[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

shared secret vulnerability

To: radiusext@ops.ietf.org
Subject: shared secret vulnerability
From: Paul Funk <paul@funk.com>
Date: Mon, 02 Aug 2004 13:11:10 -0400
Cc: rchou@arubanetworks.com,merv@arubanetworks.com,jwright@sans.org, Bernard Aboba <aboba@internaut.com>

To further the discussion of shared secret vulnerability brought
up in radius_vuln_00.txt, here is a proposal for using PKCS-5
to create shared secrets with enhanced resistance to dictionary
attack.

The idea is that you take an ordinary secret, hash it many times,
and get a resulting "amplified" shared secret that multiplies the
difficulty of attack by the number of times it has been hashed. The
draft suggests 0x100000 (~ one million) iterations, adding 2 ^ 20
bits of effective entropy to the secret.

The draft can be found at:
http://www.funk.com/documents/draft-funk-radiusext-shared-secret-amp-00.txt

A demo of shared secret amplification can be found at:
http://www.funk.com/passwordamplifier

Here is the abstract:

   This draft describes how a mechanism defined in [PKCS-5] can be used
   to amplify the security of a RADIUS shared secret; namely, that a
   precursor secret is hashed many times to produce an amplified shared
   secret for use in RADIUS.

   A dictionary attack against the resulting shared secret will be
   infeasible due to its high entropy. A dictionary attack against the
   precursor secret will require the attacker to apply the same hashing
   process to each candidate precursor secret to derive a candidate
   RADIUS shared secret, prior to applying it to the RADIUS packet.

   This approach allows administrators to use the same types of secrets
   that they are comfortable with as precursor secrets. The algorithm
   to generate the amplified shared secret is deterministic, so the
   precursor shared secret is all that needs to be remembered.

   Unlike approaches that require changes to RADIUS servers and
   clients, the amplification approach is compatible with all current
   equipment. It is simply a means to generate a shared secret, which
   then may be configured in the NAS or RADIUS server just as any
   shared secret would be. For example, a simple utility can accept the
   precursor secret, amplify it, and present it to the administrator,
   who may copy and paste it into the configuration application of a
   RADIUS server or NAS.

Paul


Paul Funk
Funk Software, Inc.
617 497-6339
paul@funk.com


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: shared secret vulnerability
  - From: Joshua Wright <jwright@hasborg.com>
- Re: shared secret vulnerability
  - From: "Randy Chou" <rchou@arubanetworks.com>

Prev by Date: REMINDER: Slides needed!
Next by Date: Re: shared secret vulnerability
Previous by thread: REMINDER: Slides needed!
Next by thread: Re: shared secret vulnerability
Index(es):
- Date
- Thread