[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Sterman Issue 7] Message Authenticator: Options
Hi Jarri,
> -----Original Message-----
> From: Jari Arkko [mailto:jari.arkko@piuha.net]
> Sent: Monday, November 22, 2004 4:44 PM
> To: Avi Lior
> Cc: radiusext@ops.ietf.org
> Subject: Re: [Sterman Issue 7] Message Authenticator: Options
>
>
> Hi Avi,
>
> I may be missing some background here. [Ok, I confess I have
> not read all the e-mails in my Inbox :-) ]
>
> Why is this problem specific to RADIUS Digest draft? I
> realize that it will have to reference the use of
> Message-Authenticator. But so do other RADIUS specs. If the
> use of MD5 is an issue, it would seem to be simpler that the
> IETF would just do it once and for all in all of RADIUS.
> Alternatively, start mandating IPsec.
This is a problem for RADIUS in general. The discussion started around the
use of message authenticator for the digest draft.
Mandating Ipsec. Hmmmmm Ipsec could be mandated but I don't see that it will
be used in RADIUS.
> Also, should RADIUS Digest go through unmodified,
> standard RADIUS proxies? If so, how would they be aware of
> a new AVP that they need to process?
Yes that would be a problem. They wouldn't be aware of it. So there is that
issue as well.
> Finally, if MD5 is bad, wouldn't that be a problem for
> most Digest usage, RADIUS or not, given that the only
> algorithms supported now are MD5 and AKA? I guess I'm asking
> what makes the Message-Authenticator usage of MD5 different
> from other RADIUS usage of MD5 or Digest usage of MD5, both
> of which have to be relied upon anyway? Or is the issue that
> the MD5 usage in Message-Authenticator is particularly vulnerable?
It seems that everyone thinks MD5 is bad.
But note that in fact Message-Authenticator (is HMAC-MD5 based) and is *not*
vunerable (as I understand it).
MD5 is vunerable in that we can easily create collisions. But as Chiba
pointed out,
"From what I understand, having an easy way to generate collisions does
not mean that it will be easy to create valid RADIUS packets that result
in the collision hash."
Not being a security expert, I would be interested to see analysis if it is
feasable to apply the MD5 attacks to RADIUS messages.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>