Re: Issue with SIP - Need for Message-Authenticator

[Barney Wolff <barney@databus.com>]

On Thu, Aug 26, 2004 at 10:00:55AM -0700, Joseph Salowey wrote:
> > 
> > Note that Message-Authenticator is based on HMAC-MD5.  Recent
> > research has demonstrated collisions in MD5 (though not in
> > HMAC-MD5), so that it may make sense to define a new
> > attribute that uses a more highly regarded algorithm, such as
> > HMAC-SHA1. 
> 
> [Joe] See
> http://www.ietf.org/internet-drafts/draft-zorn-radius-keywrap-01.txt, this
> defines an attribute that can SHA for message authentication.  

As I read the chatter on the crypto list, it's premature to assume that
SHA-1 will survive better than MD5, although it probably will.  Arguments
have been made that HMAC-MD5 will not fall to MD5 attacks.  I'd suggest
waiting at least a couple of weeks for the smoke to clear before acting.

We do know that the RADIUS Authenticator has long been considered inferior
to HMAC-MD5, and the recent issues may seal its fate.  It's therefore
prudent to consider how to react when, or before, the authenticator is
broken.  Certainly boxes that have sufficient cpu and codespace can use
IPsec, as has already been suggested.  What, if anything, to do for/with
boxes that cannot run IPsec is an open question.

-- 
Barney Wolff         http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>