1. Ports
  2. Port 1118

Port 1118: SACRED — The credential server that time forgot

Service: SACRED (Securely Available Credentials)
Port: 1118 (TCP/UDP)
Status: Registered with IANA, rarely deployed
Defined in: RFC 3760, RFC 3767

What SACRED Does

SACRED is a protocol for securely retrieving cryptographic credentials from a remote server. The problem it solves: you're at a workstation that has no configuration specific to you—no stored private keys, no certificates, no PKCS #15 structures. You need your credentials. How do you get them without exposing them to attackers?

SACRED's answer: a client-server protocol that lets you authenticate and download your credentials over an encrypted channel, designed specifically to resist dictionary attacks even if someone is eavesdropping or impersonating either end of the connection.12

How It Works

When you connect to a SACRED server on port 1118, the protocol establishes a secure channel using either TLS or DIGEST-MD5 authentication. The server must support both; clients must support at least DIGEST-MD5 and TLS with server authentication.

The actual protocol messages are described in XML and transmitted over BEEP (Blocks Extensible Exchange Protocol). Operations include:

  • Account creation — Setting up a new credential account
  • Credential upload — Storing credentials on the server
  • Credential download — Retrieving credentials to a workstation
  • Credential deletion — Removing stored credentials

Each operation has specific security requirements. Some require mutual authentication. Some require confidentiality and integrity protection. The protocol was designed with the assumption that attackers might be watching the wire or impersonating endpoints.2

The Problem SACRED Tried to Solve

In the early 2000s, cryptographic credentials were becoming essential—but also becoming a burden. Every device needed its own keys. Traveling meant carrying credentials on diskettes or USB drives. Using a friend's computer meant either going without your credentials or risking exposure.

SACRED proposed credential mobility: store your credentials on a server, retrieve them when needed from any trusted workstation. The protocol was careful about this. Credentials are sensitive—private keys, certificates, application data that should never be transmitted or stored in the clear.1

RFC 3760 (the framework) and RFC 3767 (the protocol) were published in 2004. They were technically sound. They addressed real security concerns. And then the world moved on.

Why You've Never Heard of It

SACRED arrived at an inflection point. The same year it was standardized, Firefox 1.0 launched with built-in password management. Within a few years, cloud services would offer seamless credential synchronization. Within a decade, password managers like 1Password and LastPass would make credential mobility feel effortless.

The problem SACRED solved was real. The solution was technically correct. But the path the world actually took—cloud-based synchronization, browser-integrated password managers, hardware security keys—rendered SACRED's approach unnecessary before it could gain traction.

Port 1118 still exists in the IANA registry. SACRED servers are theoretically possible. But in practice, this port carries almost nothing. It's a monument to a future that arrived differently than anyone expected.

Security Considerations

If you encounter port 1118 open on a network, it's unusual enough to warrant investigation. Legitimate SACRED deployments are rare. An open port 1118 might indicate:

  • A legacy system running outdated credential management software
  • A research or academic implementation
  • A misconfiguration or probing attempt

The protocol itself was designed with strong security requirements—resistance to dictionary attacks, support for TLS and DIGEST-MD5, careful handling of sensitive credential data. But an open port running an obscure protocol is always worth examining.

Checking What's Listening

To see if anything is listening on port 1118:

# On Linux/macOS
sudo lsof -i :1118

# On Windows
netstat -ano | findstr :1118

# Check if a remote host has port 1118 open
nmap -p 1118 example.com

If you find something listening, it's worth investigating what it actually is. SACRED implementations are rare enough that any active service deserves scrutiny.

Related Ports

  • Port 389 — LDAP, which is sometimes used for directory-based credential management
  • Port 636 — LDAPS (LDAP over TLS), secure directory access
  • Port 1812 — RADIUS, another approach to centralized authentication

The Bigger Picture

Port 1118 represents something important about protocol design: being technically correct isn't enough. SACRED addressed real security concerns with a well-designed protocol. But it was solving a problem that cloud services and password managers would soon solve more seamlessly.

The port still exists. The RFCs are still published. The problem of credential mobility is still real—we just solved it differently. Every time you sync passwords across devices or retrieve credentials from a password manager, you're solving the problem SACRED was designed for. Just not the way RFC 3760 imagined.

前へ

Port 1117: ARDUS Multicast Transfer — The ghost in the registry

次へ

Port 1119: Battle.net — The port that made online gaming free

このページは役に立ちましたか?

😔
🤨
😃