[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: I-D ACTION:draft-funk-radiusext-shared-secret-amp-01.txt
owner-radiusext@ops.ietf.org wrote:
> Clint,
>
> I don't disagree. I'll even add to your point by saying that
> it makes no sense to talk about the entropy of a single
> password. Entropy applies to populations; the entropy of a
> single item is 0. So you can't properly say that the password
> "swordfish" has entropy of 20 bits. You could say that within
> the collection of passwords actually used, "swordfish" is
> used one in a million times, and therefore has probability of
> 2 ^ -20. But the collection itself may have very low entropy;
> for example, if the only other password ever used is "tuna",
> and it gets used 999,999 out of a million times. So the
> probability of a password is not directly related to the
> difficulty of attack -- in the case just described, you only have to
> try 2 passwords.
>
> In addition, the entropy of a collection is only indirectly
> related to the difficulty of attack, which can only be
> defined as the probability spectrum of success against number
> of tries. For example, a population in which "swordfish" is
> used 50% of the time, but a billion other passwords are
> equiprobable the other 50% of the time, has entropy of about
> 15 bits, but an attack will succeed in one try 50% of the time.
>
> So talking about entropy in this context necessarily involves
> a kind of shorthand. I'm not entirely sure how to talk about
> it with clarity and mathematical precision at the same time.
> The dodge that I took was to define "effective entropy", and
> I really should use that term consistently, as you point out.
> If you have a suggestion for how to use comprehensible
> language to discuss these matters, let me know.
>
[Joe] It might be better to talk in terms of computational cost.
> Paul
>
> At 05:25 PM 9/1/2004 -0700, Clint Chaplin wrote:
>> I guess part of my problem is that the term "entropy" is being used
>> here in two different incompatible but related senses, sort of like
>> "pounds force" and "pounds mass". Entropy in the cryptographic sense
>> is the measure of the possible values an item may take on, and is
>> measured in bits. Entropy in the thermodynamic sense is the measure
>> of the disorder in a system.
>>
>> Talking about "effective entropy" is a little bit like talking about
>> "effective pounds mass" under acceleration, which makes my teeth
>> itch.
>>
>> Clint (JOATMON) Chaplin
>> Wireless Security Advisor
>> Wireless Standards Lead
>>
>>>>> Bernard Aboba <aboba@internaut.com> 8/31/04 21:34:35 >>>
>> Forwarded from Clint Chaplin...
>>
>> ---------- Forwarded message ----------
>> Date: Tue, 31 Aug 2004 19:47:20 -0700
>> From: Clint Chaplin <cchaplin@symbol.com>
>> To: aboba@internaut.com, radiusext@ops.ietf.org
>> Subject: Re: I-D ACTION:draft-funk-radiusext-shared-secret-amp-01.txt
>>
>> Bernard: due to a snafu here at Symbol, the radiusext email list is
>> silently rejecting my posts to it; however, I can still receive the
>> emails from it. Could you please forward this to the list for me?
>> Thanks!
>>
>> I still disagree with the use of the term "entropy" within this I-D.
>> As a simplistic way of looking at this, let's say that the input to
>> this algorithm can only take on two distinct values, and also the
>> salt can only take on two distinct values (these values may be
>> expressed using many bits, but that won't change the argument).
>> Since the salt and the input can only have two distinct values, the
>> entropy of each is only 1, and the two combined can only take on
>> four distinct values, and thus have an entropy of 2. Putting these
>> four distinct valuse through the amplification process will still
>> only yield an output with four distinct values (although these
>> output values may also be expressed using many bits). No matter how
>> many times the algorithm is applied, the output will still only have
>> a max of four distinct values, and a max entropy of 2. Hashing
>> never adds true entropy, and if a collision occurs, can reduce
>> entropy.
>>
>> Yes, the term "effective entropy" can be used, but that just confuses
>> the issue, I feel. Plus, there are still places in the draft where
>> "effective entropy" should be used for consistancy sake, and it is
>> not.
>>
>> For instance, in the abstract, the phrase "A dictionary attack
>> against the resulting shared secret will be infeasible due to its
>> high entropy." should state "A dictionary attack against the
>> resulting shared secret will be infeasible due to its high effective
>> entropy."
>>
>> In the introduction, the phrase "A dictionary attack against the
>> resulting shared secret will be infeasible due to its high entropy."
>> should be "A dictionary attack against the resulting shared secret
>> will be infeasible due to its high effective entropy."
>>
>> And so on.
>>
>> Clint (JOATMON) Chaplin
>> Wireless Security Advisor
>> Wireless Standards Lead
>>
>>>>> <Internet-Drafts@ietf.org> 8/27/04 12:42:15 >>>
>> A New Internet-Draft is available from the on-line Internet-Drafts
>> directories.
>>
>>
>> Title : RADIUS Shared Secret Security Amplification
>> Author(s) : P. Funk
>> Filename :
> draft-funk-radiusext-shared-secret-amp-01.txt
>> Pages : 10
>> Date : 2004-8-27
>>
>> This draft describes how a mechanism defined in [PKCS-5] can be used
>> to amplify the security of a RADIUS shared secret; namely, that a
>> precursor secret is hashed many times to produce an amplified
>> shared secret for use in RADIUS.
>>
>> A URL for this Internet-Draft is:
>> http://www.ietf.org/internet-drafts/draft-funk-radiusext-shar
>> ed-secret- amp-01.txt
>>
>>
>> To remove yourself from the I-D Announcement list, send a message to
>> i-d-announce-request@ietf.org with the word unsubscribe in the body
>> of the message. You can also visit
>> https://www1.ietf.org/mailman/listinfo/I-D-announce
>>
>> to change your subscription settings.
>>
>>
>> Internet-Drafts are also available by anonymous FTP. Login with the
>> username "anonymous" and a password of your e-mail address. After
>> logging in, type "cd internet-drafts" and then
>> "get draft-funk-radiusext-shared-secret-amp-01.txt".
>>
>> A list of Internet-Drafts directories can be found in
>> http://www.ietf.org/shadow.html or
>> ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>>
>>
>> Internet-Drafts can also be obtained by e-mail.
>>
>> Send a message to:
>> mailserv@ietf.org.
>> In the body type:
>> "FILE
>> /internet-drafts/draft-funk-radiusext-shared-secret-amp-01.txt".
>>
>> NOTE: The mail server at ietf.org can return the document in
>> MIME-encoded form by using the "mpack" utility. To use this
>> feature, insert the command "ENCODING mime" before the "FILE"
>> command. To decode the response(s), you will need "munpack"
>> or a MIME-compliant mail reader. Different MIME-compliant
>> mail readers exhibit different behavior, especially when
>> dealing with "multipart" MIME messages (i.e. documents which
>> have been split up into multiple messages), so check your
>> local documentation on how to manipulate these messages.
>>
>>
>> Below is the data which will enable a MIME compliant mail reader
>> implementation to automatically retrieve the ASCII version of the
>> Internet-Draft.
>>
>>
>> _____________________________________________________________
>> __________ _ This email has been scanned for computer viruses.
>>
>> _____________________________________________________________
>> __________ _ This email has been scanned for computer viruses.
>>
>> --
>> to unsubscribe send a message to radiusext-request@ops.ietf.org with
>> the word 'unsubscribe' in a single line as the message text body.
>> archive: <http://psg.com/lists/radiusext/>
>>
>> _____________________________________________________________
>> __________ _ This email has been scanned for computer viruses.
>>
>> --
>> to unsubscribe send a message to radiusext-request@ops.ietf.org with
>> the word 'unsubscribe' in a single line as the message text body.
>> archive: <http://psg.com/lists/radiusext/>
>
> Paul Funk
> Funk Software, Inc.
> 617 497-6339
> paul@funk.com
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>