Improving OpenIDs use of cryptography 1 - using a MAC
paul at ciphergoth.org
Thu Jun 2 01:19:45 PDT 2005
Brad Fitzpatrick wrote:
> Ignoring snooping (which we've already agreed is unlikely), how do you get
> the shared secret from identity server to consumer? Obviously not through
> an HTTP redirect, because then the user and WiFi is involved. It can't be
> a publicly accessible URL on the ID server that the consmer can GET,
> otherwise anybody could get it.
Ah, but it can! Sorry I haven't made this clear already. It's very
simple: the server generates a new secret every time it's asked for one.
The exchange is like:
Consumer -> Server: give me an HMAC-SHA1 secret for OpenID
Server -> Consumer: OK, your secret 2005-06-02/1827263 is
7750a34fa7ab26b5e... which expires 2005-06-03T04:53:14
The server will never reveal that secret again. If the consumer forgets
it, they'll just get a new secret and use that.
Then when the consumer wants someone identified, it'll specify
openid.auth_with=2005-06-02/1827263 which identifies the MAC secret to use.
The clever bit is that the server doesn't have to store lots of secrets.
It stores a secret per day. When it wants to find out MAC secret
2005-06-02/1827263, it looks up secret 2005-06-02, and hashes it
together with 1827263 to generate 7750a34fa7ab26b5e... the expiry time
is the expiry time of secret 2005-06-02. In practice different
lifetimes might be appropriate, but we can tweak that later.
\/ o\ Paul Crowley, paul at ciphergoth.org
More information about the yadis