[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-funk-radiusext-shared-secret-amp-01.txt



Forwarded from Clint Chaplin...

---------- Forwarded message ----------
Date: Tue, 31 Aug 2004 19:47:20 -0700
From: Clint Chaplin <cchaplin@symbol.com>
To: aboba@internaut.com, radiusext@ops.ietf.org
Subject: Re: I-D ACTION:draft-funk-radiusext-shared-secret-amp-01.txt

Bernard: due to a snafu here at Symbol, the radiusext email list is silently rejecting my posts to it; however, I can still receive the emails from it.  Could you please forward this to the list for me?  Thanks!

I still disagree with the use of the term "entropy" within this I-D.  As a simplistic way of looking at this, let's say that the input to this algorithm can only take on two distinct values, and also the salt can only take on two distinct values (these values may be expressed using many bits, but that won't change the argument).  Since the salt and the input can only have two distinct values, the entropy of each is only 1, and the two combined can only take on four distinct values, and thus have an entropy of 2.  Putting these four distinct valuse through the amplification process will still only yield an output with four distinct values (although these output values may also be expressed using many bits).  No matter how many times the algorithm is applied, the output will still only have a max of four distinct values, and a max entropy of 2.  Hashing never adds true entropy, and if a collision occurs, can reduce entropy.

Yes, the term "effective entropy" can be used, but that just confuses the issue, I feel.  Plus, there are still places in the draft where "effective entropy" should be used for consistancy sake, and it is not.

For instance, in the abstract, the phrase "A dictionary attack against the resulting shared secret will be infeasible due to its high entropy." should state "A dictionary attack against the resulting shared secret will be infeasible due to its high effective entropy."

In the introduction, the phrase "A dictionary attack against the resulting shared secret will be infeasible due to its high entropy." should be "A dictionary attack against the resulting shared secret will be infeasible due to its high effective entropy."

And so on.

Clint (JOATMON) Chaplin
Wireless Security Advisor
Wireless Standards Lead

>>> <Internet-Drafts@ietf.org> 8/27/04 12:42:15 >>>
A New Internet-Draft is available from the on-line Internet-Drafts directories.


	Title		: RADIUS Shared Secret Security Amplification
	Author(s)	: P. Funk
	Filename	: draft-funk-radiusext-shared-secret-amp-01.txt
	Pages		: 10
	Date		: 2004-8-27

This draft describes how a mechanism defined in [PKCS-5] can be used
   to amplify the security of a RADIUS shared secret; namely, that a
   precursor secret is hashed many times to produce an amplified shared
   secret for use in RADIUS.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-funk-radiusext-shared-secret-amp-01.txt

To remove yourself from the I-D Announcement list, send a message to
i-d-announce-request@ietf.org with the word unsubscribe in the body of the message.
You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce
to change your subscription settings.


Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-funk-radiusext-shared-secret-amp-01.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt


Internet-Drafts can also be obtained by e-mail.

Send a message to:
	mailserv@ietf.org.
In the body type:
	"FILE /internet-drafts/draft-funk-radiusext-shared-secret-amp-01.txt".

NOTE:	The mail server at ietf.org can return the document in
	MIME-encoded form by using the "mpack" utility.  To use this
	feature, insert the command "ENCODING mime" before the "FILE"
	command.  To decode the response(s), you will need "munpack" or
	a MIME-compliant mail reader.  Different MIME-compliant mail readers
	exhibit different behavior, especially when dealing with
	"multipart" MIME messages (i.e. documents which have been split
	up into multiple messages), so check your local documentation on
	how to manipulate these messages.


Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.


________________________________________________________________________
This email has been scanned for computer viruses.

________________________________________________________________________
This email has been scanned for computer viruses.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>