172. <p class="p10" style="margin-bottom: 0.2in">&nbsp;</p>
    173. 

  173. <p class="p10" style="margin-bottom: 0.2in">THIS SOFTWARE IS PROVIDED
    174. 

  174. BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND</p>
    175. 

  175. <p class="p10" style="margin-bottom: 0.2in">ANY EXPRESS OR IMPLIED
    176. 

  176. WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE</p>
    177. 

  177. <p class="p10" style="margin-bottom: 0.2in">IMPLIED WARRANTIES OF
    178. 

  178. MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE</p>
    179. 

  179. <p class="p10" style="margin-bottom: 0.2in">ARE DISCLAIMED. &nbsp;IN
    180. 

  180. NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE</p>
    181. 

  181. <p class="p10" style="margin-bottom: 0.2in">FOR ANY DIRECT, INDIRECT,
    182. 

  182. INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL</p>
    183. 

  183. <p class="p10" style="margin-bottom: 0.2in">DAMAGES (INCLUDING, BUT
    184. 

  184. NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS</p>
    185. 

  185. <p class="p10" style="margin-bottom: 0.2in">OR SERVICES; LOSS OF USE,
    186. 

  186. DATA, OR PROFITS; OR BUSINESS INTERRUPTION)</p>
    187. 

  187. <p class="p10" style="margin-bottom: 0.2in">HOWEVER CAUSED AND ON ANY
    188. 

  188. THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT</p>
    189. 

  189. <p class="p10" style="margin-bottom: 0.2in">LIABILITY, OR TORT
    190. 

  190. (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY</p>
    191. 

  191. <p class="p10" style="margin-bottom: 0.2in">OUT OF THE USE OF THIS
    192. 

  192. SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF</p>
    193. 

  193. <p class="p10" style="margin-bottom: 0.2in">SUCH DAMAGE.</p>
    194. 

  194. </body>
    195. 

  195. </html>
    196.