[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
shared secret vulnerability
To further the discussion of shared secret vulnerability brought
up in radius_vuln_00.txt, here is a proposal for using PKCS-5
to create shared secrets with enhanced resistance to dictionary
The idea is that you take an ordinary secret, hash it many times,
and get a resulting "amplified" shared secret that multiplies the
difficulty of attack by the number of times it has been hashed. The
draft suggests 0x100000 (~ one million) iterations, adding 2 ^ 20
bits of effective entropy to the secret.
The draft can be found at:
A demo of shared secret amplification can be found at:
Here is the abstract:
This draft describes how a mechanism defined in [PKCS-5] can be used
to amplify the security of a RADIUS shared secret; namely, that a
precursor secret is hashed many times to produce an amplified shared
secret for use in RADIUS.
A dictionary attack against the resulting shared secret will be
infeasible due to its high entropy. A dictionary attack against the
precursor secret will require the attacker to apply the same hashing
process to each candidate precursor secret to derive a candidate
RADIUS shared secret, prior to applying it to the RADIUS packet.
This approach allows administrators to use the same types of secrets
that they are comfortable with as precursor secrets. The algorithm
to generate the amplified shared secret is deterministic, so the
precursor shared secret is all that needs to be remembered.
Unlike approaches that require changes to RADIUS servers and
clients, the amplification approach is compatible with all current
equipment. It is simply a means to generate a shared secret, which
then may be configured in the NAS or RADIUS server just as any
shared secret would be. For example, a simple utility can accept the
precursor secret, amplify it, and present it to the administrator,
who may copy and paste it into the configuration application of a
RADIUS server or NAS.
Funk Software, Inc.
to unsubscribe send a message to firstname.lastname@example.org with
the word 'unsubscribe' in a single line as the message text body.