django-secure-js-login 0.1.0

JavaScript Challenge-handshake authentication django app

JavaScript Challenge-handshake authentication django app.

First: The JS-SHA1-Login is not a simple “send username + SHA(password)” It is more a Challenge-handshake authentication protocol!

TODO:

• code cleanup

• cleanup templates

• fix “next_url” and all links in example project

• add unittests for using old challange value again

• add unittests for using old cnonce value again

The procedure:

Save a new user password:

client browser / JavaScript part:

#. user input a password

1. init_pbkdf2_salt = SHA1(random data)

2. pbkdf2_hash = pbkdf2("Plain Password", salt=init_pbkdf2_salt)

3. Client send init_pbkdf2_salt and pbkdf2_hash to the server

Server part:

1. Server split pbkdf2_hash into: first_pbkdf2_part and second_pbkdf2_part

2. encrypted_part = xor_encrypt(first_pbkdf2_part, key=second_pbkdf2_part)

3. Save only encrypted_part and given init_pbkdf2_salt from client

Login - client browser / JavaScript part:

1. Use request login

2. server send html login form with a random server_challenge value

3. User enters his username and password

4. Ajax Request the init_pbkdf2_salt from server with the given username

5. generate the auth data:

   1. pbkdf2_temp_hash = pbkdf2("Plain Password", init_pbkdf2_salt)

   2. split pbkdf2_temp_hash into first_pbkdf2_part and second_pbkdf2_part

   3. cnonce = SHA1(random data)

   4. pbkdf2_hash = pbkdf2(first_pbkdf2_part, salt=cnonce + server_challenge)

6. send pbkdf2_hash, second_pbkdf2_part and cnonce to the server

validation on the server

1. client POST data: pbkdf2_hash, second_pbkdf2_part and cnonce

2. get transmitted server_challenge value from session

3. get encrypted_part and salt from database via given username

4. first_pbkdf2_part = xor_decrypt(encrypted_part, key=second_pbkdf2_part)

5. test_hash = pbkdf2(first_pbkdf2_part, key=cnonce + server_challenge)

6. compare test_hash with transmitted pbkdf2_hash

secure?

JS-SHA1 Login is not really secure in comparison to https! e.g. the client can’t validate if he really communicate with the server or with a Man-in-the-middle. JS-SHA1-Login does not protect you against an Session Hijacking

However the used procedure is safer than plain-text authentication. In addition, on the server no plain-text passwords are stored. With the data that are stored on the server, can not be used alone.

If you have https, you can combine it with JS-SHA1 login, similar to combine a digest auth with https.

More information: Warum JS-SHA-Login Sinn macht… (german only, sorry)

why?

Many, if not even all CMS/wiki/forum, used unsecure Login. User name and password send in plaintext over the Internet. A reliable solution offers only https.

The Problem: No Provider offers secured HTTP connection for little money :( We have been thinking, how can we still accomplish a secure authentication.

alternative solutions

• Digest access authentication (implementation in django exist: django-digest):

  • pro

    • Browser implemented it, so no additional JavaScript needed

  • cons

    • Password hash must be saved on the server, without any salt! The hash can be used for login, because: hash = MD5(username:realm:password)

    • used old MD5 hash

Used JavaScript Implementations

• SHA1 - JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined in FIPS 180-1

  • http://pajhome.org.uk/crypt/md5/sha1.html

  • Implemented by Paul Johnston

  • Distributed under the BSD License

  • Stored under: secure_js_login/static/secure_js_login/sha.js

• PBKDF2 - JavaScript implementation of Password-Based Key Derivation Function 2 as defined in RFC 2898

  • http://anandam.name/pbkdf2/

  • Implemented by Parvez Anandam

  • Distributed under the BSD license

  • Stored under: secure_js_login/static/secure_js_login/pbkdf2.js

Links

• SHA1 JavaScript implementation by Paul Johnston (BSD License)

• Python-Forum Threads (de):

  • Digest auth als Alternative? (03.2010)

  • Sinn oder Unsinn des PyLucids JS-SHA1-Login… (12.2006)

  • Wie Session-Hijacking verhindern? (12.2006)

  • html-LogIn: Passwort mit SHA1 (06.2005)

• Diskussion auf de.comp.lang.python (08.2006)