Opened 8 years ago

Closed 7 years ago

#8 closed defect (fixed)

Security Considerations Issues

Reported by: ynir@… Owned by: draft-ietf-httpauth-mutual@…
Priority: major Milestone:
Component: mutual Version:
Severity: Submitted WG Document Keywords: security salt hash rate-limit
Cc:

Description

Reported by Yaron

16.3, last bullet: salting the password with the user name is much better than plain hashing of the password.

16: the security considerations should mention that the protocol is still vulnerable to active password guessing attacks, and so authentication attempts should be rate limited.

Change History (2)

comment:1 Changed 7 years ago by mlepinski.ietf@…

I am closing this issue. This issue has been addressed in the latest version (see Section 16.2.1).

comment:2 Changed 7 years ago by mlepinski.ietf@…

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.