Some more on user- authentication

A web-page which requires that the user be logged-in Page is here: User's login status is verified by sending a cookie <?php if ($_COOKIE["loginCookie"]) {?> This is secured content You can only see this content because you are logged in <?php } else {?> Access forbidden You cannot see secure content unless you are logged in. Login <?php } ?>

When user tries to see this page without being logged-in:

Suppose user clicks Login hotlink:

Suppose required username is bob and required password is dylan. Suppose user logs in correctly

User is told he has logged-in correctly and can now click on a link to go to the desired page

Suppose user clicks on link to front page He can now see the secured content

The login.php program In this simple program, only one user- name and password are accepted In reality, –there would be a database of user-names and passwords –different users would have different login cookies

The login.php program <?php ob_start(); if ((!$_POST["userName"]) || (!$_POST["password"])) {?> "> User name: Password: Login <?php } else {$userName=$_POST["userName"]; $password=$_POST["password"]; if (($userName=='bob') && ($password=='dylan')) {setcookie("loginCookie","$userName",time()+3600); ?> You are logged in for 60 minutes Click here for front page <?php } else {?> Incorrect username or password <?php } ob_end_flush(); ?>

What the cookie looks like in the cookie jar:

Danger with previous scheme Users' passwords are sent in the clear Somebody sniffing packets on the internet could steal a user's password Indeed, somebody could forge a cookie

Protecting passwords First, we will address the issue of protecting passwords Later, we will address the issue of protecting cookies

Encrypting passwords To avoid theft of passwords, we could require that, when they are sent over the internet, they are passed in encrypted form One commonly-user encryption technique is called MD5 We could send the MD5 encryptions of passwords over the internet For this, the login page would have to use MD5

MD5 MD5 is a hashing algorithm developed in 1991, when its predecessor, MD4, was found to be insecure In 1996, a flaw was found with the design of MD5; While it was not a clearly fatal weakness, cryptographers began to recommend using other algorithms, such as SHA-1 –recent claims suggest that SHA-1 has been broken, however) In 2004, more serious flaws were discovered making further use of the MD5 algorithm for security purposes questionable At present, however, MD5 is still widely used But expect it to be replaced in the near future

MD5 continued MD5 takes a string and returns a 128-bit hash value which is derived from the string Usually, these 128 bits are represented as 32 hex-digits MD5("The quick brown fox jumps over the lazy dog") = 9e107d9d372bb6826bd81d3542a419d6 Even a small change in the message will (with overwhelming probability) result in a completely different hash For example changing d to c in the above message produces MD5("The quick brown fox jumps over the lazy cog") = 1055d3e698d289f2af bd4b

Implementations of MD5 PHP –an implementation of MD5 is provided in the PHP library of string functions: string md5 ( string str ) Javascript: –no implementation of MD5 is built into the language; –however, an implementation is available in this file The function is called string hex_md5( string str )

login2.php (part 1) function encodePassword() {loginForm.password.value=hex_md5(loginForm.password.value); } <?php if ( (!$_POST["userName"]) || (!$_POST["password"]) ) {?> " > User name: Password: Login <?php }

login2.php (part 2) else {$userName=$_POST["userName"]; $password=$_POST["password"]; if ( ($userName=="bob") && ( $password== md5("dylan") ) ) { setcookie("loginCookie","bob",time()+3600); ?> You are logged in for 60 minutes Click here for front page <?php } else {?>Incorrect login <?php } } ob_end_flush(); ?>

This is better, but... Somebody who is sniffing packets could simply steal the MD5-encrypted password and use that

dec 2005

Make theft pointless There will always be packet-sniffing thieves The only defence against them is to make what they can steal worthless to them We can do this by making encoded passwords valid for only a short time We do this by using a nonce-word in such messages –a nonce word is 'a word coined and used only for a particular occasion'

login3.php (part 1) function encodePassword() {loginForm.password.value= hex_md5(loginForm.password.value+loginForm.nonceWord.value); } <?php if ( (!$_POST["userName"]) || (!$_POST["password"]) ) {$now=getdate(); $now=$now["year"].$now["month"].$now["mday"].$now["hours"].$now["minutes"]; $nonceWord=md5("someSecretWord".$now); ?><form name=loginForm method="post" action=" "> "> User name: Password: Login <?php }

login3.php (part 2) else { $userName=$_POST["userName"]; $password=$_POST["password"]; $nonceWord=$_POST["nonceWord"]; if ( ($userName=="bob") && ($password== md5("dylan".$nonceWord)) ) { setcookie("loginCookie","bob",time()+3600); ?> You are logged in for 60 minutes Click here for front page <?php } else {?>Incorrect login <?php } } ob_end_flush(); ?>

Can't someone just steal the nonce-word as well as the encrypted password ? Yes, but... The trick is to impose a time-limit on the acceptability of each nonce-word

login4.php (part 1) function encodePassword() {loginForm.password.value= hex_md5(loginForm.password.value+loginForm.nonceWord.value); } <?php function fresh($nonceWord) {$now=getdate(); $now=$now["year"].$now["month"].$now["mday"].$now["hours"].$now["minutes"]; $currentNonceWord=md5("someSecretWord".$now); if ($nonceWord == $currentNonceWord) { return 1; } else { return false; } }

login4.php (part 2) if ( (!$_POST["userName"]) || (!$_POST["password"]) ) {$now=getdate(); $now=$now["year"].$now["month"].$now["mday"].$now["hours"].$now["minutes"]; $nonceWord=md5("someSecretWord".$now); ?> <form name=loginForm method="post" action=" "> "> You have one minute to login User name: Password: <button type=button onClick="encodePassword();loginForm.submit();">Login <?php }

login4.php (part 3) else {$userName=$_POST["userName"]; $password=$_POST["password"]; $nonceWord=$_POST["nonceWord"]; if (fresh($nonceWord)) { if ( ($userName=="bob") && ($password== md5("dylan".$nonceWord)) ) { setcookie("loginCookie","bob",time()+3600); ?> You are logged in for 60 minutes Click here for front page <?php } else {?>Incorrect login <?php } } else {?> Unacceptable delay You took too long to fill in the login form ">Try again <?php } } ob_end_flush();?>

Login form produced by login4.php

User completes, within 1 minute, the form produced by login4.php

Because he filled form in correctly and quickly, user's credentials are accepted

A different, slower, user

He fills in form correctly, but too slowly

User's credentials are not accepted because the nonce word had become stale

But, couldn't someone just steal the cookie? Yes, but similarly MD5 encryption and nonce-words can be used to reduce the usefulness of stealing cookies However, at this stage, it might be worthwhile considering the use of SSL

Back to HTTP user- authentication

What’s wrong with Basic authentication? Basic authentication is insecure The username and password are sent unencrypted across the internet Anybody who is “sniffing” packets can steal this information

Digest Authentication In this technique, the password is never sent “in the clear” It is always sent in an encrypted form At present, the form of encryption used is called MD5 The technique is similar to that which we have just seen used in our home-made login system