Websydian v6.1 online documentationOnline documentation - Websydian v6.1

Update Passwords in UserManagement Pattern


This document describes how passwords for existing user accounts in applications using the UserManagement pattern are updated after changing the signature routine.

Introduction

The UserManagement pattern keeps track of individual users. Each user account is protected by a password that is signed in the user table using a message digest routine (by default MD2). The signed password is called a password signature.

When a user logs in to an application the UserManagement pattern signs the entered password to a password signature and compares it with the password signature in the user table. If the two signatures do not match the user entered a wrong password and the user is not granted access to the application.

For the above to work the signature routine must have the following characteristics:

  1. It must be difficult to find two different passwords that has the same password signature.
  2. Given a password signature it must be hard to find another password that has the same password signature.

The above characteristics are both fulfilled by the MD2 message digest routine used in Websydian by default. For more information about encryption, message digest functions, and MD2 [AC] is recommended.

For applications using the UserManagement pattern changing the signature routine has the side effect that all existing password signatures are no longer valid. The following sections describes different approaches to this issue.

Update at Login

One solution is to implement functionality that automatically updates the password signature in the user table when users log in. This has the advantage that no user interference is required by the user in order to update the password signature in the user table.

Changes to Model

To implement the 'update at login' solution some changes must be applied to the model. Select the appropriate link below for detailed instructions.

If upgrading to Websydian 4.0 or later apply the changes found in the section Websydian versions 3.0 and 3.1.

Considerations

Consider choosing this solution if the security level of the old signature routine is sufficient for protecting the passwords in the user table.

The table below gives an overview of the pros and cons for this solution.

Pros Cons
The user will never notice any change User table contains a mix of old and new password signatures

Assign New Passwords

Another solution is to assign new passwords to all users in one step. The requirements for doing this are that passwords can be generated automatically and new passwords easily distributed to the end users, e.g. in an e-mail.

Considerations

The table below gives an overview of the pros and cons for this solution.

Pros Cons
All passwords updated in one step A password generator must be constructed
Only minor inconvenience for the user New passwords must be distributed to users
Higher security  

Delete User Accounts

If the user table does not contain any important information and the overhead for a user creating a new user account is acceptable, then all the old user accounts can be set to inactive, and the users informed that their old accounts have been disabled and that they must create a new user account the next time they access the web application.

This solution requires that users are able to create user accounts without any intervention from the web administrator. The pattern UserManagement.Services.WebCreateUserPage has this functionality.

References

[AC] Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition, Bruce Schneier, John Wiley & Sons, 1996.