CHAP logon cheaper than SSL

I have been testing an anti-spam appliance from Barracuda Networks (see links below) and I noticed a technique used in its server logon that I haven’t seen anywhere else, although it turns out that Yahoo uses the same method in some of its logons.

The purpose of this system is to avoid using the HTTPS (Secure HTTP) protocol that you would normally use to ensure that the logon name and password are kept private. This method is a rather clever viable alternative and Barracuda has been kind enough to explain how it does it. Here’s Barracuda’s introduction:

“While all Web browsers have the capability of taking “password” input (data that is masked from the display when entered into the browser), that data is still transmitted to the Web server in unencrypted form using the HTTP protocol.  This allows any third-party to eavesdrop on the network communication and read the password using fairly commonplace techniques as long as the eavesdropper has access to a device on the network segment between the browser and the server (including the browsing computer and the server themselves).

“The most common solution to this issue is the use of the HTTPS protocol.  While very secure, this solution has drawbacks that include monetary expense (certificate purchase), computational expense (additional overhead of establishing [Secure Sockets Layer] sessions and encrypting all data), and administrative overhead (SSL support must be installed/configured on the server). Due to all of these factors, installation and support of HTTPS is often excessive when security requirements only mandate authorization of the user, but not encryption of the data.”

The technique Barracuda uses was, as far as I can determine, implemented by one Paul Johnson who placed it in the public domain as open source under the BSD license. Johnson’s introduction reads:

“First the Web server sends a random variable to the client. The client asks the user for the password and makes the MD5 hash of the random variable and password, and sends this to the server. The server makes the MD5 hash of the random variable and its stored password. If the two hashes match, then the user knew the correct password, and the server allows access. At no point was the password transmitted in the clear. An [eavesdropper] won’t be able to do a replay attack as the server will then expect a different random variable.”

The MD5 or Message Digest algorithm essentially creates a “fingerprint” (called a “hash”) that is unique for any given input string. It is also irreversible – you can’t derive the input string from the fingerprint – which makes it very useful in cryptography.

For those of you who may be saying “that all sounds rather familiar,” this is a version of CHAP (Challenge-Handshake Authentication Protocol) that most of you will be familiar with from the procedure used to log on to an ISP – what we are discussing here is that same technique applied to Web servers.

CHAP logon is a simple and effective technique that might be useful in your Web applications particularly where processing overheads, HTTPS code availability, or cost constraints might make HTTPS unusable.

Drop me a note with “CHAP Authentication Article” in the subject line if you’d like a copy of the Barracuda discussion of the technique. And let me know if you are using this technique or if this is something you might use.