[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Sterman Issue 7] Message Authenticator: Options

To: "'jari.arkko@piuha.net'" <jari.arkko@piuha.net>, Avi Lior <avi@bridgewatersystems.com>
Subject: RE: [Sterman Issue 7] Message Authenticator: Options
From: Avi Lior <avi@bridgewatersystems.com>
Date: Mon, 22 Nov 2004 17:14:56 -0500
Cc: radiusext@ops.ietf.org

Hi Jarri,

> -----Original Message-----
> From: Jari Arkko [mailto:jari.arkko@piuha.net] 
> Sent: Monday, November 22, 2004 4:44 PM
> To: Avi Lior
> Cc: radiusext@ops.ietf.org
> Subject: Re: [Sterman Issue 7] Message Authenticator: Options
> 
> 
> Hi Avi,
> 
> I may be missing some background here. [Ok, I confess I have 
> not read all the e-mails in my Inbox :-) ]
> 
> Why is this problem specific to RADIUS Digest draft? I 
> realize that it will have to reference the use of 
> Message-Authenticator. But so do other RADIUS specs. If the 
> use of MD5 is an issue, it would seem to be simpler that the 
> IETF would just do it once and for all in all of RADIUS. 
> Alternatively, start mandating IPsec.

This is a problem for RADIUS in general. The discussion started around the
use of message authenticator for the digest draft.

Mandating Ipsec. Hmmmmm Ipsec could be mandated but I don't see that it will
be used in RADIUS.   
 
> Also, should RADIUS Digest go through unmodified,
> standard RADIUS proxies? If so, how would they be aware of
> a new AVP that they need to process?

Yes that would be a problem.  They wouldn't be aware of it. So there is that
issue as well.

> Finally, if MD5 is bad, wouldn't that be a problem for
> most Digest usage, RADIUS or not, given that the only 
> algorithms supported now are MD5 and AKA? I guess I'm asking 
> what makes the Message-Authenticator usage of MD5 different 
> from other RADIUS usage of MD5 or Digest usage of MD5, both 
> of which have to be relied upon anyway? Or is the issue that 
> the MD5 usage in Message-Authenticator is particularly vulnerable?

It seems that everyone thinks MD5 is bad.

But note that in fact Message-Authenticator (is HMAC-MD5 based) and is *not*
vunerable  (as I understand it).

MD5 is vunerable in that we can easily create collisions.  But as Chiba
pointed out, 

"From what I understand, having an easy way to generate collisions does 
not mean that it will be easy to create valid RADIUS packets that result 
in the collision hash."

Not being a security expert, I would be interested to see analysis if it is
feasable to apply the MD5 attacks to RADIUS messages.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- RE: [Sterman Issue 7] Message Authenticator: Options
  - From: "Glen Zorn \(gwz\)" <gwz@cisco.com>

Prev by Date: Re: Progress on RADIUS Extension for Digest Authentication
Next by Date: RE: Progress on RADIUS Extension for Digest Authentication
Previous by thread: RE: [Sterman Issue 7] Message Authenticator: Options
Next by thread: RE: [Sterman Issue 7] Message Authenticator: Options
Index(es):
- Date
- Thread