12

It occurred to me that the WIF FedAuth cookies contain identity information, that if tampered with, could permit someone to assume the identity of another user. Fortunately, WIF does cryptographically Authenticate the message, but I don't understand how this is done.

Community
  • 1
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
  • 1
    Perhaps you should post a reference to the spec? Or even read the spec, and report back on your findings? – D.W. Nov 03 '11 at 06:53
  • @D.W. I thought the FedAuth was a MSFT-only implementation. Is it a WS-* standard? I'll look... – makerofthings7 Nov 03 '11 at 15:15
  • I notice that this was cross-posted at http://social.msdn.microsoft.com/Forums/nl-NL/Geneva/thread/d7e9bceb-13a0-4490-82d7-c64a24cc874c where the answer came back: "It's signed with DPAPI" – Graham Hill Apr 26 '12 at 11:00

1 Answers1

5

Based on the first answer of this link :

This cookie is encrypted and signed with the DPAPI key that is associated with the IIS application pool.

For your information :

DPAPI provides an essential data protection capability that ensures the confidentiality of protected data while allowing recovery of the underlying data in the event of lost or changed passwords. The password-based protection provided by DPAPI is excellent for a number of reasons.

  • It uses proven cryptographic routines, such as the strong Triple-DES algorithm in CBC mode, the strong SHA-1 algorithm, and the PBKDF2 password-based key derivation routine.
  • It uses proven cryptographic constructs to protect data. All critical data is cryptographically integrity protected, and secret data is wrapped by using standard methods.
  • It uses large secret sizes to greatly reduce the possibility of brute-force attacks to compromise the secrets.
  • It uses PBKDF2 with 4000 iterations to increase the work factor of an adversary trying to compromise the password.
  • It sanity checks MasterKey expiration dates.
  • It protects all required network communication with Domain Controllers by using mutually authenticated and privacy protected RPC channels.
  • It minimizes the risk of exposing any secrets, by never writing them to disk and minimizing their exposure in swappable RAM.
  • It requires Administrator privileges to make any modifications to the DPAPI parameters in the registry.
  • It uses Windows File Protection to help protect all critical DLLs from online changes even by processes with Administrator privileges.

Now, for the order between Authentication and Encryption, regarding this documentation, WIF seems to first Encrypt, then Authenticate.

Cyril N.
  • 2,649
  • 2
  • 18
  • 28
  • +1 Funny, the user in the first link `ChrisLamont` is actually me. But thank you for addressing all other aspects of the question. – makerofthings7 May 15 '12 at 15:21
  • Ahahah that's awesome indeed! Does that mean you had the answer long before mine? (you can answer it if you find yours to be more precise, I won't be offended to "loose" the accepted) :) – Cyril N. May 15 '12 at 17:15