Re: shared secret vulnerability

[Joshua Wright <jwright@hasborg.com>]

Paul Funk wrote:
> The idea is that you take an ordinary secret, hash it many times,
> and get a resulting "amplified" shared secret that multiplies the
> difficulty of attack by the number of times it has been hashed. The
> draft suggests 0x100000 (~ one million) iterations, adding 2 ^ 20
> bits of effective entropy to the secret.

While I believe this algorithm is effective at adding entropy to a 
password such as the RADIUS secret, it does not resolve the issue of a 
widespread shared secret distributed throughout an organization. Without 
a mechanism in place to regularly change the secret, the use of shared 
secrets in this fashion is reminiscent of WEP pre-shared keys. As most 
people are painfully aware, shared secret do not stay secretive.

That being said, I like Paul's idea for effectively adding entropy to 
the shared secret that will prolong a brute-force attack.  However, I do 
not believe that this is effective at resolving weak authentication 
between the RADIUS authentication server and NAS.

-Joshua Wright
jwright@sans.org or
jwright@hasborg.com

--
-Joshua Wright
jwright@hasborg.com
http://home.jwu.edu/jwright/

pgpkey: http://home.jwu.edu/jwright/pgpkey.htm
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>